Malware Analysis Report

2024-11-16 15:45

Sample ID 240220-ff4zqsbh57
Target 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
SHA256 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2

Threat Level: Known bad

The file 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-20 04:49

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-20 04:49

Reported

2024-02-20 04:54

Platform

win7-20231215-en

Max time kernel

57s

Max time network

284s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000c93b6d9bcb90c751cdd64991584e75c233b089d0927a4c35b0ae6725cef0e9d0000000000e8000000002000020000000b254b45c046c6fbb296c7f97b164e675d867d4156a39f604fed0660236ebf0c690000000b005180e613d020218366e4966c7a867a41ae598b0aaf0d876ccac824c1d3faa213992202ff84f911a40e4651001d51a2b4501ff086abefff282438fe5e639c349a09bdd49b532d8a46c1a1886fb5cd0f6d73f95d590c0001fd6bdc17c23a06b23ed3f29e8ccce5d24cc0d23ba7b13435a52c6b6e0ef89e12ee20cf112841c12496389af0ddc7132f24a2b3fcb1fd8074000000083d2adfb9f8915fc71de41732fc09a01e0bd4f7577962b5522a4c7d9396eb9826168c1c15ef108b2e87779164caa4dfbd78ef41740c84f84d28328fbc111b2d0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40535c54b863da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D7653C1-CFAB-11EE-B36A-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000c4bb4fab26280ac2c4aa8dad66849726a92dbe13a40063331ff08c928d9eb8cd000000000e80000000020000200000002adc31813cf280f174ad72648e5e24908d0ee2cb6b50c8292cfd20d65ad34cd820000000b1e845915205c936362af8ea8dbd44654956bb7b89d886e7c7b76895744c8eb1400000001aa0ee2f3cb1c67ffc025a169bb1b2f4ba32595f2f08825e3c65c29639affb738f9105529945cf7dd8b4f5ab10921fd0f4a24557de39e0cbaf31bef2dfc4e37f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D73F261-CFAB-11EE-B36A-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1072 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1072 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1660 wrote to memory of 1744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1660 wrote to memory of 1744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1660 wrote to memory of 1744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1660 wrote to memory of 1744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2516 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2516 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2516 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2516 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 888 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 888 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 888 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 888 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1072 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1356 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1356 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1356 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1472 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 956 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 956 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 956 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1072 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1888 wrote to memory of 1076 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1888 wrote to memory of 1076 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1888 wrote to memory of 1076 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6979758,0x7fef6979768,0x7fef6979778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6979758,0x7fef6979768,0x7fef6979778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6979758,0x7fef6979768,0x7fef6979778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.550074403\1172972595" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d033e30-b515-4c95-9e17-768be093991a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1328 100f5058 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1076 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1192,i,11012013160558137857,18039147540654100986,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1300,i,12411153268057406879,10751390595353615655,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.988151757\1426658648" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af5aa80-7841-489e-a950-0030146b171b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1516 f2ee258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1300,i,12411153268057406879,10751390595353615655,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1192,i,11012013160558137857,18039147540654100986,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2700 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2728 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1381410589\1471550542" -childID 1 -isForBrowser -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1840a74e-77d2-410f-8dbe-d81c2318d16c} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1840 1005dc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.1743738187\1119502991" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 2776 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75d5d967-d706-4e52-ad1a-853573821ef1} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2792 e62558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3204 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3304 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.2029961451\147192013" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3712 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5281b2a1-6272-4dfd-b13b-f6a48f91ddc1} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3728 2054a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.753871843\809641484" -childID 4 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fe87632-d4d5-49ed-a573-4402670af618} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3848 20643858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.1522808290\1392400942" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e7fc2c-5026-4368-8963-b84533cf1403} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4008 20646b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.2087913344\1202768317" -childID 6 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d8da18-66b7-4426-aeaf-81ad4bfc06f1} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4296 21b35c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.42113852\1072752111" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 4312 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b13bcf8-f3a9-47df-826b-61782c2cefac} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4280 21b36e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.2124424217\1901964054" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1744 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d541023a-d7c6-4e93-839c-847d44ce2f6b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2408 1ebe5158 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.961795160\1464791877" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4636 -prefMapHandle 4616 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {779a4f6a-5667-4a17-8044-f714d2c365a4} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4648 e5e558 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4524 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.11.2138432741\15326704" -childID 8 -isForBrowser -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {134339d6-b7d9-47a8-b2e2-ccd6916c6cb6} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4888 2087af58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1456,i,2714668476320812223,11471263263022836920,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 157.240.214.35:443 www.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:50159 tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6nde.googlevideo.com udp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.233:443 rr4---sn-q4fl6nde.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50221 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c23.gcp.gvt2.com udp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp

Files

memory/1072-0-0x0000000002860000-0x0000000002861000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D7B3D91-CFAB-11EE-B36A-F6BE0C79E4FA}.dat

MD5 dd07a17fdf7d6c469c6c9d6f72f3e931
SHA1 677a48693b6d4cd28c29b09a7232e912df02a239
SHA256 bf58707fa96c3e8dcc54c584b631c477dc217b9f28fe9468a0f50e44bf7a75c9
SHA512 77af3ed6367805a8d7dda184fa6b1511bf4ce49fa6915195dff7faae95d156d4ba096298f83819eb7581138724e1e2dbfdf9e295092b26d13bedd393e1a5bddb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D7653C1-CFAB-11EE-B36A-F6BE0C79E4FA}.dat

MD5 1c27fc61986b2368fde867d2d50122e2
SHA1 afc8f5ab5d6d263d10c934dc87434acbb258a0ac
SHA256 5733fee04ddb22f5421b86c9b963a1fd8dc6b56b5cb3244c88eba114b11cc397
SHA512 d55c8b2002dc5058ab00ea5586281d0e7bf474d91f62bfba0ebcb51286917c45519be72b5ed1366c3c02700cfba0cd733f2b1f5e3f071ef1f6b803714113d5a3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D73F261-CFAB-11EE-B36A-F6BE0C79E4FA}.dat

MD5 52e9a9247db3cf21f66b65c9786575b7
SHA1 309b5e59da1091b07e643ebfc4fb512670564883
SHA256 b3c519e3341792b4174a4db00ed085cbd9649f0a95ff56699707669b16aaee29
SHA512 ab8e906127cd7f447e9d1b27586d17125ba08596d2c738b122c2b3549a8b18b5abd32bb04f9081f45eb2d33d0ea2d6bbb7d88072c9f143156c63aec97c18b0c6

C:\Users\Admin\AppData\Local\Temp\Cab431A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar434C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D7B1681-CFAB-11EE-B36A-F6BE0C79E4FA}.dat

