Malware Analysis Report

2024-11-16 15:46

Sample ID 240219-fey24aaa95
Target 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
SHA256 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2

Threat Level: Known bad

The file 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer settings

Modifies registry class

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 04:47

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 04:47

Reported

2024-02-19 04:52

Platform

win7-20231215-en

Max time kernel

55s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A0BAC61-CEE2-11EE-9B2E-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000007d4e0b32fb9fefb201988f66db130cdcb5a8f3b747a8f55c50d7146deb370dd000000000e80000000020000200000008024f36335ca08e0241d75e85e2486cf790aad913dd4221ebec6345a19faafab90000000eeae8d4b415b3573db48d0f8e1d7d4a6cb41700674544f61dd73511af5ed099bc989be9b45857c60801aca8c9e986f59fa81cde5c518cb2f2ecfe82ba2671dd32774e809e9beb775828964408d356bfdc3bef66095b35e8cb71e89e8f6c2b6aa16fcaa0fda9c59209464b93a2625daf6e7ce95a546ff4fb77176b8dd0096c65812645fde8596ad7f68e625bbaabd3f014000000071c61957e53f9fa8bf4f82135f68ecee429be431ac397355b022b75bc04b81bb8822e0461ae13261d86d374b0ebb4db8365545038017f0637a79e40355bdd9f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2100 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2192 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2192 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2192 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2192 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2892 wrote to memory of 2580 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2892 wrote to memory of 2580 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2892 wrote to memory of 2580 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2892 wrote to memory of 2580 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2100 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2100 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2100 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2100 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2100 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1752 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f69758,0x7fef5f69768,0x7fef5f69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5f69758,0x7fef5f69768,0x7fef5f69778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5f69758,0x7fef5f69768,0x7fef5f69778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.0.1980393846\909605965" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1132 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb3a822-0aef-4a4f-9e26-4b19605b4e8e} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 1332 10cd5958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.1.1814114231\1803827490" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aac303ac-11fe-4ca5-bea9-ea9f8e0710b2} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 1512 f1ef858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1304,i,8715629648077050510,8642292095411966116,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.2.1103781475\1771245976" -childID 1 -isForBrowser -prefsHandle 1784 -prefMapHandle 1780 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51fd8cbb-4a44-46c3-a0f9-8c08998a8503} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 2228 19b85b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1324,i,7623838730747872120,3515232640516469515,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1304,i,8715629648077050510,8642292095411966116,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1324,i,7623838730747872120,3515232640516469515,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2512 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2536 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.3.447823887\1490369586" -childID 2 -isForBrowser -prefsHandle 2664 -prefMapHandle 2660 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e1b5f0-3086-4bff-9582-757f839747b9} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 2676 1c409958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3344 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3768 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.6.1577105418\1520782413" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa4c5cfe-651a-4cb4-8e95-fb06832d5cbb} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3960 1e2b2d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.5.648509668\76758525" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaecdd4c-77d5-4d00-987b-49b9f10b1408} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3796 1e2b4b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.4.1570671374\1525592326" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a42af153-a1d7-4e43-be45-12fe3e0003ab} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3692 1fb8db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.7.1747398460\229824671" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb1111e-09df-4a62-9f4e-f76fe2248db3} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 4020 19c7b758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.8.1460295144\1626027651" -childID 7 -isForBrowser -prefsHandle 4328 -prefMapHandle 4332 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a223cc3f-b2a6-4688-b851-90c9fcd38166} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 4316 20b51258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4040 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.9.71041898\1771801190" -parentBuildID 20221007134813 -prefsHandle 4692 -prefMapHandle 4756 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5476102-edbe-4517-bcc4-fcc015085e2c} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 4760 14edfe58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.10.2073105285\1734845475" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4736 -prefMapHandle 4684 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e59cadaf-8de0-40c7-b526-a15461d541ff} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 4776 14edf558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.11.314103658\2003254208" -childID 8 -isForBrowser -prefsHandle 4980 -prefMapHandle 4996 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c40a4c50-c60a-4f97-9ffc-93ff797cd3b1} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 5020 1ab46d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1288,i,7425752366194321466,10280290147327973405,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50108 tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4flrnss.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4flrnss.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
N/A 127.0.0.1:50117 tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp

Files

memory/2100-0-0x0000000000760000-0x0000000000761000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A06C291-CEE2-11EE-9B2E-42DF7B237CB2}.dat

MD5 68d46658b9e3f5ba857c7ee996863156
SHA1 70fdc9738f9e1de2e42c1845a06f13a24a97ed94
SHA256 745a0cae5469416729bc224e07accccec41f3af7ac77a39691ca06a0eb36e6d0
SHA512 4b44ab366aa030701e4cc21f559cb448ad6b2dcc55251d388ae055fd3adf73398e431c6edd450e4eef65a99d0737f5f61212f9bb51f6732166f3e7a09e22c874

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A06E9A1-CEE2-11EE-9B2E-42DF7B237CB2}.dat

MD5 e846e0db5849a816450c46b9fa464ad8
SHA1 7067195c1cd1d5d9770a22ebd85c4a3b01fcd2aa
SHA256 48f36921c43762f0574bf104eb41457c6f8c581a735bdc0949416e436a42109e
SHA512 b05e87d265acd9326b4f4436ca9cb9e545bd5a9b4ca45708e1d4c2dd5def8305fa009f32da1bbe403342cd6adc15f9727f160794f25651859ff693d903c4d161

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A0B8551-CEE2-11EE-9B2E-42DF7B237CB2}.dat

MD5 40d4d486899c8401fe2c3ac1aaebb092
SHA1 caa769fe1f9715404cebf2da56bdb136ab79b980
SHA256 1f5fd7cddc17134e831779871761554c25a0b62d125b695f7457612618c7330c
SHA512 2d3be800856355241135b51338dec61b0617384bb95889d95359405c13688864d1314f4561acda67ca3618413a4a904ad01651a7dc5d2b58e08fdf47fb2c10f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 eac1314b18d3fab30fa03ac5825f44de
SHA1 d9f9f436954d9fe2f5363329f84124660cbff8d2
SHA256 ff1ad87596e6a4f5f77c522885a6a3d9e0a314bdcc9bd9a4f416a97b736dc0b0
SHA512 4a0c3ccd35218ff3697c4368f7e9287e2e2187c448a58c4a2ac4f48f7332337bfc0ebcfbe4fb4e069a9ec2e12938a2cdae917e75e081bd450e4ad4da8f357131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 234a8c81d31bc012e8d4275fad23ea7f
SHA1 edfcb55656b36ef5d56450a50a314a798745138d
SHA256 d4597f475ff08082249be11eafa7fab9094d5b0e211abfe93e243a2bd2490cd5
SHA512 77731a898ab479770c1626ea88f75b8e8a18e7f4122c1004b13e9b8ac429bc5ec182f3c963a7d4baeaf834907b7d2ee7306762d7f7b5c6520626b0f09b622e8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 aa05249a9767854512629ebf2edf16b1
SHA1 e3da56b36a027f3daa279c7b4495e6761b0f1b10
SHA256 64c87f343e06b43142670c2d9d4acae52ba72cde4ecfe2f01f134963dafd43ea
SHA512 762c8e883f99bbce9d6babb79ce2c5a539fd31b26f7a1563989bfeaca50e1946f945ad687b05cf15082910838d216a9e91be28b1ad562e31b9926bef9d3c025f

C:\Users\Admin\AppData\Local\Temp\Cab4412.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f46b7c4c57bc925d570a67ccc49eedf
SHA1 ca253bf9658b912f85c322b0f5dd899e698f5d2c
SHA256 3c9fcdf9f82a5d03a69997d0d3d7b16965e0a6257b67e4e2d1b331d27f17af88
SHA512 000cf5448fd4a4060d26078728173f4df9a582963c3339fa7de00b4fe78abaf3a4a4406871373d0037c66b6699e571dd23d9ec6ad00ffbeea807a47dbce74512

C:\Users\Admin\AppData\Local\Temp\Tar4451.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc746e216e30231ba87ddf2ca9390f2a
SHA1 1c2cefa818d3f848926c6f3361924085ede3dc1c
SHA256 4f801086723112ae393dac79875318bb50cb0523f9258b61fa8d79ea99e0aca1
SHA512 d926f480a9245f5fd776f545d42b5d4fa38cfc6faba7e40e1a7de21888e9d74db486beabf637509cb99ad492b90fc120cc783aa2d5562bee4ce65fb0a4948027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0710af3a447f35e468ae257b643cbe5d
SHA1 27eca0bdf91d9852214bab888010065c9853f1ec
SHA256 bb831165884f32b87f7cb2669e8d862ce149c6652a5c2829f7043b31b81afe5b
SHA512 254888f46a4ae8e0a4a7ad53ccf1909268bad5c016520771d1bd44e110bc609b476918ffe709ee61185abff0045fc9462071867a2e3335976f462dffebc27028