MD5 296a90dbd6fae700afa7a4981121b791
SHA1 a03dd8e3eb3f788eca6540190a66ec32fe8b9183
SHA256 7c24d42e72c72724b2a37051366b8ddcb148430016f561d1b7657299beac2a08
SHA512 c16b1fb909e56d8d1eba22795e5203a0a341718d2df85e2cf15f66d774b03ec250e5e7fa687cce6e52b7c2983a0285838dde661f0f083140db63c6fd28d4bd5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c689119e36c5fd3c5b8a9128a8a28b30
SHA1 ef785b135e5ee3eea5ed872524232d43ca263fe4
SHA256 2e22392d9f434b57af9286662b89cff6e65c3029f8d916e1cf09892a993fac11
SHA512 85533ce0ea6938c083887ca1f8c9bd7e5eaebdd3e73fef724231d7312f78d15b9588d377ee2f285fb0f96c4a0926c31b4797d362167c89d09067ce593bf52cdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cf7c39c642fe92ca4ec669b9e8ff3fec
SHA1 76413213c3f47df40edf753b6a3d0f6cbe0c6952
SHA256 41b1a0794d5e5a4e347c14679008df772ba82fd081f41c978d3ceec5609ddbf8
SHA512 e65ec70b24de0f284da43aa40f8c6511ea3765f6e3460c764de3dbc7a987d26072b81063d70b7276e3e6c542dbe9570edf3a36419d98e50e859b32ea1896e6cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 90f42b596b186aabf874b29f27508076
SHA1 636af93a223caf0c3cc9b8f5d36bb7a9ab6c0d7b
SHA256 7c383a50b28dc0db33c254d03f006d6e24b44a0b9287dca6b240ee0f01d60dd8
SHA512 a0dc042a701fe01c1e5ac583c2a7b56093984560e0d4759458160e7d2d9455cd4641589436a52b07159b0e50ed9921274f0c906613fbb79b100030ef185c5e79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 449f000108aa455387589f81b058c979
SHA1 630be78e4092360d7f89832a6fd40b138665c948
SHA256 3ebb8baaa750fab686ecbb8f32bb482c561a936bbc6e66cf475de823bc37e135
SHA512 3edb2607de3a47b67dd95cf1d4fb2887729a7b53d74e3b11838fd6d071ca4e891b9d1a71415d5e519ed80eef815c30fcc1c5e884ad3a0d86f887779dbcba4d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4edc67405387f0bcd0e610fab4395b5e
SHA1 aed9a9633462051405c072a8e3ca979d05de11ad
SHA256 11074f6e656a485eb32fdfeece562719e2f075ad2109371cc6363504176efa6e
SHA512 3fa41e6169d151238a7acd6397e4f9746748d4ef43f0c2232f8600cce876d7f73f4c576585c202a3e090b9563b003a24b8997b9d36b3a2b6ef42a2413654a242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a9852403af6f68d76e6f90b811807a9
SHA1 054cb56738e0c4d3747a1dd58703d5483843923b
SHA256 b908ac5543b8e4a84e51c3d87664e09533fb352a433642206d87edf1af943be9
SHA512 f3b7f747d457d59976526005009f3036442556f85641c95770a5cadb850007e78678e52ba03d474006d93dbfbb7ef5b6d701711e6d38d0cfdfef519e675dded3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 f4cf041f3c6357384617470c5121eb05
SHA1 0537499bb96530ba91c79aa8fe8c757b99bbe409
SHA256 90389045071c53c6311ea8f6c6aaf3809660e5a2d689c32c68595edf14f61139
SHA512 16e8fb7d673a963db9d9efe6db8a4f5694fd74ae98cbdb175e85ac3f9133b4c4fdb64cd02e0b74fbe2371bc7866cd43f1dd22cc754e4f0e1b9021bfc98beb6ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 4a90ee33766ed695166ef4b8306196e5
SHA1 42f57f6e2376967c765f02fa6c4e45cb9f604944
SHA256 4668ce2f8ab80d5b003d2c4b7a6a9467f6e07f6b994d9a1c6663b41c84d0e609
SHA512 bb293a363c5ea663e13cbc9bccfa4db03c7f50d2c52465a507a773c498cf2c1d924e03d7efc0591d3f5f499eb82c0f256784209e8303ed12e5da8ae62fee0b57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 71e76beba48cf388453bb8c2ba1cd0f9
SHA1 0688dbd2a901d49d8e4703e0bca1530dd1469541
SHA256 98f3229ceea5d68af5b871054445c6723a26dbc83da25d35988d1985635f6962
SHA512 f6afb40cb69022db35ce938770e1957968a1231c4a127002f5d3c38f57eeb16335ce5d27c60dc2a801e13426c586eaf7c5dd825b6d609d3ff5485008d366e589

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 4fd6bad536c0ff1931270317b25f5ec3
SHA1 a02da7d81f6780a5521fa24c642e55f80010544d
SHA256 2dc5bc2861981e34b2d04f23218cf124118abde32d91439b620a644eecfa8cd9
SHA512 e107432ca92ff5b002a586b40b25f3ee1b6eaa6e4bd1d899a7e972277a4cbda37c0ae03d656675a607a38206a255e666c44ec129af8efff5c125a2763d7e2ab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 fbbb02dc73d162cc1e98acb26d3b764d
SHA1 29c143dd4f99214b1fa0eb392944621b33ba3d40
SHA256 ba01b3f92527ecd95104bf7346ed58feaefc6ca1ff04af53d543e66f8c8aae7c
SHA512 945656bac6183abf8f4d43b8457160c211401962a6a498fe2f50712cd696d0e2ccff2339ed7779fe3c3594ad56c4ce3c038ed9d9d86981557f3624c17034c2e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 b79aab31dc39cbc3381a6a41e2f78e74
SHA1 62d9635c500e5fbd04f7dc9bce3a833f35b064e2
SHA256 a402aeeeb7cc18f1fcae2dd63702d1419d361de44dbc310f3071083beab5aef8
SHA512 40b0f3ee03d1febd1be40e52d359c339b2c2587a077e6e8b0b11171997286f563bb94cee5a2ef5d4fd71799bcc92e2948f804816999ff850ec36e4d9a9ce3fbb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7Z7BKNNS\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KPW6F2LO.txt

MD5 a15ddbc2c9d3734963409aa21d8937b3
SHA1 8c342415a21ed9be2287f8757033c413f7b66fe0
SHA256 9e1096f5bc6fe7c018df2348a84d1f6dc735d3b4e175c25c408c5e5e64f2957e
SHA512 ab660dd9ca3756848ef10d1374afad89b5fdefe005571625f89ea10a0a6f72a2a8461f5f219a9296182096efe249d8a2f6a0cd81d82683cf75267174e181df0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 aeaeec59350a548971f8d1636b471685
SHA1 4254a97ed9d7c7a25b4bc6fa7f49aee505f0ffc2
SHA256 73681f1e257b87074b7b08e6073dea1b0204ee7eab4db48a8555a1852758afd2
SHA512 352f59c14630b64c2e170f6b7b84d3d47bdf774addf5008e47458d942ff5208dcd73adcada33b938ccc9fedfd61f1f0f07355c178cc9a1aba13fac215cfca9a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 e9484fbaf200ee0e0bff585c62cb22f7
SHA1 e7a8f4eee7906fe705ca6cad6db6b50066d6bdbf
SHA256 4beb224cb40de54587b2c219064d82040e7e6f74d7c895ede552ae743aca1ac9
SHA512 917a3875c8b072c6a7e892eaf2860dbd7f5b25d4d1edf0e76fb9d99859bedc8ea0444f8ac55e63ee8f2a2f155b8dad5e64accc420f4e93bc1e6c0831d569c6c7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 075f09e8e263e29540b765b291771e8b
SHA1 c76795524f5a791cb184b32e7fe3bd7b9566a76c
SHA256 3159e8cd1b04ff6b7d648301dc306cbf9893f9b6fa3827c7b3d7500933f0cd42
SHA512 550658f7c511b336fd7c17870f2815e91cecb57a939166a26f216cdd181f6dde2506a8888368675e89dc0eb339be6579dec96d2f8198a3f801290bca33dc8bbd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 b2cab815d9fd6ffefe555ebf82ccbefc
SHA1 5ef57e6f0868a5fb37ba604c52b9837a1c71e9b1
SHA256 58e26860896abcba6223da82224c478fbdc6ecb27d1f0b67019e59ccb330e448
SHA512 3b355bacda1b4c1f9c3c742d8529c3fc1337eba29a172f13c6993fa68bbf0e423aa78d726f94c74382513475dfffbbe9a1c12d36a811a32208209247dfe90a66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7b852eea3d700237e4b035b2d1c1ba6
SHA1 4bb8948493d0cfe5dd206d2148c28aa723ad6d62
SHA256 9895db10c92fd4085feed3d885d2d0f60dccb866e87e25b196ba69f1bffb8375
SHA512 30089ea4ff742e97fb248bf78e27b3f00c5d2ce9dd014b8a43ca1d2609adde1740975c61aaa9840ed9202d84aba41175f046af1b0b001387401ac1430312f7f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d7fd885c6a2e7ca77d95693742cea3d
SHA1 bf36c8f6181b54a1c41f942bece88b4224a5cc0a
SHA256 aa48f4968320adcae2c5c105423aa11a0b6a47408947370c1594a02e90c10fa0
SHA512 ca433540703aa1030e81f5d4d333b60a238051508ec103bdf72482f20b9ec821fc519568218d4b88f27b7ffda62252cfe470e96a30ac07cff7d2b73957adbba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bfff9db4cbafd88eac22196e3d8046e
SHA1 2756f6268a562d43eb9f7dcf432e050665c76556
SHA256 f1752111a33d2c021f314678921eba3b064d7d09288351e4506c3a9b29bd8ab9
SHA512 0281d3bd6622aac0e891840a72bee56768a6e04171eaa1da9aeb2375b01baebbe93b58e4863693488e076850b63c42fe48bcd59f69d50d556bb67c02d16e3221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 295288edd00fd582168dc2f096c1cbe6
SHA1 9ce70a9a80e8ae9c578c1fb9d16d09055c5c63a6
SHA256 704a928fb0096d9d6426fbc70fb46c55c264d5d37febc7458a2b2e8d3aca6c7a
SHA512 60078cac25c1b2a0059a40622fefd72978a2c9c0111e3ab9d5702230a627f9efa36266133c4f75107ab76f1fcc1f41b27868d4bf01fb022caabfe88bae61e513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8f0b834f8c6227993a1b695297547e6
SHA1 e0f9b6f60197de61957964cb7cdb52cd03b62f45
SHA256 15e7a7f602cd9cfb58f32bd4ad8337b01513e658a041f0c704c7a8ba320bc0a3
SHA512 dbe5e73f0264170de042e19afcc1b18568448b2ab4d5762d22a1dd26d0fcbafd11de54ab4e3235941392ff933081853f9c59f37ed4daef868e8da6a73917d112