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 e5346edd1348b317078e53ddbb880012
SHA1 984007e7fe1a9581f0f3ae23942af64c1374a2a6
SHA256 e0ce9f89fd396a4018dd6c4a04574185144330cfca6c911d1610c349727cc7ab
SHA512 8294de56b33c74749b7a04919b18a5643e0f79b59ede6820e17cff6d05d4b6f8d5d9c155af2de3abf8623cdfb0018144fce0985ef1debd2ea7e128a555f47587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aef35fd71ab953cc779eab1739d8d347
SHA1 b5feb7d41aabf0728cdf339f84d4dcdb7c2a238c
SHA256 b47920f91c4afbd53babc1f97a939c1e94998216b2445cfc6581ecfd992e2adb
SHA512 b7ffc7d28a7809f42c0c2bc3ed8c62a20dab8a3be5a175be0c1b2143ba384a923fec7ebd19d6f33a8d82dbd9c2e4230154cf97e9d89ae088b6bacaa3de45d42f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 69d673c4661b25ec81cfcf299795e871
SHA1 65f16baaedb50d68c0524601531720a7fb273323
SHA256 ec46beda1de69962e05a920d67ce842abf7ebc64770bf67fe893946bdbe6690e
SHA512 eddf5db4c57eef9f0f30ce20f60c44f808bc36562d237d6e960e0633455ae4ef4e1725be763b3396117f686ba4a8af172e0c0fefd516bc5d060e39d02bab8f4f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y7Y2YKV3\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V5LVP4A8.txt

MD5 0101492157db60b5796c12868c9b87a5
SHA1 6a9059851bace93e0baabadb6cfdba007030b8aa
SHA256 43c45cc6a3d2e5edfa58367b9f1749da932f3e092f9e37078bd1ab12ccd2463e
SHA512 74730085aadb29bac8e739489bdfef09d47e4a9eef09d3be4ea03fa5a8da90b04cbb86440237ae1d58f97bff3d1adc78a1ee663b2fbcef1bb5ea5b57c969f689

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 b8a9e623c92dbfd0e840607b8133ec55
SHA1 6745cc17f1e0ff2bff5f7c5e9be4c1e4b99e66fc
SHA256 10d581d495ccbdec93509075df01ca9aad152552cc5cd90abe2350222999b206
SHA512 8ad796e528694c3dafc457ac244c11a20120a117a338773357518a45374499b7a02f3244ad0c4eb9b4f86dfb55fa5277c3333afd87160cf925e3f5b19dfefaae

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 23f56f1c295919777da361a11bd4712b
SHA1 e7b827e32d53e5a2d950d4d6af5054e38aa0275c
SHA256 fab7b430c47b8bbd9e44477d5a32bf320fa3dbec11d2f4d50d641cac0a6b262f
SHA512 022f619b628611c442ca3c7a2f44c15d17a0662b998bcd679ef98f6f8a1ac36b77efaa210d9adc1fcf0600728e5a5e5cc3231260427ffc35d7f38d74472c8f3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 a1eb2767326b228f438cb951386b2107
SHA1 eba7e90b5e461d458b9f8f88e69e68e1fcee58e4
SHA256 2a4e3af227acc4b7536678b55b9c8b32b11aefdf51fb4b3cd787c7cec78aa8f9
SHA512 34e15b93d22bfa1ae5219396fcec955bc52e86eb7d0b3072c3832fea26dd325d94a508cfd6cf42c4cb3b4666dd498b05419e858999aae6b47b681342a77db962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e49384b67e34d94d71b842eb66bbfccb
SHA1 061d2e4c4d505db55a55b179df1aa61839ca5fa1
SHA256 a0164aaf8a473ff566126354f10dc63b11196a3163cbcc6f05e4868d69d9269f
SHA512 eedee6fbd9fa6105295943d08daa2dd071bebc48e5e7c7723b0ed07d9d3c372288c18e0e185462b10a165eaf000f76d59d5f512ed3b85cfbf781052684cd5d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec5ee2221e40a4d032c5bc4b3276c10d
SHA1 9b314c57bf7448a960b747fbe34c7564eb3f4545
SHA256 d1df3a0ac90a3bc46e8f687ab1de6128301c36c12bcade097c0834ee0686416d
SHA512 f2a876d8acd3c0cbbdaefee76f9911816a86eba01f81060ed7e4446885501f1f46782db6a802d1f39a9f39d714dec97eeb4b9016dfc26ec083333d7f3342cf06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eccc0c6141b29b0b26e3e650c47dfd02
SHA1 b387939c7bcc4b65daee791d1af9fe5e99b03204
SHA256 600715cec5cc1d2f368599dd1da560dbbe1dea751e86610a5a6785e812e51fb8
SHA512 86ccf648f8e893748ace482b584f274214dfd691f4999ed44268a74e680fbdf3050d66366372be6d50b12ad648224648107a6a5b5fce7c2822bb9dc822ca5339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903d3719b75db5807c21f76cf3a97d2c
SHA1 729bc80518a2af070c1a87f31b42bba4f158113e
SHA256 a0e29e583665d1c3605ee7b5d2312b8fe687ab37300f7085e6b58e5c62ac5caf
SHA512 9810e95097172f355091eee4abce445efa1d07b33ee7dc8591a0aec5ce3a37698427d5aaaf5df721a036a518eb880ef0433dec33fef25dd32aa60186e6b45bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 106df1b7711a3f52a39e84b355b21aa8
SHA1 f0c2e7fe6c0bad956b9d9b4571c99e82d986fad4
SHA256 baddb7edf3eefc6cbe2e5c7f8e3938d6cee8ba2b15abeaad31c04f8092b82d14
SHA512 6c305ae3e8c6d62d3a9770b28a1ed12e8ee478aa19888331cfd8dcd078433f41621ad0e76217525ad000bc3b82341fe7726ae575494505340d4aa6fb5f27440f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87068c2c92e22cc9f334274a773b77a8
SHA1 e5b4c2d87c5d3c01f86d4e587d7c80bb54599cbe
SHA256 9c670809052436bde6f232b5d7967381248630771c1f8d18347ed4b66a630831
SHA512 3404794e7b7c3567ba6261c78ab1cc34f792a0ae0fca57f9934b1c72b0f4d1c6d8b27e28364ee21add05bff2a5e73b83fb331e5485db1462229bef1920eef87e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aecf4437cf6c22360e64e01ce52d920
SHA1 4bc383afd4d87bdaceb2a79cc56ef651cfeb2f0c
SHA256 d60fec65295d924fa8ea9ce9c35ca2afbf784ea8bfee6395dd93a6bd88d25f3b
SHA512 d76b5c38839f49af4508244e4ae70bc8ce2502d58e7bf43049612874f9b0d328a6470bb29483ad041150ef425204aa532daa1b4fe8f6ce31287967bc987cba4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fdce4868e7d59c7020ee44404877c5d
SHA1 cafed59c58d3b9e356bb7497d5104701c74b9780
SHA256 6b28c5a71b81e410dfddfa41f1abe3648338e3eb81e70338206de158427ce5c9
SHA512 d33ea5e25522a3dd6d9cbab271080f0305d1aebde6fa8be4710c485f7ff91b13b847bf5dd3b3ae856573fc0badc0421e2cb434d5215c52f1d5d9747b069dca4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bb11517325c4351a9d2712f5f9b8064
SHA1 d93ee6fea316ef7135baf66434143f4358abfee1
SHA256 f9c9453e5d2fdcfad7712a7634f141637456367ea87cf074a401418dd1520259
SHA512 f3ce52e60547891c944197f5b2cf97a882d26f7558e3812622c25ace6b8a0c99021199ed51df66a18234a63d94bbf28e0b92c2643e5ac480276878d04ed9530d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaaf5cd1e9c57da76addff5bdc3c5944
SHA1 5c2c8cad403e1c959c0d39b139f2f6221d9675ee
SHA256 2ac5f5275c4c8e9754f88eb612b54aed738398274ac4e8050d5a90566e8a7837
SHA512 0036030aa82a4baa019a2c1e85db12e368e7075c1b868596c79ba94a9e6724275044bdb4da7ab1a43d6cc0c9a3f406fede41040c72d61eb894bc9ec9f4a59541

memory/2100-814-0x0000000000760000-0x0000000000761000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6992aa2d747756123be1c5b182f9ddec
SHA1 ca793310391afb6484938a731839ef59a13ded93
SHA256 89563071fb7bb4205206469f561504c6b36e764dd658eaaf8d02c0901d7dee26
SHA512 022312f898dbc857d3d9bcfec3b8661e61e46bce311ea4b885b30527c05b739fdc1b3c0a0bab6f6fc0b0d972f1dc03a7ed1027b7bf649bc6b46d7a73ccd4e864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2496_QCQOYHHVLPPASEIP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\88a0f104-067b-4109-9e5a-33f5a8092f88.tmp

MD5 8fa21b3bcbbe6c261d9c6ea5abac3fa9
SHA1 e43d00cb0eff14bd20da34ff61ce90447100663d
SHA256 83955315f843251aac4c84207f4e3fe87a06f338b55f3b44113ff068011ffa68
SHA512 0885917872c72b7bb385b261b7c792e75876444bb1ec7b5cefde5b689a05e54b7640a306a76806d85ec6a6ec0de3995967b08d8168fb58b5a0c06eab1cadc2f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\e2630a92-95df-4379-84cf-7d5a68be87f7