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1280abc1d7896a46494b7200123ec40f
SHA1 ddbe83c635ae651318a2ff87c90c7517a33e0cae
SHA256 e2445ebddc12b17b2e64e2dfe918690bcaf1cc4d6855dfdf99afe3b04bf14905
SHA512 673013764d84f4b98e9a80dcd64572370793d88c753a4462eb8a049ec08aa9dd5542490bad1bcaf7837d9dcfdd5b636f510f97f3c6773da5a52ed135882d36d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28967db87b20d8a62f325e33b7ca6a3a
SHA1 2b0967083e84b784f3ec88b6f7fa506bf91532c6
SHA256 f7928f22eeaba69a2a0faaaf94c3f2c4a860b7f30c4b01531f7f88bff0468611
SHA512 db57af966b1492cdd2e78a0e00048e4769828cd7a94a17cb57f8643d3ca8648e2060f8e71dc47c6d1c61e4185ca3dffaab31a256365ff9cf3185c323542f9d94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7405b62299687a416e20b8e726ce5568
SHA1 834503765834ab667a61147d472f4cfdf1587857
SHA256 2f682138e2c1d9aec95fc11b248d708409e0e12e47ff91ecc107929c01ecbcd9
SHA512 703d0809ed56e3f154fd88a48e692ea92b97a98134384d0001a4c55b979840b87e92bbf03b044ef816f882a50db4184e5551bdc35cd3f3a3082d919bb85b08df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ce3a699b058f31ca1f67901ea34d4f6
SHA1 319b1479c9875a67e48041483aee2b640274a25c
SHA256 d542c52f7f117aeb9212d95218a8b056b3eb9b06a5f0054b4e18f4cdb096fd93
SHA512 537c9434e8ce8ab702fea985e044ed009a5f75ae0d70569e9ae4d178c4b57f3db848c1b160bc2ee289d1d686f8b7bb348967f75c25889cfc3242bcc0ff8cd52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5ce6196b179ec008033148df0c3007a
SHA1 8dc19457d176f4c00e4663a82ebc9e49d265bce7
SHA256 4e82c72ddcc60849815ce17e0ebed8b734a8e85b4a7aa2eab6a5a37d2a731742
SHA512 ca7fbb7df8c72cb71add8c7bc0f11016597f63558989e2ee6573aefa116603c79f6fda601e060bbff4dc63d18462307099d199a2594902b9696c97eff2a4bf97

memory/1072-859-0x0000000002860000-0x0000000002861000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 11b9ef326a4851ce75c5768187b8d574
SHA1 ebec9cc2871219a70441db5dbab6d6c1e73b70fe
SHA256 92e236809af52434ee84e9dd0494b4748b40d3b6729a76c9f5d456dee9e6c7bc
SHA512 0e8f39bcb557a7ab92db8e26c3d913f722ca84d2e7ba6bee706eb3aa21ae86a924e6abf529a62b6f7dd7104bcfdade25fe7b364d138fb2da60e71399eb79304c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1472_JNYXGRMFXDQOFLVH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9d98497aaeba80ef3267117154ba2982
SHA1 eac2d3fd25eb3cde43dcc70f8167c85af4910a57
SHA256 16695bff54a26b9a2fab29ea9eeb01de319560f41345faab67514a91eed8d67b
SHA512 e22d4bfd7866bcb1a6c6ee43ca1be31153aef7d674dfac5318a83bc02ff45102cd202df11afe43f465348df938be11c71da53310d4df115fd12b3fd8a1635844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b1fd6f281db413dd292ccf8be48daa0
SHA1 ee6c6921eef420331f273755e5b8fb09b17b81df
SHA256 b8abf1f47ec12f5f0e758f5321235632a40299b0b3c72ec3358e22c47ab7c659
SHA512 3bed05d7f7abaacdc2cee07a752d18c64c8b118810d28ab0f003e0605e387b4d073f7a742e31917f2c5eae9989051e11b5704b18c285a2daeb059f9e5ba0c298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_FE7F1376F45429175076B763EBF8B3E6

MD5 3a43a2953ebdaebe4968599e020c348c
SHA1 28cc9f5ffe51aaf4ad673f49856e596bcc49f6ac
SHA256 96aaa28e3e40afff2c0704483e82ef079faa746fa35394ace0db432a193333f7
SHA512 029f7995825cb6810dc71434467db2cfca3f11c51edcbee3221e538d51c775b1c8d6440681f095e9071fc3b5cb74d327918ac6b13e673c4273e4624f56f191b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 76a105ba18375e6c18d1d5badbf61eba
SHA1 94cbddcb09609e4804e6aff9e51711dc411e201a
SHA256 2ebb6013e50efade4b9227efa1a16d1fd8eb8a774c94198bff2146366a8cdd33
SHA512 515aa5d7e33c1ef16cc2dd6b4e9b21473d35cb3bad633c04c1460e39b71cf0e004e8ca1d6f8dca7f384fc5139235d859698d4d7d58d6f94cdfa6872cee2600b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 2f52a696f614db1e996f2db0bc242074
SHA1 7b8ab1ec5f5dd811e33c58e4823603667b4bccd1
SHA256 466efbaf33d2894a2b9e495e73d5e7662e870df02a2e9b5f4b8147984532bec6
SHA512 d8b567f6669c002dd8a6ed7618e06ba7510025e8894b54c1de0c0c42cccf05b37ab3f37dd3afe84df217434b0c3baef1bdfbcaaf29983af1e592506596563bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_FE7F1376F45429175076B763EBF8B3E6

MD5 7531d61f52fbea4b9ec415fe19661e11
SHA1 39da6b0d64aab0c526cc37c827a0b297e8c33d3d
SHA256 b9fea3c95c36df78cd7944bb2e83448122b1efe84ff68b6b5522a49ac8bb485d
SHA512 809b61e522c03a3f4b6bcd151f91d6c3216597ebff91542e7825d659404695b1a37910c338cab6afea8113f40390ecad684824a4a7d3aa0ac692f2fc3d390df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 ef3d25ed3701c812aa4e33bca92710a1
SHA1 3febef6334c29ffabf0269432aa1fc13d3b707ce
SHA256 49117be07741df0943f999579520c0fcd5c0fc7135331f20e69722841e5fe9f2
SHA512 7850955170718e68112bdc5f2f9f4a28c099eb3a39609a34ee86ae59753fe38eb2bafec9027877baca02d847da136b018033987d571b7119473cd0e1a53c0af8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 921f865987498981b8799e3358c955aa
SHA1 d1540581fb09f69737b8f44f5f04a61985bf204e
SHA256 4344e0bc60beaea2b418018735c4bc61b3beb595d361994faaa761886b1c42e0
SHA512 eeef99b2bec587a19a76c161135237e37ff976da103e536c1991093047bf7487fe81a211fe0001b2406f8d32be92cae39a9d5f4bf39ce9f9b151d0da8c1b602c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\db\data.safe.bin

MD5 8caa05b0848ca231fef5f777235e03ab
SHA1 58bf34ac426b51774b73e8fbc75de1ac1fc04ce5
SHA256 169b97daa06e2680ef2a0745f6a2984b50873d43ce90192e58ca6170d1e3e48e
SHA512 021ddea475677ad662fc336bfbc3a72a935713150c6f1908e260bd1c078388789c14902fd3e1c445a3fbf090469cb5aad03f2506b0f3f6761bcb8073171c5f74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 8a9febce6956635e8e57417e8d6a57bc
SHA1 0b35fb18b713b949365946a0245949db1c2b9ec4
SHA256 2a421908a3d46f6086dc8c916d096dd7a3947cb72f854fdc67cf3b1fedfe4ce6
SHA512 5ad853fc2c384f946144e0517d479b6c805121e9cf8754d27180159d937774b9ce403fdf7343613df714c3b45cb782869381f1057f57efaa957baeaff36bd4aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 b2cfce8c4666e9aa1bd91aa0b36ac078
SHA1 c70ad885676d9d65eacc2f0902ec838fcf1f7f68
SHA256 93bbaf3d4de6409823adc04e511ef8dbfe4d4be53f86975199de294c26f20c08
SHA512 0a2eadf3c8763df121e1f79c841c94051f80adbf9407369a2c05a408c30e313edc14a0d4cc9c06214da1a0803cfe125e1bd229e94f1de74d569526f029772937

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\db\data.safe.bin

MD5 a4bc866b687af3deac263b152913e5bc
SHA1 0a093ef3820dec3577f1925d13b1a23d863b0b42
SHA256 fc59879af8e00ed7b88fdc1908032eab2255cc56074eab7b289bb8189a99ccd2
SHA512 51d985d5ca08ae74e445997e28914edc2adafd15e79d6d4afcec8efcac40045578471307cc30f33db8783eef794434f6d3f6d05632a853240553c5cc95ad79f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\3e7dcfce-31f1-4b79-9bc3-d1615dcc5234

MD5 73ae4c235b731803a3b490bbd2b3367c
SHA1 7bd7b284d5d02ef4ec16248b0ba8aea9da5172ce
SHA256 9dae994369b28e14e9059ec970eed8efe94c31a7bd2bb09d7db2b4343d5071e1
SHA512 f2a7d0a475692cd3f34eae21b130f587ae974eca111ededc3b5588ede91c6ec05ddae9562a027be3e36948fdc686724d63b12e27c72234eb411166a243f2f41f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\07ac6419-488a-4b17-9e4d-d76b11b3420c

MD5 f0d8d1afa7881fb1b515cda62860a3b9
SHA1 fb33c07d985f8d0846e9e75ecb0818e6754bed64
SHA256 3110aef208bf4eb43380e687f988f67cc0d6e00fd043b6c141f30effdfddcf18
SHA512 de86bf68b29b1229a9a2fa86b720f312dca1a0b35162e2b5a92583e4f10a4a2d8f3bb349457ad429ae03971e3d35d7eee893a50b397ce3bc3332b2c4ae7bb8cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 85aaa97ff9ff96f9a8b1584d83712cdb
SHA1 ce4ad8715360c73c1e9cd49f2850f97cd324e1cc
SHA256 26389cf79caf5b9898ef45149ffbfab2cedc60ef9b3321d876fb0fcbb5f62167
SHA512 adda931ce814f3516b60f99a79182de666ed29e4f499469b4aef7806b6efb06f815aa263f04730ce8c96e26e507593171abb3d8f7bff99f41bcb5a99bfd65108

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 03d3dd63659d2b90c739f476e94b24ea
SHA1 e3cf3ea4124b633390cee2c7f55d54ff5f623a9a
SHA256 1e77e1f39c147804c9adbb1587318dda63ba77981f23f5e82149de869119ecfa
SHA512 a28aa797a51c166cafa6a20fcad9b986c1ef801e3734c33281f283dbf0689ebbfb192b6403aa54dabffa2b631d3614303c5fc44c4ebee5169a197e2e161b7426

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 85018b633358e7d9fbcb23db4f4d66b8
SHA1 393f86dc8836138aef7328722b54945c15f0d45b
SHA256 c366c7cf881d751fda355be096872be62b74106dad7b43f108b44431d24307a9
SHA512 5cf8ec5df1ca6b02ca27928c15ee5bf4f3aeee458ecd6000dcd87d5bb65f8360b314c79813ae481532ab58c7352f5f44f6e7fff8c9d3848537b48f33f1caaaea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 187e994ffdce2b2017574bdaa5d8feb7
SHA1 206797f20676f5807fd2942afab30c34a38be41a
SHA256 8ca7c640625d7980f4bc0da8c12340ba708827c9d43e7ca38c21604f3aeb1e4e
SHA512 ee875223673e218f5c6d1a634c231b3780f78a9d47dbdd8830ad3ac565ca91cdf310dee123fc64f3ade63c97feaf6f0fc985b81a88b1c09fcba3ac013c84a4e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 79d9abf53a0932b82a545b77ff8a089f
SHA1 7d64df0627404dc0ac27357f6cd175a01a9b17b9
SHA256 9a2c9805a986725ef862736366f4cad7bc67bfd0174959e0dfd3ad54cb15399b
SHA512 627f937132934fce9986daec40f59e75101ece9185bef1536a3bcf9af47a0efcbb030b3aa62870a4bffc584a8925ce610c0c2087244351cae65043b17401de01

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 310ebac972c0bb5bf15b5ad15fa60f90
SHA1 cfa4a39913291db2acd3a93d27bb3bb80782cc33
SHA256 c3fc9cdf738f9422d46dc8a8da09f1baca95ad09340822ca54653f432daac246
SHA512 85459a88b5f5b43a151dbf0ec31d4f48a9d679e3c58489348e50d535e825a972c655e1ac6ee092757dafe58e3952756d3506a4fd1148ab487f1b514c9d201e1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 33126ba8e756f56755be479d6f16afe5
SHA1 ad68cfd3512e6c63e747c68c60a4d0068c2e11ca
SHA256 3edef554676c8cd100137043de25051e4c94112e3654e1222ea6b51fc3d778f4
SHA512 ebf99223d6f20d110d93b36ff2dc18fed55796d8ecec5ccffa68987d0f59b33813b95970e03668c3896657e9d166073c4cea2dc0e473a47e68a359220f511a39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76f0e4.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d83f7a0b99e8ad17b12154cbbbc68597
SHA1 f9d6efb4baf1209ea80aa8c5c752902c82a0328c
SHA256 175424395c3efaab57a3ad6f9f9facc233bad933bd2303a0563fe00fb89dddd3
SHA512 39a092cd42612967478a2d6da64e39adb8b0762ddde98184670da02a7d3f70f8c47b11c8e6b50ba95fcc99abb6f5834e81f620be4f20b6d3de5b9fe0a84f551d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{bdafe0fc-6237-4b4f-aa5a-21564d70dd7a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\idb\1360401824yCt7-%iCt7-%r5e7sbp0o.sqlite

MD5 c2a962a5e1448b235e87705355673b45
SHA1 257f2dd98154d7ae116fd3126375f0d3b95dfb45
SHA256 fb25d2842e6ae0c715d896b0303d434d7988c50f0e9da107b356213647764cc0
SHA512 bfe23f105167e9d5a078c1792f3a6a5b665a3ebbd6c9e4cf5e7e974bf4df28f0ce3e24d1681ca499ec9fd6e797cbad8a72f9d6d0e32f66e0a468afeb92e3daec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 160cba0fba7bbd3589bdd3da01157865
SHA1 1c4032596d711d0a36a33e3ed73a1b666c55d158
SHA256 d7da34b52d85f6c3dda7d229c72abec14f4c575b36558acd73c8a4fcc7a418eb
SHA512 6942f9c04fc6420287b0f5cb46f890f641f2424e95100c9c05662a7eb3a45257619ec29c42b06136baf65cfc737ed769b5c14f528d516848eaebefbb6218c871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84220daf9d7b263700d80aebfb7cb19e
SHA1 e718670339e98ce709557a39f0ae132f3688af5b
SHA256 b36004a3bd732ec02086849b19c152cfdba68652b3fc4f61f728208f09783b36
SHA512 2953a7f07d1136ae1e7857964af056e76d7c8f8508adcb7e44abd80a9ab92c3d892a03a085f5928acbaa3cd1abba139b74ad6dc8c5f90ed35863f3b85a3b26cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 cb7b01d6945be3d59173913d157412b1
SHA1 e607df2fa4c780d3bc0e67f807803e2307514aae
SHA256 722ec13f99635c28caa4fac6bf481bb7185c5d7d14a1fed57ceef6c6c6ba2b9e
SHA512 2d67e3d4288107a6105d04fc0a11571f7059742f1e86bcf5e0370f6251a156e28dae7245e110e2a0f4bdde7bbb195a05f8ca69f5d9d35c0248bb2067914c9c28

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\104\{0c384b26-4133-401b-b685-800a798a5868}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\16\{4917d9e4-51c7-4798-ba28-f3d66b953110}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a5fe413a9c49423337c092659eb4140
SHA1 5c2ff1cee9d78b73229730cf0775fa1c2edc51f8
SHA256 10b33d2f0725d0d685bd64619ffb45dc1942a20016407c518851243a7840992b
SHA512 6c05aa5886e252408ba9ea1eea7800114bada9041f8dbed5eabdf817240a9086921969301d2bcc8d6613faaec1226d64eeeac805f5201c697e84a86e9085484f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fa010cf34151394a0972ef23f09be28
SHA1 3b7b701706aac7877e1320e5780611caa9d97009
SHA256 de5416144e1a595c5ef8ec57589fc82919d61ebe1abdf50d449f13c1e5d89e11
SHA512 95c97c76f2e8eaf817b6606ac3ea9009222edd19e3e0692e9e2a974a17856a97e03521aae73cee8aed5272648eaa4afe1b76a7cf192d92cd30eda361271dcdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 87ddc2f7b38a7daf898d43149d856d44
SHA1 bf514a5af52697e1c57a505449798e954065eed4
SHA256 f46a6093a60657302ba5497ffcb699fdd7c226c3ebe9cb45d327eb187e3f0eae
SHA512 e002e2febbc569f1bbfc17343e16b5f0896ccb86556ef4f97050c2e1fa74dd6daf690355f5246dcaf57c903837b94f6ca1e9223c75f58581819831bb84361624