MD5 d194133fc23c8291ec332d20acb46122
SHA1 b81c24daddec5c990eb76ae12227f482dfcc8622
SHA256 9830a137e86f490ae45785051ba010ae4ab082fbb5c83e7a2ae700c5fc5a43df
SHA512 9d8ab4543d249213cf205dda20e794264d3bb40ee9cfb306acd2b7ffcfc2122c4a78c08d5ee97959c8410790d0dc7ef5a5582f2bd5c2603ecfbfc21853380a5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\a1a5450e-4265-4c28-82da-64f46b119072

MD5 1cbe6de464f438120a275552c349946f
SHA1 8074115236ffbca22f558c9c1fe724e727ca6e19
SHA256 9632a56eeff8a6921040e8029e0a828ca980a205d724d16449212b8d80e8a7cc
SHA512 e0a421a67cf8466c622e49f6d4e880f2674bd837cab51fba24efdcf7deb55111507492db8bd62e2a7def85783ed6d61b75cec5caa0341905a03cf0517ea06222

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin

MD5 5252130af5c449a6da8a198dea85b6b5
SHA1 dae336f9692d53d9253e72a8bb68fdd4b609a905
SHA256 2dc7a7d9c4566dec4e48b720eab86966930b89f18b3284eaa2f54c65683ce7f0
SHA512 9e10123d3c236ce8d245f653fcc0234d2724830d248057364213805a9cfb6379e97569d090f94959ef3d32a2d5321be54943e5497cee02b535cd51bcc489401a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 820a4e417cd17c87786c99844f7bdded
SHA1 154549872cf1b8f6da2ac193804ed3630c030ebd
SHA256 2cc77c427caa444b127c323c860e9e32c6469d998772fe63ae0987404339e7fe
SHA512 91c442f610ca0c2b334b4845a5a8f3b42eb2c378e3239b96e44db6d62a9cbe9d28f5cee71d3207fa2000a59a0b3cae43b8a8aa9e01cb2e7751a1ef31503e38d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 42f055e712706af8dd847fff2b3bbf18
SHA1 84e83a77045fc0fd81138f163bf1b0ff42aa6883
SHA256 4a45b38b72e421ea1cdb8b03aad202323b4fa5a448b16328d81323cc5ea894d5
SHA512 f92334fa28176a26afbc920e7262e3921f304ba014e76e88e8663645c7fa7cf2136050a1a1f0527f3181a63d289ba447de5553afe891d38b659d74f9582d524a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 34d7863aa2f9d83e4131e339ece62bc4
SHA1 f85b5a2d0ebe2c4d031ab0fb4a8813eeaffcd655
SHA256 07ddcf8b4afbff61859425604ae0ea25271eb514cdcec878c785a51115461980
SHA512 86f234d2bb7d1263824bebd7387143fe61b1a52b073b4c5bfe473ae4802b806c85dec8a0580723b79e46427b995ae440014d2764a7122a5b2e077bbea6c722e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 2bb163291d180858f6e5a033e17b51f7
SHA1 920a82eeebe4060d8d0e1d128f21fa8949a76a11
SHA256 d34746f42a10f4b2483d7e97868e729ca95c607a6808968b8fbc988b45588fbe
SHA512 a0861f5192533ab724c80f01dd48c04a34e9fd03f97477c7b0753a43b7a04ea037e5d9f5eb0628273912fa873f6e97ee29949b8a604faf65c9b0c2ab4693ca78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 ef7af81478c057d60cb6634b4951a5ba
SHA1 9455bf45b5e6192b1d61cad4086c4f809e1f80af
SHA256 04e922f39f80e33e3ab20420216b458675b66f24f904ea1fed1416ed82f0fe43
SHA512 0d647b0d67542902f1b9e79eecd8171694d2e4843f85a3c2fb217d54ab1258516cc7d032bdafdad1abe17ddd11688a119359cc28a27619187eaeefeb146f8b9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 e9d7b2a03f8d76cf0ddb28b0bb250961
SHA1 0006dad7eb23e81914bffad1697dd39e095b1dfd
SHA256 1c5db54675a909bf8f8d53c918db11e08b91f47d6099693a428a120f4b4795e6
SHA512 63d94cf45d507de87b879dd2cb61f3b5bf4337c4eab25ef0ec757f1c6b95d32553002ef8dbb713c8f76a448a15270549cc5a1a9826d5d69d50b749f6614e3dd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 dd0e7a365e693c451036b8cbd84d6351
SHA1 2881d46eb9175b41aa73038a95bfd09e274d1b65
SHA256 d97d69b4b62609977dac8c6d648af27ce3dfe5acf67b1d6c3e591312e6ec33e7
SHA512 bc85fe30e03470bcf94afd12195f7e3c134de8a5a829005ed065878863cccdc0c0de7fe3e07976ec23850bf957cf564503aced31d32794dc3666eaa3bda00cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 e1170b00ae6afbd92c448a5f633ff58f
SHA1 1a1818576026f132e9fd622cac3728f4394e6a00
SHA256 8309d69543e5b1d39df0c28dff65f2d44b4be82e42166646ffc75101f4f955b8
SHA512 fa62596f9b831c41376139fa85d3ffc3c933e9734ce9d1b4e8d85fe5b2996c0c5706ab5ea3eba2c0967e9d66485605337e87475aae793134d96aaecf117d5dc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d9b106049a5f29d576e306a26af4e7f0
SHA1 e2725ace830e2c2e3a789efbc172a1fc6e74c157
SHA256 7e8a6b6c59f95fe23a0d012833a287ff170ed8cc6f4e8f0a312f50af2c7bf35a
SHA512 8b369a49b962423edc8db2d6b9ad111ff4f043fdf87e60eb1fd7ef6c1cabef0198a6480d17b55c09a3f2c72a2febeacb03db92688b744d752325311b8fa48e51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 66eed63a88cf83342bac20e46b3e7146
SHA1 2e6bfbf62eedffb06109ddf4eea9b378e150e8cf
SHA256 80adf2e84e7184446e91d18347b1d34a7b3cb7c9052d185562be04dcdda092ec
SHA512 92fe18cf4d070e16207d81ae3c28500558504969c31a247cda5118ccab599520d34ec67a5b69697c8ae2d201f1303089c44c507c85200939c98dcfc48713daa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 3866558a4b792a7870288bf794865b51
SHA1 bd82541e22ef7e40455a846e7253d718241e9326
SHA256 f05d0b793038f55ef70895f2e953d9a7a0fee555640fb5fba9034d9180743de2
SHA512 bab5744d2dc0babe5246478f3e224c748cc990cb4f82e364ba76b928c9264df69ad29a8fe6e9d1bf44ee8b4c7a3f9a1e748c17ab14d80186ea42503b1fff6d2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 fea4d276defa7d4eee46eaec0114265e
SHA1 e9907912be474d4019a245b371bd7b7faddbbeed
SHA256 38b444809f1f07c68d0b6c4c711830408a1d1436c33bb9210d2912b3861a5b32
SHA512 0651fdc97ddf7d810a9603e79d49dae7b19c49c61fe09c8f3dbb6562d964b1fbfcc28d2c988a7e1f7f7eeaa1b964f65fe4e6b2a40089c036a26f532e6b210c91

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 0dd430df08a6d197142479da174759bd
SHA1 2d29dfec828082507e620e8b18f984358e5eeb2b
SHA256 1172bdd8ac68ddd6faea435811bcf024298bec0ad49b0413c3326271d84bf8a4
SHA512 c8edec557d19f0d1cb07a1bcaf8fb7941dba33c2ca8c910cf36d12852fee86ed137be1c5d91b10124ac1abfeba62238cfe4bde1e62bf3b283355087b581d87cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 7cca5ec0199789710dbd6139af73b198
SHA1 1cf7c7673f375361b086e4ad4f2600dae73e0c22
SHA256 455fd616c61680da2252cf4eeee4f513602927bc9da46f8992aca36aac873846
SHA512 caf82635433a412c6605ebf7a7c4fc6366cf832c4134a8e76407b29efe37f93a4283546613d922f8851c4e12a565a2745059262eb1dbc5f716537d10f28d3ca3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 0abe79d45f297e50ec2e6b96d226771d
SHA1 f7646f107e4c56b338d94ec03122eb3a65339fa2
SHA256 8c5673f6990cac9ba71b10c8dc4d0c5bcc449d130f1ac8bc32062a872ab87b4d
SHA512 c2079364024bc085264f09effaed9646c646b9c0a9ffea92656e928a0c7735c7b29cbf57cf606a03ed31ba4851f9b4b70f09ad4782bd3dcaebe8fecc9fca1a43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 bf5e947eba01f30ad1565569fb91353a
SHA1 d6860243581fbcb4c7c1a2e0724e693ddd35ec97
SHA256 4101e43ab979f518e990d6238372d596570696a11beecef414bc84a468fce28a
SHA512 ff76b8d31b4902a886e5c92befca5746cf95b3dd1afa4679ff1181a777f2943376eb968d12fe45c2b2cc3895fac0ba4bb26471563207a79eec12580615129e1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\73\{f0ddd596-9306-4aee-b7cc-389719baf949}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\idb\2153562596yCt7-%iCt7-%rdeas7p0o.sqlite

MD5 ccf61150fde34f5249c44bc7f5dadf05
SHA1 fe39a3aac7a7f6ca60b365d40cd65f9cbce6664f
SHA256 5a6ac95569eb761181975271f421e534949847b368a5b23a2a40d76ccecafbff
SHA512 75ca3c5f9a4ae7b13178fcaffc0f6039d5a70adb3eca4c14d3d669614e99217e38c6eb80bf0f71b5abcc86e5570be7dd5962f726b6ac239a5977222ff998a603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e1a8.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 97669f97aaffc58866d593d34e3f6c9d
SHA1 1e0e807f9f4275cf75dd5116138887feab03f093
SHA256 c194b9b716f5ff9e620f1277e34d434fc10a8d87fcd9d80d7c8ef1606735cf56
SHA512 607622690c8b9e9b348b5441e1a75f54e3a300c8c664e97ca1bad066225d372f08ec8fccb9c52757e189d37b7c6e2212c8095d2a90f4daa2df0152fc82890d06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 724803b8ec737a6e1f09a2c689a6cbbb
SHA1 8ee45be049546676c2e4e94b70e312e8b021f298
SHA256 f44351f7aada3d6cf3ca0f3147572706fdde38b06de72fea484febe5fff55074
SHA512 e7b5bd5aba299a36c18e4debac6de66ec256d0060dd2a853402a73d9f1e5db773153cd4df5dbe0c6834a5ad7718435e840b3e1674d9374f364c8583025f9c1a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd864490c253d01b1db55f330831b84e
SHA1 ca9203dfcea51ed63d892ee36cf63f8279cc84f2
SHA256 bced44c486470a411263fa6ab385bc41f0fcc04427aa00f1561b4f00ae8aa2e3
SHA512 eacea4a069695ef100458d390541135d4e4b847c58971b52be11379ad3af1abd696b6d60cdc16e32c1acc3662909137cff4d6d3ccde5a8bdfb09ee3c24a25813

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 8164c6368596af80e4f6911ec750cddc
SHA1 961478c94bd4ec7217edac37054d8a3ec18bfc0a
SHA256 ea15e8544dfe987294da652294d0631ec5f4d04bb98ddf29d339a8c0c1e91f95
SHA512 061c773839238e80c19892b18855b2f4a7b563fc9d8cb7b1f2265ad23829110a1e4fd3fab2de6e979b83bc1427ee4694b9c7a15fc5eca445e4724a7b63b86605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\07c504dc-d9a8-420f-8936-32a086bb0cf2.tmp

MD5 2e636f7c2a61feff9ef163cd83349da0
SHA1 c53fa5fafbf94e1242ffb99ca67f2305b71673e3
SHA256 fd54c7bc6e981cba64ae707e36313ebbbdd7d14162d9f4ad546b1767ab42854c
SHA512 22784ac86a6e8f2cff3027d3d0e923e94553effd6cca7e9f310a2c1ddfbaa21a6b7286b4caf0699f4ded3cf23db817ecad0bfd6c41d7ea69fcad44cf7a7f3c37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c41135be52376a05532a258cb3f349f1
SHA1 4c128c0df2d934e3cc601b13ef29d440ac4cef13
SHA256 f6880ca0c065908274da41a97b92d20d2f2e3817d70268986e809e39e0874bfa
SHA512 a897d006d03a8f958744715a6792930515aa1d97a9442a4b4617183f6dd4a4587ac18110ee558966924791cc12dc600d75e1d0eb7b884a8e8c1085b3c6933915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 958bb311b6acc73c8cb358d4f3907eee
SHA1 acabc1dc000f706b7f1c5ea41332b718cea00194
SHA256 47d8a1172bf9995fe2b536e915110ef97e4b537fbaa9db031987e9ddc942a565
SHA512 0252b0b842fd9f2cc56a80e95d03a11f7b2d50e13705c8884f36509f20a7accac34cc71b388de4a55d26092a98456a8417147420374b4fa64a493d63c3d432e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2441539c80baa8c344d1c7f935023af7
SHA1 c92f35cd39644b5628186e97b8030ea5f25c9b1d
SHA256 6310edf07db8c3dcf693c52a202f8ac9231f1b75b7c0aa01b0d662c0a91d2fa3
SHA512 1488b5bf2bd32675d535342c4bd2f9533a030bd6bb798a04718182f0ae2c3f57f33b0b5f69569142aaa54e35d0cd08fbb18a1aba2b67fbf161b10d2a8a1d1d04

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d539549f5afed58d8224c74e477e014a
SHA1 c8302729f424a39a50c2b4a3d5b97d9492241800
SHA256 fbd9900335b3328c8ffbe5302ab34c8137a9fb08e6a459ab185082c6cf377370
SHA512 fbd36c777e5fea5f4af0de728da290ff9909eb89eab8d233c28120bde331da93b9e947cbe3392880e9905ec1f26197b340c6cc9d67530959938c18a20c815949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afee357ee8d9b8a1d3460a7576daef0d
SHA1 cd4f216dcf2065b025ca106cd7b03604f271aff2
SHA256 fa6ba475299b13beef988df91b5457c59cd106d8cb4797961022731ebdd610d5
SHA512 bda628f2605f32cbfc670899b74cd13c63c86525af4835455c247f508b4790e2fb23f25e1be100273b50d8e2eb8487160bdd5f730860a41d344714f9efb90562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3115b8dd51c1525c3c8a0de114f10513
SHA1 4df56ac2520ca38749d52daeca31ea17e63b4caf
SHA256 2458bc6dbf7479834ad073756a354bc4b258cd2dc06595872e17f77129503609
SHA512 c40776312e5edae163637b093e9f38222c9f0026f479e72c93f4877ae7e238d7ba2f9606a3b90e8bf384080e2edab1edb8d51f246a753bb1109a3261838b542f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02ffa1dd7a3ecc15dcbbe76b8ae5a313
SHA1 8de10e72c18aa5ae77d6b2691b191c81f7bb3b8c
SHA256 2fe6018d08d5c87f31c8b520ae4df6a11d02c8934646737b7452572356511c55
SHA512 2f50265e55ea900f1e1e4896679137aa5ea486af2c62747d6ed6c31347b618eec6272435aa8a9f1de60865a1adebf6217cb310ba8091175fe4bd8cefca240ebb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c19c0f464e5d45f8d25f0a1e99e0d501
SHA1 bb7f0bc8cbfbd9cbeca30cd08032d2d286d175fa
SHA256 25bd7e6cc7ebb8f0da7ee9c078c6580fd4bd0a67e7ad4cdafe7849a4636a9c20
SHA512 cc5cf08a95d01cf91b2e30e241be15b8a6e8b26892a6b498ac37b9936fd0455878204738a2622702e651ece42f3d807876772c5366a469672c84a9748d109839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cca5e0dc8c3776b7ec2ce5be73221e0d
SHA1 56a924e3210eec4834ebe670de6bd828a7ee83d3
SHA256 cc54da923e8bb2cdd7fc6a113ed69e6aaeb0540fd2a5032f5f339030f3c55d0b
SHA512 5c98d26544d58ab5c781dc4877eceb8fdaa46dbf44c2bdebfbf44bad4320b58ee3918336ded3265d87e0b73a16c434ce509ca06ba2e383dbb77d783587b020ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b124cd2f36f901f25153cc0ceb6cc349
SHA1 19906c808c1c0e5b31aaf4fabeb71f123fc7b410
SHA256 710ad7c063f8cfdce1d70df48ca19cccaf004335f8430a2da6ed45b7763e2f0c
SHA512 5e973f6e93da89c176d904bdd171e4ab8b17d0df17423ba65c64974dc7a938bc7b96d95a7f4d6c22f68252b68112e2200917f26ee5a003cb02d1243ca8b2fe6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e592644943781f6b162a53e4c5e02fba
SHA1 6ed3670c44fcf4f541c0b6334718e6aa2fb5d7c4
SHA256 1897b166cbb4a1161efe95b5991584a8705385f9dd1f0cf360c6af311076b6bf
SHA512 207ea78ae2f28ac5c90a87748c1c18952c46b3c00b7a5b7431c485581fcec5d7a361be03e69179c8e022acd288d70b18dcb72f29552d8f8bd8ad13b0bab1cbcf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 4cd4ab29bcff3fde79a13f3c9a42d9a1
SHA1 68fdc19cbe0970912341d62fee54f6b58abb6eb5
SHA256 58841818219d6cd5a5afa5bf7fb7685445745ca7708756122363fd8c63ebcf39
SHA512 4d8aeb90a6ef0c586dbd22f83f1d70bc5ba47b01990a441e33a20d68bbdc0378869e0d0066497b471788cd1b446c1f1a3e0188d915f81da0e1a4a4d154867849