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 796afccab5629dfe1427590c5f213a21
SHA1 be105f56e1ef141b6efa4e82865801cc67151f8c
SHA256 d4768c7d107d35b9bf3f9f29ad996a6e80944f6cd0f24c15c80bd3619a8bfe5a
SHA512 dd2d97c978555b3c200d9351bbbd16d2b3c05b3fe09575f63e106675b2be0b919a87cb7d69d8ecd085e226b98cde5ef8305f3d6554816d355d7e35faf1e3b20e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93ff0d0ea2a213c96e4f7bfccbb3a1d8
SHA1 eb32a3dbaaf86e624e3f4cc9dd9b8b405c4e7953
SHA256 b8db9ac6b697a0f038815c1602e53ee25ad604baa365d85fc84763285516ff4e
SHA512 9c3663d3ab33faa23fe7d830aee2e756799710a443975434fd00311ac71710c2c62ee8702bcb9ddac7855fd031c4f3dc7751b9f6afa170e4e95c47fc11e2cf95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e95729cfeb0088fe62aa9348b0c2cb9
SHA1 867a11fb9a4f72e8656359e1414c605815afde82
SHA256 0283d46af1219480eadce37c858e645245ddae2ef8cfe49848af9de8416bf770
SHA512 db117e7dc65df3234998ef43a19baf9a75f0464def8a9435a32a878ab3a517d63db863bd1af9201f2e36ec1dd123adeeab470c09b36897c75fc837cc5c33faa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b52b6ce06123ea085993caa621d18fa
SHA1 a28b9833bf27ea8ef783ccd48a52fd31a1aadc4d
SHA256 2174cc882be1650ac93ced326bd46913e212867953963ab1d1543924484ecc9e
SHA512 4cd31471f4039b3cae035611cdb681d7fd2a437a08869147b7a1d00da76ba1d4f8b22ffc6964996fec87e21c2c7f041ca2b917468d8eebaf6a745925cf9a3aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4c44a08ed4fc318c82dfc62149c23cb
SHA1 d036615e82e2ec0bf8dcc112067e4f5680c5e67b
SHA256 8793e08a0d8aaf8693df19a79e8854f4785e439d601e54e13262e2e2b00444f7
SHA512 e821cb37a069a0a45ef1f8b7cee59be6cb0d0842f0721ba9f302e9fee656e2e66b92f8cb9c059dcc320204d193cb3d7e920f07b43d5c3b04b47b24db2ebbc414

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75c76bff63a7058203a6da6402cf45e9
SHA1 f961af60a94292999af11a511d39b43de8e2b64e
SHA256 059688b4e3c0958de51b9218ce975826fb0b425199fc5f0160f976270e5fe522
SHA512 b8d969b33a9c7114a06ba390c33eb4828741b3187e3c4899e78e4c83f9a9e4d29a1d6f38b7bbe97d1d357d9b62573fa7436c77efc0b37de6523fdb1b9a26379b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1c9e00bb6225d7da9303f1388b37e132
SHA1 4b85191588528dffc8a58775e73488844bd93c10
SHA256 8da682b80608a80ca1bbf7ef739b886fef369e4318fafd912f92a251999586e2
SHA512 785bb720964954506afe5c2c64a35c90e475940677b6b358b50d9b54554139a4abf7a21b201432c8cfb7b23a1526b2591603ac8a731df81b0ec1c5ea0139b720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5323288c9337b4e47fb2f84a2dbab6c7
SHA1 a03f9c72ab6dc1207928bab02b5ce86b1bc001f8
SHA256 47c2ab0a03cf5040e4b56909d1ed56ec88f5a78ebc1a3550ca9e590340ee3e9b
SHA512 2a9a35d86b5d16fc0e4425b60600c756ade4a421614dea79ba4ed2d6f281953e7a56cf66a5fa5348bbedc9adfd3e8b37095ae4642a101755e26ae64ce8c9358c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87db0acb1ff2f2df29127cfd9d993fe3
SHA1 2e1cff14a1d846cf84eef10a19c20e94f34ad9f4
SHA256 fa0b222afc2b9d10f380b949337a2a23a6ad4831d5740a8dea7dfab931302f9f
SHA512 daa75758f9be1b6da7da6ba502f77714e3305f5070ac64dd7c4eeca710e6be16487f3dcb55e9f129a88609a5530f1b55bc7ca0c259fbdb0a2a4356045c1a7261

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7095bb243f5369d29cce4edfe60ac8d
SHA1 c674af6ae31845ab67ec5c5681fa8ace02960d0f
SHA256 9386e9990f2d04a28445f79165cb2abbc3e1ae0964a48d57b0ed88ed9c77b1fd
SHA512 fd164e314e711497fd1d81d5c479f408c151386d47c68b085ea2b20332479c43849857f0ac39dd7575f290e3682dac9e35dd00b71bc3b77d73096b14bb83cb2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58b0eae5a478ae99670fe97dd806a0fa
SHA1 6d704e173168a08e9d374b8e8fbab76abff36ed8
SHA256 0985e1e9131917347ec8b520d955113be4f91a313e7cfee4be3719cba8e47fcf
SHA512 6e94d0bbdf8f0e49a9f279accb0d2a54e0abdbd685ef4d0948c823fa2dcd1dca9b2b91eb635f25aaf191b3986857a341904d454ff7eb07f18c5575aac52ad5fa

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 9d1177bc8cc98ce01d24ce9b6316ef30
SHA1 0466c56d89015363444384003ad5f27ebc3341ef
SHA256 5f1c355ffd36cd7cb363839c082ab8abfd2bfdb38e93bf76762f9435f805ba3e
SHA512 8fab77eecbff9ee90de9525bc9f2dd694d2d265775ec19c939d07a39bac0f800404a102289e44a569d82b3319548e8d9059a39ac87c09514d9775093f63d3bcc

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 658bd9f255c00f5f7e266b43d0393767
SHA1 6a6231bf17c54c93920952c3fe9431b3c12254d0
SHA256 3feddec39e33b7ca0b38827e8c3014eb5e50189d71cc8642500316a4feab67af
SHA512 d5b28c2037eec61fc4a7f4bd1f0a126bbfac6dfe9d7121a9ce9897948347ef6a861071b671d6d80a00e614c15faafeb97d0072139adb89535b4039619bf244f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5c460cdc-da71-478a-8217-bb2715abb4c9.tmp

MD5 f462922406ff7e4083e7c316c7de1fd4
SHA1 f55c055f4cd762be7e622f8f3bee4d81b0644c69
SHA256 23edb591d7b01e9c56eddb000f3ba47ace668f79693f682c33da9390100af616
SHA512 55ec905d1e1ccc8adbf5d86135d048407567d348f95039218821a5a3e0bde9f102e32d2fd893c14f025de2690a2971c255ff4820d4b6e153f5a45b7981a047af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df59c5d641eec6d8655d85a8dacebc20
SHA1 fcd56e5dae94b78120ab987c78765a7dbccdcbaa
SHA256 23f55bb1db3fd594c473ec4a0454bedb266c0a54c1d47945a4422bdcbc124a4a
SHA512 d54779b72dc7c67103c422bbd778927fa58a04f06c057f310483b5a6ee2b95328ba971b6b0dbfbfa58d2f22b342a98528c50d1c7154633cdc42ed0a2895a72b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8bc30398ca32c25d44fd6b42d726599
SHA1 3c26b3ff69f70328aeaf627de4d9b7ac306ac72c
SHA256 9b26a9eca2ff82c719d2940550f0c86b1c9f09f3c7cccdb1553392f0986713de
SHA512 e8c4b234dfef006ea1a8226a006e15446b7e3cb21ae17f218e3cbe7b0c4353687f4f3ac4dfdcfc55e8a947225e96f6904eb5cc85ff01074e1ea4713b6b495e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8a32f14f457e98683d8a9101f2c38aa4
SHA1 5755bb8f7021c4e1c44673e44bd802bfbf0c5613
SHA256 0dcc1d62640ef749879712a544329452616afcbc14f13e0d281702195d62475c
SHA512 01a173d554336843a149d6feb6428b4bf47db41013308ca0ba98eda01a1fa1aa0e50bb9c2759a9100d76577aca48e4fc4de5988ccaf930635d6217f3d74fb6c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 94048437ab8a71c17d51539214dec5bc
SHA1 f72957a08ffa9430ac076797fc9b55b30ccb3b65
SHA256 2e25336d13699f8bf8438787268ebfb29600a230633e33322a1dfb1245c90d86
SHA512 7f8b9f503564f5cb07ca5ca4a752c1168c22b60f036b3af5bdaa82e77f099dce106e9b67267886121a61ce33e7be27ace46380ee298e79fa6d087712d187aad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c02654ff429cc0c56569527302a7495b
SHA1 dcba54bf866bc3b16e03213217dd7fd14a003d88
SHA256 1aaf5a5ec353c095197d91b7c1cf4f63b83730e57d8176ea6c84ae6df36bd585
SHA512 cde7b3eddc74a81878c6c29702c14f01f37debc34a43eecd005d805c6ac26e8ee18acca9d4bfdc5f59454a4bec77aee7c84a7cc0e561ee1a173f9c7544bb88b7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 15bedb2a28e840d382830b53fff42054
SHA1 18cecd272128f9108554d6939bc114f302c04303
SHA256 e0353dbd8272300fbc7f00c08a59334f1b85eb1c702b1a00491dacdf07c97094
SHA512 38a9e2914ac16fc6f3a166afcbbb8db62162e212309c13fb59c554c2d55a96fa40479ae29f0ed4f98574569154ebcda245672fb3557bd8c1eb1dd845d9ab1d6d