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs.js

MD5 6f4800ff63e1c68f060bc84368c7a362
SHA1 004a10ecf9e0c34dc3e30909b9e1a0ff0a3b29ba
SHA256 c9f2f165b25da29b41fa061d61387984b9d859ce468e3a4d76bf22a7a842667e
SHA512 7e0262f5042d44beb3905023e4fe164616160511a1578b368a315ae6285ae9eefa27154b58ac1edb2b7beb8e6882aec88a4cba1964f3decad9d2b5f748a4991c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0fd0e6ca693565f621ad57c6e4e48e13
SHA1 b058d84051cab59509506639b7295727bdd64890
SHA256 0931a7cfbf3805f9f466122734c9948b74f9801d76cff93d3830b53a3f3c01b4
SHA512 987b3c66d71626c3e812d954637d0c063a6bd8d8cf3ea67d737e3edda40f2fb76b7fef403e27cbbd69f43679fa51113efa77d5813c95c4d2eb2c25185a7487ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b72071931ad496b8a36f263a0dc2297d
SHA1 59bbc1537ccc0f69cee53d26ba4ad114629eb5ee
SHA256 9202fe74dca74ba798ceb55b64d61eec3d1a00cf07c442c340f9e6ab2d319830
SHA512 3dc6b62c18d4c14a69945ec7a85d0c2c5af4cdc07ecd7597b86d3ba219f24fc40da68f4d31bfd4f251f46b73a45f64217a5a7fba047ddfc371d8fb72a9cc066a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c22d6f5e68752a2754f51185fb57b327
SHA1 324724ca50b2aa7aac02031f6659e330f109d111
SHA256 289514c4ca6237ad0d1b524adbe6a3b18d61abd2f6f94a0aa1630f8952fd5ade
SHA512 4f278e9fdb88b283c3a651efb6b345e7656f8b21d9e204eb85b5940d7de7b3854a5ff7db1fd9df06c7c44501b0df2f5be8e3d982a27e894594647b5b4fdb57eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4180ea2de260abf373770a58af494500
SHA1 5d33437d96b57288c9b66be89630e7271b4161ab
SHA256 e99338ddd615ff75782d2a2ebe1a4b016ba41eeb523eb9e7f7eb03892129bf5e
SHA512 cb88ed25d76ea705c4d9b0c41dce855ae6e034cba7991090499bc71855158844cacd73a6912287d9a5a7574d211b3384ed0afbcf2f7c4808e735e0d9eda5eddb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b576f286f1cfe8bf24c8d9b16d6399e
SHA1 d6c847e70cc0d4f289de5c1366ec849b093a2dc3
SHA256 e8454fcf6b93daaf493e3316f8b61e9ce164266b9e17846b40cbf5eee3bb80ef
SHA512 69770173103288ae9dacdb049b842602299566244407b4139211055c7baebc12d57e81dc5414eed929e38a5f6269fbc5b352894679e1e14f94a00e714c2d72c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 233b8f73516ffbb3f25a23d906657309
SHA1 0323e8210827da9b12a19ffeb9423bd203088a2c
SHA256 540beae191102c98d342eae80077e847c7007e669ae6858680408582bbdfd4ab
SHA512 3f7cc0cd30b59d53a242a2a0a74f7d440080afbe5927c186c490b0c2f4df6993ec053e732cae5a56add276871e7613f0e021c22f5dd599854c50829b51bc7f28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFf79b828.TMP

MD5 af46dba16b2a2bef97f0392ffa17f130
SHA1 46ea3bfd8585bd69b9f51690d5a73e510078ede4
SHA256 2a52781bac94661281b21de8bbce034052014e4e1ea183920d1fe574a49c0d18
SHA512 ff2145565d78c38ed7ebd1214da08c8b0b95302465ce38bce8afb9141780bef505f9b806c9beb648f3e61ff8fd67c66ae008eabe9d73fd2778f2364ba37651f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2397c5ddcd549fd5114375c2242fd8e
SHA1 d0e63a8ac5d86faf4a996a55f501fc60d6376a8f
SHA256 411ea436cf98cd8eb9d031789343ad867d74ccc128e0d20063b0aae782cd0225
SHA512 e07cabb62e9bc5d45ec6000baf7aa33949e94c1aceb39605cf2aa3d19f7cb41aefa196994cdc229433502c1acca3987535071a807699212ca19f7e3e9e72e68f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\20U8N02D52M79Z0J1PE5.temp

MD5 5fa23f02042d94bff956e07d6de5012e
SHA1 70d549a26f8fe5272ad61f76d11dc339acbfb6a0
SHA256 9390cd36bb0018df326d93f8c1b5f1b2149df07e690f423573a330e1dad1de7d
SHA512 7926f29945c7fd9d14eb6539e7cac07911f3ed7e011b4bec60663f72f2948ecfe9213166962c9b3a36e393bb47c5b10a6fd309200b82ffa925c15226bb7eb45e

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 04:47

Reported

2024-02-19 04:52

Platform

win10-20240214-en

Max time kernel

300s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527918794860303" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b65ff7ceee62da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 284522cfee62da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 067007e4ee62da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 1041e3b56f7eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8dd852ceee62da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 0066b0332163da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "415124938" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 4996 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 3204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 2656 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 200 wrote to memory of 2656 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4460 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4268 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4268 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4460 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4308 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4460 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4460 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2892 wrote to memory of 5096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4460 wrote to memory of 5168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4460 wrote to memory of 5168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5192 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5192 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5192 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5192 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffac2b19758,0x7ffac2b19768,0x7ffac2b19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffac2b19758,0x7ffac2b19768,0x7ffac2b19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffac2b19758,0x7ffac2b19768,0x7ffac2b19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.0.453776021\1067222993" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1772 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53e28b9d-e16a-4914-82d6-7f5fc8a4cd93} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 1876 12ea32d7a58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1768,i,6257333259611614691,3075525198257800952,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1768,i,6257333259611614691,3075525198257800952,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3536 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1892 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,6900359914011082899,5559286331672899806,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1852,i,6900359914011082899,5559286331672899806,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4692 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4724 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.1.1746947594\85223472" -parentBuildID 20221007134813 -prefsHandle 2200 -prefMapHandle 2196 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf36a1b-3db8-42ba-a7f3-731da30f6782} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 2236 12e97ee3e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.2.124376643\69355655" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a6c1ae1-3055-4fa4-b257-616d7764119f} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3020 12ea326a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.3.604961931\1870281242" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3404 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13a6cb34-b7ea-4f86-8804-fdea21980b25} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 2672 12ea795ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.4.1764161584\738984123" -childID 3 -isForBrowser -prefsHandle 3452 -prefMapHandle 3456 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e35c0135-3664-4a6c-a758-5a3ea21ff897} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3536 12ea795de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.5.936241247\1427479239" -childID 4 -isForBrowser -prefsHandle 3656 -prefMapHandle 3660 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d95890-6c53-4d5c-aaad-1650165974d5} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3444 12ea795d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.6.1425184196\1315419345" -childID 5 -isForBrowser -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {791d7bb6-dffe-4b13-9a42-e28177eae37f} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 4552 12ea8b05658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.8.1999529101\1725369008" -childID 7 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffa99e4e-943e-4839-857e-73ecc92f49e8} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5388 12ea9c92858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.7.1557422583\1262384866" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5328 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca56ac74-953f-4bef-92ea-46c33858e1cd} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5340 12ea9c90758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.9.2087258338\696911067" -childID 8 -isForBrowser -prefsHandle 5668 -prefMapHandle 5584 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a42a6773-2915-42c3-b894-afe4e1eb140a} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5576 12ea9c92b58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5324 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5404 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.10.1066857273\1443963292" -childID 9 -isForBrowser -prefsHandle 2692 -prefMapHandle 2636 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2888da48-78ae-462a-8a61-1dc46b5d13bc} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 4884 12ea9c0fd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1860,i,18354751554721560232,7689746742737049544,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 11.211.222.173.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 rr4---sn-q4fl6nde.googlevideo.com udp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 8.8.8.8:53 233.140.194.173.in-addr.arpa udp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
N/A 127.0.0.1:51026 tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51106 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4264-0-0x000001DF34C20000-0x000001DF34C30000-memory.dmp

memory/4264-16-0x000001DF35400000-0x000001DF35410000-memory.dmp

memory/4264-35-0x000001DF34EB0000-0x000001DF34EB2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 02e1771d02fb5c1d1170938bad64591e
SHA1 8e9dfeb712dc72fb06d1a88ea605133fdaa26b48
SHA256 9a1f646fa936af1b667285e34139f8954fc0210ac03279451ed4dd7b96a8c785
SHA512 5b953648d9cc490eb8aa6067486978d5ba221f0971d2bc870a71d7030559ebb5d987e48b4ee2b2b37fe0b94d0df704a892f0db17750bf66bae2d5f028f7489a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 6e0a3f20206a35e17fd3ec0a62876397
SHA1 af7f27f3631cd3bfc66c6ca186ec4d15fcd604d1
SHA256 c8c74590d5a15789315984caad0bcbab28bec5b9896ed68b69a24f0cb56a2d47
SHA512 cb81d383374e0b914057967d4fb2ffbcaa85952240a2c5e954b96a581dd4640042ce4815c79f51e80670d36fdba1712010522dca40f5642326a4b417261acee3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 795cf87830af4e2483d133400f70f166
SHA1 1c2eca832e0649cce3a6b2e0500682850db97ba6
SHA256 725e63dc794ebd7bbcf0335842b4ab9ebed4751dfba68fcf1b04ca2b9cdc64a9
SHA512 fc74c92be49ad1f6d5ecf6ffd81bae4a097536547b0ae8c3b73e0943b652085ba32934bad8e6721d7a1ea6606c30189820e20b7d8c6300259b1ee78981e2a4bd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 234a8c81d31bc012e8d4275fad23ea7f
SHA1 edfcb55656b36ef5d56450a50a314a798745138d
SHA256 d4597f475ff08082249be11eafa7fab9094d5b0e211abfe93e243a2bd2490cd5
SHA512 77731a898ab479770c1626ea88f75b8e8a18e7f4122c1004b13e9b8ac429bc5ec182f3c963a7d4baeaf834907b7d2ee7306762d7f7b5c6520626b0f09b622e8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2850a15317db4442177f7178baf8b457
SHA1 4abb70700b2fbe23aa60a695d715caabd6d5078f
SHA256 8bfca17373f02085fb04fa089b6dea2709d864508fb04fc64d6ae4d0c232d438
SHA512 6349d37f19a7e878254d30bb926a98fcbca1cfa9e1c19810064f07103d7f2af90f4b54151fe16c93bd9e98ffd15b7f62c0ac175cf5a67f11868557c121ba27d5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 13216a062a6b4040eb97a6df077a1425
SHA1 b5deb43db665a19e9e1cf4c0040bfdee543fb911
SHA256 c9f60e6a32edbd44f8f8c0ee599b4c0c9c46d0c5d055cd625ae40871991f6533
SHA512 7190799eb43dbfe9cade43a71e0c80f4cc2e84d114df458f68032529f1969f4906d0db9b43ea980afee9b7cca4256e85e329bcd89c6ff4f14a58bac29c0cde52

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

memory/2800-137-0x000002D019D40000-0x000002D019D60000-memory.dmp

memory/2800-166-0x000002D0091C0000-0x000002D0091E0000-memory.dmp

memory/4996-204-0x0000026D32FB0000-0x0000026D32FD0000-memory.dmp

memory/4952-211-0x0000028674D20000-0x0000028674D40000-memory.dmp

memory/4952-212-0x0000028675300000-0x0000028675400000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 c17869be7e2fe58aa819e705c3b40b81
SHA1 5de25787308dbb8c486e27be34ab3903fab3260e
SHA256 7b18b7fd691809560619171e04f661c62f7492ae0463cbc719e6da510f4ebcdf
SHA512 ec44b64a4c81d77f7698b00c21a12a5faa519932a95c5826dd66b64d5c1fc5c008058aed5f8070bc0fe1bee293d3aca76d49d523c2ba87e99e5e58c7b343d46a

memory/4996-310-0x0000026D33CC0000-0x0000026D33CC2000-memory.dmp

memory/4996-315-0x0000026D33030000-0x0000026D33032000-memory.dmp

memory/4996-319-0x0000026D33040000-0x0000026D33042000-memory.dmp

memory/4952-320-0x0000028775E50000-0x0000028775E52000-memory.dmp

memory/4996-325-0x0000026D33CF0000-0x0000026D33CF2000-memory.dmp

memory/4996-332-0x0000026D330D0000-0x0000026D330D2000-memory.dmp

memory/4952-335-0x0000028776180000-0x0000028776182000-memory.dmp

memory/4952-340-0x0000028776190000-0x0000028776192000-memory.dmp

memory/4996-339-0x0000026D33CE0000-0x0000026D33CE2000-memory.dmp

memory/4996-345-0x0000026D33FB0000-0x0000026D33FB2000-memory.dmp

memory/4996-349-0x0000026D33FD0000-0x0000026D33FD2000-memory.dmp

memory/4996-353-0x0000026D34010000-0x0000026D34012000-memory.dmp

memory/4996-398-0x0000026D38A60000-0x0000026D38A80000-memory.dmp

memory/4996-399-0x0000026D38A80000-0x0000026D38AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DHPNTFUI\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 3408b6d3c68782798e78fa4597e8e41b
SHA1 43969484c45810e397cecbfb54bb6a7fac171308
SHA256 badab487be70571b8b131c383c1f30a3a301a673b1c8b60227136b2a7de236cc
SHA512 626d14c0fa2795acd75978cedb35988623fef1934efac21187ee9e6aaf7b8c5b69456e78b0ff43bac62fa98fc63ead5b74c2b14cb59cabd38731a73d8668b3da

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45cff9342e5dd2deaefc3e24db80ac0a
SHA1 bc9875a8428c753d50b54c3ed49f4b20727c979a
SHA256 78d9bf9c1a20790d838d7dafd5fc1a4b15ea074e8a0a2c68316bb31d470ffaa2
SHA512 257500a95638f66c282b7749b96771af7380f0d6b873dd34b507f1e66194ec564ff5f59c0d41667bced6e7d0fe35e89ef73a79506b45738fee26abf9d07147eb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

memory/4952-491-0x0000028674B00000-0x0000028674C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 6ef0c72bc88a1f7169b6799359411416
SHA1 4d5ddaa5102565dff67e3bfceae51a7ef3716bda
SHA256 2046f92ceb3734cb00c825271683f86279025875a096651b646560578912dd00
SHA512 05b7500128419bc7a006b42e25cfb5832cd4e5a7098cd5995a8bc31b143551329e67e5df0f41feafecd9fa3f8af667b211a6ab9cd6e43eb5a08b0d81afceae52

memory/4264-531-0x000001DF3B540000-0x000001DF3B541000-memory.dmp

memory/4264-532-0x000001DF3B550000-0x000001DF3B551000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QQO4B3Z5\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/4996-696-0x0000026D22410000-0x0000026D22420000-memory.dmp

memory/4996-698-0x0000026D22410000-0x0000026D22420000-memory.dmp

memory/4996-700-0x0000026D22410000-0x0000026D22420000-memory.dmp

memory/4996-701-0x0000026D22410000-0x0000026D22420000-memory.dmp

memory/4996-702-0x0000026D22410000-0x0000026D22420000-memory.dmp

memory/4996-704-0x0000026D39A00000-0x0000026D39B00000-memory.dmp

memory/4996-703-0x0000026D22410000-0x0000026D22420000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ma0vc4j\imagestore.dat

MD5 620b9fcb373e9ac88e6c9e2ed78dee60
SHA1 95c7f995a87a18daa554e1ef18ec9f3666c3b02a
SHA256 2567ca94242dfd258f5d41d1ccfbaac9773f924350ebcf1e37582a7bdf54910f
SHA512 e7dde74eedd34445bab44e8724ea0c77cffc936404c017dd54e57c622b423d4e5c83cd72c71f3ad69680290452e1cd0711e39f204d8f45e25760babdd2d1d638

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\738JE6L7\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WZIQO39S\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1NSCA0P\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1NSCA0P\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1NSCA0P\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1NSCA0P\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1NSCA0P\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 72a1f98f78f261e0f5fe405f0cc5eb84
SHA1 0d317020688b0b612200bc6bdf8e70f9f1af2bf7
SHA256 025521b052eac47abef7b62f26fea8acc18eed35598046490c40be4a2200e303
SHA512 db0a9ff506826b90541a85e21eb74023b19b01192c1dbea93e1f305e0cbb80ab855a4270045b3edb7f120b329cb65588eba02901dd8a91d04ec887665bca0f6d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 6a4cd14789b3ac49d81181f39f78c020
SHA1 4cc731391e1694074423800c3e6d2b85b400871f
SHA256 d5b24d9cbfa2461faad5a2403a55a3e517d63b150eb8672f4224031a21a7b51d
SHA512 f597c0d6eae814d58140dbe40b35a899a72d1ff9ce546ec3773b6c1e87f478fd8245cff892b039d4deb73ce74504d14bf01ea038ec962b4ec96d86ac5e2a5a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWQ11EDY\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWQ11EDY\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWQ11EDY\desktop_polymer[1].js