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-20 04:49

Reported

2024-02-20 04:54

Platform

win10-20240214-en

Max time kernel

299s

Max time network

295s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528784025827928" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubdo = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "415185617" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 104cf6a5ea63da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0fa7d56b863da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 62c22641b863da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 1072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 4980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 5840 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3512 wrote to memory of 5840 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1704 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 5124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 5124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 5144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 5144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 5188 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 5188 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2344 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2344 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 5284 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 5284 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5188 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5260 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5260 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5260 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5260 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffca5a59758,0x7ffca5a59768,0x7ffca5a59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa8,0xd4,0x7ffca5a59758,0x7ffca5a59768,0x7ffca5a59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca5a59758,0x7ffca5a59768,0x7ffca5a59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.0.736375370\668063795" -parentBuildID 20221007134813 -prefsHandle 1624 -prefMapHandle 1596 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6625f4-95c7-43fc-96a1-8d83f851a8a1} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 1804 28463bd8258 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.1.1277226179\1367674367" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25aadb45-2f48-4a23-ac34-d9060dffb938} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 2224 284517e0258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1988 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.2.702326905\1492669230" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2724 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d597420f-ff58-420f-a105-0196617d5141} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 2720 28463b5e258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.3.1369187271\286873046" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34d63de2-7672-4ff1-b0ac-2118868142c0} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 3608 28451762b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3928 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1812,i,10600364692717454533,12810570906785866872,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1812,i,10600364692717454533,12810570906785866872,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4112 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1856,i,6868379746352672774,259848883671360505,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1856,i,6868379746352672774,259848883671360505,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4072 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2904 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.4.785896976\1758784695" -childID 3 -isForBrowser -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb8d7b33-7e4d-459e-911c-63afa4f32457} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 4360 28451730558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.5.1842142993\525522287" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5e6ac53-d1fe-4c5f-a3bb-5fb04c20e19b} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 4816 2846a3a5758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.6.1153708671\551879113" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5232 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85cdcb5e-23d2-4632-a86f-56cb480538d2} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 4364 2846aec4658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.8.257882434\712495132" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {951788b1-c008-4619-a293-43c4e1df0ff9} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 5560 2846aec3758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.7.274895624\202867153" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c64bc78-7a92-4861-969d-863bdca3b839} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 5364 2846aec3158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.9.1452206034\1324857437" -parentBuildID 20221007134813 -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee6bb19-9788-4b2c-8bc5-a25f3f495809} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 5876 2846ac79758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.10.552362599\756371188" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5892 -prefMapHandle 5904 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {527ee053-cd6b-48a9-8cf9-410f51434b5a} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 5964 2846ac7bb58 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5284.11.1330528971\2080325609" -childID 8 -isForBrowser -prefsHandle 6348 -prefMapHandle 6312 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {072cf67c-e84a-419d-8b31-06900e6c3097} 5284 "\\.\pipe\gecko-crash-server-pipe.5284" 6356 2846ae6e158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1628,i,18108350031681336662,15683264500152245804,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
US 8.8.8.8:53 udp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 105.84.251.142.in-addr.arpa udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-ab5sznzd.googlevideo.com udp
US 74.125.174.102:443 rr1---sn-ab5sznzd.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-ab5sznzd.googlevideo.com udp
US 74.125.174.102:443 rr1.sn-ab5sznzd.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-ab5sznzd.googlevideo.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 8.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-ab5sznzd.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 74.125.174.102:443 rr1---sn-ab5sznzd.googlevideo.com tcp
US 74.125.174.102:443 rr1---sn-ab5sznzd.googlevideo.com tcp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net tcp
US 74.125.174.102:443 rr1---sn-ab5sznzd.googlevideo.com tcp
US 74.125.174.102:443 rr1---sn-ab5sznzd.googlevideo.com tcp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net udp
US 8.8.8.8:53 102.174.125.74.in-addr.arpa udp
US 8.8.8.8:53 15.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-ams2-1.xx.fbcdn.net udp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net tcp
NL 157.240.247.8:443 scontent-ams2-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-ams4-1.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent-ams4-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 172.217.16.227:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51097 tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c6.gcp.gvt2.com udp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
US 8.8.8.8:53 7.91.93.34.in-addr.arpa udp
N/A 127.0.0.1:51114 tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.204.78:443 google.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp

Files

memory/3304-0-0x000001970CA20000-0x000001970CA30000-memory.dmp

memory/3304-16-0x000001970D240000-0x000001970D250000-memory.dmp

memory/3304-35-0x0000019712190000-0x0000019712192000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 bbe6d2f1bbaf8cfe1ec47504a3b99769
SHA1 d9e983fcf46920e555d6236403aff144b3183c6e
SHA256 eaf150b628858bceb0a6c63c30b27b50afdadf8fc872626991c89b1863f5910a
SHA512 e8bd3a63cdcc6ee77b9b000a960e7c6134d68af828aca4884dd306999f084aaaa4313226741428f3928d4dc7ae684ff942cc666233f334a40851c5a5ed90d6ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 d52a12c5cf13b9b08c08e4a77282af41
SHA1 8c8d3351f24eb9d46143a9da6978d6e9f146fead
SHA256 71b0f0bd93706eff9ce52a3d09b79be36c13389705aa66f5d4e4bc685da0128f
SHA512 f8381e1ef2d2644ccd9bc07534d0d9566cc7835fb2154fbcb23cc47d3e46a67462f08c23e40fd753835b086b472eb098db1b97f9131200ea31b9f1e9967ec004

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cf7c39c642fe92ca4ec669b9e8ff3fec
SHA1 76413213c3f47df40edf753b6a3d0f6cbe0c6952
SHA256 41b1a0794d5e5a4e347c14679008df772ba82fd081f41c978d3ceec5609ddbf8
SHA512 e65ec70b24de0f284da43aa40f8c6511ea3765f6e3460c764de3dbc7a987d26072b81063d70b7276e3e6c542dbe9570edf3a36419d98e50e859b32ea1896e6cf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2e582fec2f279af3ddcbcfd0631289c7
SHA1 f0c5af75d30f9b47c8b7d3403689a98429c4e2eb
SHA256 c700828b081f60fc1dd6ea1f67d065db97a4df58daf714de7cb4a2f8c5dde935
SHA512 e8a1023f9122bbc6a8bb3f1630de95a35872e4b7d10b654805c21a45bb1f6b297cf44fb8a44c145b981ed6f4bbd7d8db172f07b3c051c763776e648c8d44de80

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6fbf419af097537a25e6a451cce6a2ab
SHA1 ab3f9e33d4d09afb446651684101279e85ac14af
SHA256 956bd2526198901b9c10243bb7fddd45f7da05e3d626cdb4efa83dcec84b0f02
SHA512 66434ffd29715eb66dff89b663f149e92a97dafaa3f8bad686f5aa68a40e331f5b70fffb23a7d89ce3457078834174b462d7f325415caac9fbf1f1c84392fa7a

memory/956-142-0x000001F9F44D0000-0x000001F9F44F0000-memory.dmp

memory/956-156-0x000001F9F3B50000-0x000001F9F3B70000-memory.dmp

memory/1072-180-0x000002C3DB190000-0x000002C3DB290000-memory.dmp

memory/1072-178-0x000002C3DABD0000-0x000002C3DABF0000-memory.dmp

memory/4024-237-0x000001B197880000-0x000001B1978A0000-memory.dmp

memory/4024-240-0x000001B197E00000-0x000001B197F00000-memory.dmp

memory/1072-280-0x000002C3DBCC0000-0x000002C3DBCC2000-memory.dmp

memory/1072-283-0x000002C3DAF10000-0x000002C3DAF12000-memory.dmp

memory/1072-288-0x000002C3DAEB0000-0x000002C3DAEB2000-memory.dmp

memory/1072-291-0x000002C3DAF20000-0x000002C3DAF22000-memory.dmp

memory/1072-298-0x000002C3DAF80000-0x000002C3DAF82000-memory.dmp

memory/1072-308-0x000002C3DBD70000-0x000002C3DBD72000-memory.dmp

memory/1072-312-0x000002C3DBDD0000-0x000002C3DBDD2000-memory.dmp

memory/1072-296-0x000002C3DAF60000-0x000002C3DAF62000-memory.dmp

memory/1072-294-0x000002C3DAF40000-0x000002C3DAF42000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 f4cf041f3c6357384617470c5121eb05
SHA1 0537499bb96530ba91c79aa8fe8c757b99bbe409
SHA256 90389045071c53c6311ea8f6c6aaf3809660e5a2d689c32c68595edf14f61139
SHA512 16e8fb7d673a963db9d9efe6db8a4f5694fd74ae98cbdb175e85ac3f9133b4c4fdb64cd02e0b74fbe2371bc7866cd43f1dd22cc754e4f0e1b9021bfc98beb6ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 6308515e9500aa8d5423ce710c111b9c
SHA1 0f6afb57e9f606dd3c8836e7bc0d69f70caf2c96
SHA256 4b300b911207300065dddbbb8785a446803795abc3fc2a5d2b919ce4a8be55b6
SHA512 3566e55652285a18a8a192b3f400ff3fd0725fc2468ace28b3ace89e72a5789b00ead70ee7917e23474420e95d3eca3e1ad6ed49e2ae331992a9e21ceb17ddcc