MD5 ecd014115b1f542e6a1e5c5ef91b5b80
SHA1 c3ead8bac06f4de661cb75627db15ad2f519bf0a
SHA256 5850cc5bc664a3ebaf1d2deb1403f56051b535eda83c9e098c5da0f1299391af
SHA512 f6e88e40cee935e0bc4edc4805282432d93c186f80f11d2915f24f11afc40247c10f667c48cace455ee95815f453902986118738945c56d31c106b7bd0b133b0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NSDJVEYJ\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWQ11EDY\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 043cbbd757874b0471005b6156e94516
SHA1 6e13cff99f121589b5436ff84f1b74aee24298ea
SHA256 6c33bd4fb37582b042d4fed7eb45ef168b2ba964c2c9f76bd2d9aa36c2d20296
SHA512 c41d0d1ed8c4f070d30c92015ebefcc525adc3581d929de99265a49f39bda6fd1b811940db1b1de87c95192567901d7ef563c4fa05e1860bf15ce975d234f4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_4308_TIMPSMRVJSGSDWDF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 64577290e624f3ae503c874ba7a0f5f8
SHA1 928cfae676a72fe265bfbc25904315bb87a5bb1e
SHA256 6fd404a55eafdd9c30cb94c66f5af0757f3f54be2eb6b7608fe9159232aac5c2
SHA512 aa2579db5d1da615ecc2475de3ddee1a055e46ff5057d3ca5e0eb3e615fb5bcca49dc0c301e1d433ab56517ca1fa733d3664677bc2b4074003eca192756fa87b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f702f246a7f40a448dea0fec30439821
SHA1 e4c80123eef249cb2fcd5fffd0811e9468cf4d98
SHA256 33d6daa9445d495037f989f0a652372b0de18b84e58a2a8d9530d3752f016973
SHA512 235f0f9d2bdbf6e47664b10c409cc5813178d057236cf490466a3f7d9c7f92be64a651f28733987620280bb3d4da92d37f8f4a99db93b25e5ab6320c02419366

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 31201274c15208a260d71d596c53fc5a
SHA1 9e05eb18d8c75dfb8953ba7d3db81c1a06373564
SHA256 c956f6a00383d5321ed87806bdba65b18724acd793920f80ef3b3eb2aba23862
SHA512 bf794f741e00e15c23c6c0a4383f9e94e8bf14a0990d72ac168d8539399915a51047aeaa5269a2b1088bbddfa01c7c89fee30412965b5e64f52bcb9911a0255c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\datareporting\glean\pending_pings\657fda9a-aa60-4e1a-87ab-38aa889567a2

MD5 65beb41bdf382980f7a2e55c3d0db957
SHA1 4b52f9ae01b7ccfd6ab96f394571d4699bf9b307
SHA256 f9d35438f29c94c408fb055917d3deafb24f718a4781a651e1e4a4188365a142
SHA512 0a5af80fef773975c9cefcc79ade704ec0e71d4eb74eddbc0cd8610eb53dfcab58d7e5cf3b54914494428f7121ba3eaac305395348afd22a07c74e9b4db221db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\datareporting\glean\pending_pings\4a4609e0-5595-4d29-8794-ac8191233061

MD5 cb25015aca5ddd78c64b8777bfa9910f
SHA1 6794e6a06535595c248aef7b5620dd3761c62d42
SHA256 42a823e7915e96b77d2c86a3d5ebccaddd05c1d3c7f59e15d6fd6a408bed0483
SHA512 daffc01e964ba989725d6237b982219d4f9a3c6216cf0ff793975f0173f1fc0bdd606475671694b866abdb7a31bb0ae328d3e342f7998f3c804279aef72adb77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\datareporting\glean\db\data.safe.bin

MD5 e5dcffd990cd000f5c4dcab5e6b6c105
SHA1 1b455c5a0fe59a8bdc6e27f4066880b671c23403
SHA256 a0529d5e1519c72804eabf809613763366cf90412d2f56af0dec3403c76ee19a
SHA512 6ed0ad414ece43f1f48a394663f9ddffdfa66cd02dfaae07557d5f36482b978fd8b51d287fe4427c9583b66b6679c49d6805cdc76b3c8dd39c0902fd94d4d577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs.js

MD5 534a78c6e21c5203003a6fe07b48bca1
SHA1 43cc6e127ed24d234dab296f11995031a0566528
SHA256 8289a4e185876c10137bb2ce02dedf2f8723f673ad909f13821cae40d7b9f0b7
SHA512 0cd446d342304f13d738a199dd543dac7402b566917707ab0ab9c02975ee266dacacc1ed70fd9950d0e55fe083ca62797b6d5594c38759990b778cfe3b3223ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f646abbb072b66152c4c15f3b7f42ba8
SHA1 da48b96c994be7e00e4b3ab8df252857bd7ce859
SHA256 b8ce26f6414fe33d606c0a04234fdc84652e82c3c67c3382147186c06642213f
SHA512 894306e4fc3aec5f2230790b772e1fe5ef6acd661547f1f366f321575c673471c42f72b9665437f97c11c222964d91fbeb835ba2406e8ac0dc0bbc942ee39ba3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 ac4ca2d21ef97dfecd537ee3eaa6a007
SHA1 4a7aad09a9d3417c386502df736ec51635de995d
SHA256 3615dc56f8c556b59ff228d89633674da2451911833d647f4ad8aa8b8246debe
SHA512 906e773b8b2bd68b05d748b1a18079db18950480fa6a898ec136b7e88e56ada695bd341ad56868f8187490f1012e41aff0ce78aa1b11ddad59e964cac34766d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 be83fee320313004c5f6154dc3468460
SHA1 a34557dc3627d6255e5232e72445458c64ca7a79
SHA256 8e1b28cdb76b364f31847f0fe0d31415be88fa3c9b9924cc20a60a0b307b362c
SHA512 772f58fe2bd1262bfd3a2b61325c5187b2f1bd8a4df1151b9eba6ba7d30add1124196616f08d8b82b8206d89174b06674c9251737572a0b8c0b1883a0104209a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f867ab22ec55be6c0c95bc288db82d2
SHA1 6d1d63807b4cd5d24a323c7dd6893a74403aafbe
SHA256 e08214144907460e05b9431af585139fd2536fb01f44a3548d549b5744d627d9
SHA512 42e26a35a4fc5abfe360547a0c44eb1b9be43243993fd30c5ffb605244540647ac0dd717809e6fb520437566d3a58106b52a7bca4432dc8bb916799d5c5ce997

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d917ce7f1373e008a39d6e59d1642596
SHA1 1108dec3164242b4c45d0529f884da95d391ecfb
SHA256 256d7de97b3dfcf7d6ab84878bd5180c461e48defaf945cd6f5b866cdfb2865c
SHA512 2d42cb16365ef2f65d630ca3138026efd0c83393872e2f2f75921b1fe1c4ac38669e7bbd96b0a9e1aa53c76212624895a8871f13ed9390951b6c24c12e66cce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07be9ba368fe43eef7add9867f66bcf8
SHA1 61a6498a94cd4bc912b424beb1f553e8c9fd2879
SHA256 872fa642afac678feab3f1c95350d6cc4dbd2c7777d4b51a7832c4bb4d411696
SHA512 5bd06542e7d493e655f22793542ddad6ed6c6c1468947cd2bc55ef65f72e002e8d755fcc4e71ce1f4f3c59952a6f7efb1ec712ffc681d4c81553a56b7cd8a149

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T91158BQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 003f7070ab7918d7c7c718df1f5808ab
SHA1 e1132d9753946f66e7e71930d047332a1c64d15e
SHA256 68f54b733a75ff1ddf280d4085a2d3435430d5bf5fef16b9a692a5c1b7256d19
SHA512 bfd4645ded86ff8de46c3c88c4ab28cfcb9c60b57636d15c60ae12b5240b51ecde5c0579d26679d9a3c89b6e251ecb01b62d68bc77213948f845d3850a14142a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 56db4ba08fd69fa534c9ea129e134ca9
SHA1 1d0e1f5d9260df10edb914f83bc45dfad1444018
SHA256 f8a293b1bd026775d4dd577bbb351d2378d2a60e14e8c6d8dabde61f7a81c80f
SHA512 b23a0068ff1e2ed7bf3924db6c9abfbf9e0087b9ed23e99a495ec9e71590e761c07072c2236a676df5b5726c99c0ec24e60453dd0a10c345005851504786d0d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4308_568680573\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4308_568680573\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7127af39d5d49805d63cad462f305df1
SHA1 f7fb7052b5b141ed5a5d62165d2a98ec6cf44768
SHA256 0f7b03e99e1345302c151e2e9d82bba45e6404b6688647a7969e1e19f66f7586
SHA512 6eb5a903796bf0591a1ef77828b19c15b79d120d09ed88b2e0d1b4205c5547e0ff9a6e56ac0a3b493189f4f4b8b43f772e0d4572e38c5b3c2ec4d6eb599bd219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586caf.TMP

MD5 dd6d37569e0919e9568c60b93df0eab9
SHA1 c885f173988c5d6d822047cb6d56b4132842a85b
SHA256 5bcae67eb721bc1a4dcd131b75cceb54a3db3a9f690169bbe342286c8ef6bab7
SHA512 c3d9eee780aa65374be3a206802067cb143ab3858b2d022903b09ae56a5e861adfcbcd0e3ead603248e420593d65b0a18b65b731abb4b295c99cce2fc30ec992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad266ecc24ab6648e72f9ac616fb1250
SHA1 59676eba04d7bd7bcefd4311b5483ea822f4b1b2
SHA256 d338c06bf2abba091afdf264e32144056e444941f22bd9b13accab55d63bf2ac
SHA512 bf8c1e4c9a23b20b9d759194f8d239029d8ccdc67ec18dd023160e33e4ddeda16809e720dd11e4c0e8902743851ac73062009aadbbea4dc2821780b542d785f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ebd5f800f55f27f3add7650aab17d1d2
SHA1 ca77d6a22bfc9770f965d73135f8b6bdcdebd86a
SHA256 791e1fc50ff131c600095a36acdfc5e29ab2a8e0be30502501007be5728e1018
SHA512 6d675819be4f9222132ae08ee84e2c32ceac1100f2d985942c904e57b09a96eaa87e20a085a9a7bd8126f6334c6fec12184792a852944f1fe626c83cd7b2dab1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e6aace650db6d126780eecfaef54f8ff
SHA1 a02bd2485d28a3c93a27a8a23f8aada240053039
SHA256 5540193faf0f8be7d242a16a774ec90530a3a8792c1527bc28dc22ce2306f890
SHA512 d34708371e9bcaced47fd6bf0443c679e3262cc5ccbf7449a540bee7e082036f23b95c450558bb2f5ce2578442ab5124c60a458454fa161bccfa4a9289faa130

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08c51dbee9ab12ff9a6ce8e81db2b473
SHA1 5f096b18e0b650da16bf0d7d79e97b5d5058f231
SHA256 2aa41c543db338fbf0cc99fa15c4067dc17b06b2fdc21af26eb92ad8ac73a700
SHA512 c39c9aa90a7acb16fcd66b876ba24311ae5fed8003141162689c65e40280bfff920295cd25c4de7c90116f2e2cb040e3a913f0ca56efdfd5e8b35df2f5164f08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs-1.js

MD5 b1c530c730775705034c30d070e52268
SHA1 d862e0c9ab51d7531be1eda297b09c9ea0f85de6
SHA256 ad2ce76258d4f282fa251ae8940970163f9bf65a2653bba0e8c2041813986d80
SHA512 b80d52e39c4427ac556f01ba19f83b48f71979da997ff7792b815c50c580bfd28fa27e4ff486afcf07efd9dea2b87940010e50f19ef061a82893124aa21e9706

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs-1.js

MD5 9d9e124f2311cc74453bfd5f9998a390
SHA1 5e6d950700cd161d4ad4cb896e06dd82a4ec2989
SHA256 c9c2934688c8e46172e7402b334b6d9c200e70142e0d4917916016e64f7b07e1
SHA512 aede30566f798a64d3dc44d0a109526fde28184a4d4a6773f40a3d8c07ce95335f3c8a5fc4963a841737871071609c2f6038b98c17285913c66ce14a647199cb

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 75f0289e5ad7fa53f75094e582ad31d2
SHA1 c5decf8c5860909329afb11726594bbb910c5f6f
SHA256 a3bbf6bda73be165b5e99642100006145988ff102e9a1fa8874e1c9edb38848d
SHA512 2015e258a7ef8c5ee9cd4aa92734e1cf74314f9604943be8e3e352cd3e849fa1bc9651ba5a6ed3c324a11479a52a0bc5594be8f41d878a0c68accc77f2d1c84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bf73.TMP

MD5 2097e5d7125de3fbf5a55a6e01af6137
SHA1 5364c59d805b05cc055dc20a2bfd3a0cac75d22e
SHA256 6427fcd92fa26f74833ba2952a35c16f9bf680d30dda6c30ef6a8496e9e34fa8
SHA512 1b90053aab2c8d5a1989b1df4f1055824043cfe3784d1c2dc9ebe1558d177be105147c2e89cfb3abb6bf7fccc9decd54eaf99c55ef5310f67e05ea69fcaf4b97

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0JSMISPH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9b5f8d7c340aeb38827437b5ea9398d9
SHA1 bcebd70f6ea1b2b62624e2fb0da27e82cc654476
SHA256 40bee1d2ac871fae5abf15575af3338294e7f49fde85097ae92b528dc3fd42f2
SHA512 1ade68fe11a895723eaf08c26043ca4f370b3de4c2544030326a55d2a2fef603d0f189402539d5d056c41367fc8414e304cbfe3cb50ce9ab55a2a80188d506ec

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 8f8a7fa28cd4d79233930ff544370bf1
SHA1 827567f71b0a219a4c7965827cb6303f9b833b87
SHA256 836fd484ddb9aa183c778a030fce06c9329e28af54f8bb26cba20e520a62887b
SHA512 baac41948a6d6699270775bfec55dc287f527f20d77d605306a88e7e8270cf6ff7154ca975a307cbbd00bc6b76b633e426d149f30acb9b002825215932c12e59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 ba4246dc7d03779d436a7e3e53a75135
SHA1 78632847ee9dea64332592eed2e2f75cf57c7d03
SHA256 c050ab79fca1a025260e5997d9a2e5168e68eaad830a7e3d9acaa1bf486fbdda
SHA512 8b71c2d842913255658332df53115543d96a6dd364b9e8f810bfc673e9a4fa1b886dc07082b3088aeee39d5d2add42361323a3ac98b6650bd5abd70d2df975d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ac9c15d4da6ff568992d6161b3b72512
SHA1 34d28a6820a3dec5030b544c09b9028736ab168a
SHA256 6490a8f29c5690e6a3dd607d80db683cf82abac496c6bf77678c484a6f92e35a
SHA512 31226bff4ead7fea41b8f29796946fc413f1b9251e382747948ac09efa419c47bc896aa6602092cecb18034f5a5a618d9dcbf5458d5c27447a65968b86dadc18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a1e43b2da6227b737e69af9a7450894c
SHA1 4b63503b80284a4e5a93fb7c63aa1f398319f600
SHA256 553fdfcd0e6e4676e1f7a5f1e0e812744a7fef7865a1902db7a71b82bae3fdcc
SHA512 25b8d4d55dd661c519db99a7194e1adee1d7ef6e8abc51920ab850e81dd758bbcd925530e0c3db0b83920b3f126df362bb0b14fad3927a40a3ebfe2d2f2f65cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a6f62a26edcf85958e7dfee29ee3738
SHA1 5dcc3c9091d9160dd1cfaa0579f60cf9363a4d26
SHA256 86b23226268819bd85760bd2dfcdae95aab5163bd2371103d5e11cf689563bcd
SHA512 c534400cfacaabc95752fac035d2ca3bc18eb6e59bedfcb2638da78dba3a3f498be3cc6c3f91487b01658faf5e1a8b530f73a068541a34f455c52ab37219d89a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 027feac2c91fc0816e5a12bf343448a4
SHA1 abcf73f91abff0dcdd54c22ff6b2be00b9049113
SHA256 e33031c0278ff5514aede7dd67335fc71474252f621b95aba613cec79a6363a1
SHA512 9ea383466a74c7c844ea9aaa95c36f42bdee99b8db4a6ff2bce63c60299afd140590bb492d3e3547753c5e3abc0d23ab4c2996aed0a257b6777c61e63768d978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5b180ac326b4d5854e47fdd694f2dcdd
SHA1 026a39984925b0dc14b58a97c919de09e7cac6ba
SHA256 7151a9f6a72cf6b8482c750d7fb6ac51bf0cfb58f00def23c25f72b6171a41b8
SHA512 0d16fa8417897fa0d324504aa9fe5d0c3c6c1a4a7678565cda09feafdba4b8cadaa2f1b22492dc5843196885288dee953a1dac9959756cfd4ea81103a4d503d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 189d57fa2e4cf2d94cccf035078457d0
SHA1 82d9326fb4aca97cf681e24eb904a9cf62b03132
SHA256 23ae04d5160ac151326816f9d27fab155fa4c94047da4138cdb569a6fa37e8e9
SHA512 180217f41c65165989b5b28c7e3329613c8c048a5eefab72df852471d8d57d19ee47feacb3b1317da47c5fede9128ec06f5a72cb6f59165dbc0144f203e478f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eec1cda033c9078a8239b1fb70f3b1c4
SHA1 e324811d089add331d110bd7b33e819ddab3796a
SHA256 86f4668ae644bf0ad8bb6e05c4028377de2ca55957f0a647f84ab54ae39718ba
SHA512 d5636d86269f39450186f6d5b6887ff272e362a1d643e48e74a1930866484ec67f228b8db837d0c1442d796035e0ed953a1f3833064bf0b7063c49adb0227a64

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2fa9f219dc217c19a408584681629a6d
SHA1 ea8f895d977e299fa545e79f2ce833f356853014
SHA256 653af9482c6c264e7095503717bb46e21d210c1b499e22a17fde403a92ea1109
SHA512 8d460b74011e4fd91573bd59a97194a10a55214cab889fe54035e90d31da8a6baafc9491bc60f439e1ef81cb53f71fb6dbc6de62c8afab5601f9e6b7a0860ddc