memory/1072-396-0x000002C3E07A0000-0x000002C3E07C0000-memory.dmp

memory/1072-399-0x000002C3E07A0000-0x000002C3E07C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 73aaeae1d13ae9cb110fd24080d01056
SHA1 c6f5700e32c572642f2690d4e83752039d73ac5a
SHA256 e97ad898646476eb91723c65ac649d8ef0ddb6a535da820540291a0b6422426e
SHA512 3a637629c92175ee9f41375ff47d4f30ee98a3d1bce84fd297cef9064acf664127b97fa65f72cc071d4d559d30a7679b23a93a1c1cc0cfe98ceaa5dc3737b5e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 8a9febce6956635e8e57417e8d6a57bc
SHA1 0b35fb18b713b949365946a0245949db1c2b9ec4
SHA256 2a421908a3d46f6086dc8c916d096dd7a3947cb72f854fdc67cf3b1fedfe4ce6
SHA512 5ad853fc2c384f946144e0517d479b6c805121e9cf8754d27180159d937774b9ce403fdf7343613df714c3b45cb782869381f1057f57efaa957baeaff36bd4aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SN5UX0UJ\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4024-519-0x000001B298A80000-0x000001B298A82000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8e3d5bdae7800379254152ff797fddf2
SHA1 36723884f28ffb2109bb4f3cc36a10e830baac3f
SHA256 99f9931a569d6b4f96e01041987f0c0546ffa1c17ada58b2cb5233ec815bdbe4
SHA512 ad928d69590cbdf7e5d5024cab2a4ef976a2cbf7fbad19ca8f8e859a324a40b5843722f973eb0e72eb4293dce1d091edc35b89c103a91c5aae06da4b6facf7fd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bf32cd76d3adcb367443a43117f1cb8a
SHA1 ce777a782de76789eb90510d2823ca668a75e3e5
SHA256 3ce6174f9b4c71f6fc22034cd139301a6e814a160ae5d5c8f5698508f7dd68cb
SHA512 4dc391a665ff39d44654d558e2059acfcd72542b7a258a66190db2c2ee854e5df9740db67e49282720e26910d30204b4ddd955df70a8537e3247176ef1ee1894

memory/4024-560-0x000001B298C00000-0x000001B298C02000-memory.dmp

memory/4024-578-0x000001B197A60000-0x000001B197A62000-memory.dmp

memory/3304-580-0x00000197133F0000-0x00000197133F1000-memory.dmp

memory/3304-586-0x00000197139B0000-0x00000197139B1000-memory.dmp

memory/4980-572-0x0000018E79C20000-0x0000018E79C40000-memory.dmp

memory/1072-620-0x000002C3E2400000-0x000002C3E2500000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WR98RR1R\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 d6124f4af7fb6abb0c928746418959bb
SHA1 27ceaaf1bd5cb8a90997e272ac04f0147cb68f72
SHA256 759f85fcbd70f344a70797dd272f47d9f5233c53338949790882dee70c01737b
SHA512 cba35da06a8e1d927fea0e8df7d1c31544f9cb63d0b28af8d627f79b9f665edca34af814ae02fab9049c86f90531debdb945bb385f261390e7af1a5458d3d3a4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 aeaeec59350a548971f8d1636b471685
SHA1 4254a97ed9d7c7a25b4bc6fa7f49aee505f0ffc2
SHA256 73681f1e257b87074b7b08e6073dea1b0204ee7eab4db48a8555a1852758afd2
SHA512 352f59c14630b64c2e170f6b7b84d3d47bdf774addf5008e47458d942ff5208dcd73adcada33b938ccc9fedfd61f1f0f07355c178cc9a1aba13fac215cfca9a7

memory/1072-650-0x000002C3E2B00000-0x000002C3E2C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 63eb3598e35352dc8e6d264b264e6051
SHA1 9a447232c741ce4d175efcf255f8fdca800da9d7
SHA256 66bb0e79cf627fca171a5f7a7c86d3c8958643d57f3605d5518014f53334b1ef
SHA512 cee9137972fa9535c42d0433e60f753457d8d2a8be668a4ef90b0970064c52e08effbb26d7657c5015b8cff9db1759713c07601149a09daeed58fd112203c3fb

memory/4980-686-0x0000018E7B600000-0x0000018E7B700000-memory.dmp

memory/4980-706-0x0000018E79200000-0x0000018E79202000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R1IIBDW8\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ax598fw\imagestore.dat

MD5 2deff1f64fb1fcaa27e8e7216601c0d8
SHA1 866c1a3e487a017ad4bda84caedade9740eb751f
SHA256 f58e8ccc19e5b741feda699f3c9363b944ecd7d40b68bbb402405dd70f1b9bf3
SHA512 650ae7769e712154b280fe74d602dfcb3df38636fb79a6678d72ad515ae6781995a66b7f60b8b8737f4c3244a8da72a22b2aa4a9b5ad51b4b10b93045fb9ac3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4G2BIJ0B\favicon[2].ico

MD5 908d5fe7f5757032129adbf661a1a192
SHA1 e4c9c7aa08be3b888ff5c2ca5fcc3e0631a404ab
SHA256 ae5410a75e5b81db1d3a8755fca0b5e9993ed886842201dfd40b4963baab2599
SHA512 a01a2958c53af88f7523bfc57d5e38f9e7611f6eaf9263512e3a7e897b4f0fb1c5df32e959b805803832f3a6027520b404c0f4048d3c140b9bcc9dc65ef192ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\61V1YNJ5\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4M1M8MD\network[1].js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4M1M8MD\desktop_polymer[1].js

MD5 c36bccdae8c01dcc0469e623ec5d6e84
SHA1 6b1998aee5651532a19c7feb3894286619e2a5da
SHA256 81bedd7a39d55cd4b2593ad781615429ce0b5849f69207a820442a5d67ec0804
SHA512 3930ce3022c888defda3c4ed726dbb12e62731470e92a65cbac62a4a9c5c03f5ef801c392e32db80d63439a3ee1297ad7e8cf47426b72f10bff646de964e5d47

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\61V1YNJ5\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 b1add40dbb90d19394fcefa39a650455
SHA1 8f4805ed5e9e06ec62002db336ca3003d319134f
SHA256 0b587f06d466386e1c9588efdf7aa495241b871e0b64a1044874d3733f9632f3
SHA512 1d5cbff7795832ed4274bc4a5af4b52b423b6a7d28ae8b47f040f0f78dc50f01f5d7ff7eb454003468176a25228d5fb69bc1b246b984577a8c14e6b8e887a224

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\61V1YNJ5\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\61V1YNJ5\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 9a465ca8426f425e92da2cf55be11670
SHA1 9e445ef0175214fd1f110330efd87730fde6a1bb
SHA256 2ec9dca7f9c8cbbd1223fae894c138f92b60fb8e84c74894d73555df8e480fb8
SHA512 b77666f520880fdcf3aa043bb0fd92eaca5f75dc39a6f7e451104cf8822d8d668134d1f35b2dbfadd2fb6057b295e833e38a240f669117c933e4a019cde8df14

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 7ae7c22a0bb3bdf632866e915673e1f8
SHA1 d9dbc916192c1fb8f8fc0801a3e47606e7ac5260
SHA256 28fab34b3e21b497bf96017f79520fc2eb16be643b1a4f4d0733daac098c71da
SHA512 1d0f1d37ca5b810e1b078b28e7b2d47e4ddc4fcac3ebc5deca12d841305840814e893cf91a73c534b5fa8c51d48035e106d944752a1df5c91621ed6ed2414ddd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBOAJGY7\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4M1M8MD\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBOAJGY7\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\61V1YNJ5\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBOAJGY7\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5RFG5WJA\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5RFG5WJA\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b74001b1e403f8b746fd1a26e1ec29d8
SHA1 681095d1d455bd73c9c2ef124d522f8b48a42983
SHA256 aac08ed92a096ec770c2ce1c48211ae9d3f944484e03d51681d7942c047e89bc
SHA512 f6934dbf9c49713901837a866c92b99a2aa9668790ead31d4c474673068a0ed5bc1080ed5154c37bcf8cd661a3a7fba804793d20f40f10c83da2efdbac6bb3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 438eae2681f1348078b057951b646c1b
SHA1 a279806dcd4374545bb7217f7ae2fe3e15211fbc
SHA256 5659837ae3c189ec9500b6b247c2aa561d4afb495c80e9c8ad031097ac573e65
SHA512 15e6df73432b184a278622dd6d48f3740bd89a6943ed9d03c67857360f2ec4dc4cb9efe61e15d9513bf410550d157715c78b465c6ec1e35a5d68baacb01fcf0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 619fdc2328e67deac8ca4d5b0df16a47
SHA1 a08cb7b2e88d5bc190b19dc013170fe0ef63f3d5
SHA256 2b55020d6debd870ce1246fa2fa07a80a5043e0b52d0ba303a2b6f9b0b21eced
SHA512 d6f50fae37635b5c012e0d56489615d15bf17c0805bff1fe7a0068a5e8e0009cf845fffa451d377f6e9bf2ca34b6b75bd0bf43b0c24807008b109a2d19dd5f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 57db42345255dfefeb2f79cfc2c8d29e
SHA1 e4b1e600f3bb319ce04b64439c6a20f3d67c403f
SHA256 e2e29c75aee1d336d42b835983dfc9c318cfd953a6e26460b3840d437915d667
SHA512 3bd0cb88c1196d6d574c1a74ec89a219d3a5093b43ef696e398ebc5eff25e18e20072650b404c8e2635278bb55a80e444994474d8c3309dfb9d6c389ee5f450f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aab6212cd8569eea4c3a0afef528d215
SHA1 cec7e802b501e2c01c4923647ad3130f26ae34c0
SHA256 f8e168d6aa4b71cb13d98a870209eb0529e9dc29dbf4149d5b2925f163cb7b5c
SHA512 169bc56925a7e1c25d53f9a328cec45f882c2a68bae459835d4ce1c801041062ec9dc0ec4c4c86796005464209c9735c6fdac6fcbb9ece44d41f45dd433d4fe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\db\data.safe.bin

MD5 ff85ece0fa754882a30957c8d4725808
SHA1 bdd28da63100a3c02d09a76b4f408d8f3a338ce1
SHA256 22a9a9a04aae36007fa24ac57d6f48cee82a9326363060e0db6ed43dda8d1ca5
SHA512 db876b0ac6f8d25515839a50f8a7d43acfd38ca018e0e7faf1b36d592aecbaff68c474949dcf01df8bc64559314e7e41161f24c6620f1bdea9d2b9647cd90ea0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\pending_pings\b5c6c644-25b1-4ff1-b237-521f7bbe4313

MD5 cb86e16e7dc175c6f115ab106dd658fb
SHA1 d68292be9ba7051b7ebd04384ae5f1f6791d977d
SHA256 e198929e75bf5938a30fc0286328ee71bb73ff09104d0047b650d6580b51a5a7
SHA512 fdc5389f873e2aa9323220107f960c1517bbce9e6770fb202f2690bd1f35dbf5cf1c2b3d97990038ad2acfbc1473f5d02a4931c8565a6e59e77abdd4b1e87ed6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\pending_pings\1c44524a-df99-4678-8f2a-0756c4b7aeec

MD5 c70f7bda74867654683fe0129350c9dd
SHA1 d2f22096493cd712cc4cc19a491e39c4d1788987
SHA256 e4b10b7667901335caf5001ded9c4e122b99ab60e339e53ff0cdda25976ae4d8
SHA512 5d6528dc9a04fd27a83ae094d9f35e5d27c63284547d5f3276e885ee8adaadd36712f8c6133d9dba82f17393b84ad5ef60a537d262a665d9dd0c7b66e9c9054a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs.js

MD5 0d62f13519da90fdc804809124c8c2b1
SHA1 a314d5a7949aa29619285603a77b9ba2025c9781
SHA256 f6724f946ca17888f61473e8304f1613ec936a13517d1714bd4603c499f1bea9
SHA512 0f6ed3813f5d4db51f1f718be25f9ee5d3e87e46593a5c175dcb18198e1ccdcd38dd0bcb1827eceb69e2f0354ca84af6b24f70ebe2ad5e303f1ff31440b0c993

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 c4c61346199349d1c4cdcc11663c06e1
SHA1 7410cd977c9e2b508f501987d9953edcc2c7ecba
SHA256 30c25d8cf83ab3858513963132c4370f96b0b9a8ab23e68c3b3d0e199e4bdd42
SHA512 5ece100beaf8e3bd0306cb3565b978ed2d19f06299663d5c567a78c78697df9fd487b1e4fe7088e6952d04dd7d8cde77e4563d759e9cb015c60fa02e8d1fedfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4580_715426592\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 c62bdecccdb947e8802c0ffbe6d32758
SHA1 160a58794899c2390a3110c704c7d5045128261b
SHA256 e39c995faf43859cc934006381bb9cfd1cd1f2bb8528a8d907ff3ddce75c486a
SHA512 e9104e73d10f739825183d8a3a836627f9610aa8307deb4ef07a5bfcf88a6fb561e859fe1f9aef0a279f387fcaf5c604b9a8c008848af0a7939fff5702a49035

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 03739fc0c90e992ba6cdcfb5c6a754dc
SHA1 7513134faf91fa66dee6a8d000210b2772b2c714
SHA256 094d668ea3da603a8da6744f1fc0052ec9f841a6e1359562bc2584f447c39076
SHA512 34128ea0b24a9a9ddaa10f7c8051a0f1e7469ba40267c8c4f222a5a756d3b2a710b26a760945645f65a3e7eb992e7d83987220d92e6b9b9e002babd16e5c4fd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 051132d60550814ba85be9300aa129e2
SHA1 849872e298dcceb75d5d6f0f18ce60f81fa230d0
SHA256 e438ae28b6b30dd13e7654da5c64a474bc9ffa1e3e757e05f2ff3b3fe8f97c16
SHA512 605c2911846e112940183f84fe1f1a349448c6d911e38c46c5d6eb59a16463d5e5d9915194f996f653d3418b8132461454ae93157c547ab8fb40e6361d90f591

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs.js

MD5 6908b529e1ba1241a849d7414cd3b347
SHA1 6b1e86e72eeb36afa42f7f340b867ea3039d0986
SHA256 9bcbc234b5cb82cad25614055f41bb922f40a44b9d4c4a3df6f13c8896955125
SHA512 28601666b216e8d39542dd93ea92b3745becf7f32fc51d2f18f20e75eb17e1c329d5b1a88a06db0072d9f055f7e8a1d793d3030f1826393613d3a178816b0919

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 948cbabf970665594a130477490b6124
SHA1 5d84524efced9242f044cb14e7f14530d9dacb27
SHA256 8a6ce0def0f0d1e4248446b81dd779a80780f6595b7decf376ac598e4870de41
SHA512 a1c34e947fd43f176705c139cd8175a97514f24dce1b4a0228dca6e3b1ec93a39376f3b588d052086c65bc068edb89522d4ecc9fbdb930ce95e8b1daef748c13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581bc0.TMP

MD5 dbe771c9bb6f8893ce53b9642cfb813f
SHA1 70444a2a32f259c2a6c1b0aba35586be79be65a3
SHA256 4cf68edfedbe941b449efd49d4d3808898afd0e6e3e4f9ca3def7cad1a202394
SHA512 32878f364ea493d5b4884bbc91ef8ce694a78b11e705259ebeff363926987f85d545504cd7452711a005e473277b4ffc878b0642836def3b94a884b367c5e0c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ebcbbc83c16eb448ca048e3fa760c07f
SHA1 f49a9d665aa329cf2e83b71a24990881e84223e1
SHA256 e754c50dad4b78343b4e7d5f72ffb7723070fead4abaf098cf147807a1f128ec
SHA512 6f979ce417d8490379ae3bc9fd08d38bf302a050b7c841175b98199faccf168d75b4a578047927578c4aab7ec3a32fe9d4b881ec8bcc6c4372765fb18b861ddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c9f8c6412f1a624abe6bd2fb7f4898f6
SHA1 20c0d7e8524e7aa4584b5a5b39b0c36892d5f70b
SHA256 163d93f48f1241f44763461bce8d493300aad9769615b5a9a6430654b32590c0
SHA512 4f954fec6780829f7189df4f76cc5d23ad3e9726448899bf4f8fe259094c31c3f226f3269c181352867a9a8bc7fd78420cb5d5467e28daddf017f0c8a32fd2fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad054b83d73a9a1f8631d8334b52006b
SHA1 744a4aadb8250e395b2d6425cb13de572b158e85
SHA256 68ff3d408ad7de165034700bb4246e18463cd85f0cc687c04380653b6be8dcbe
SHA512 ce12b7481c40d214adfb159b57061ef713e8e8c23c19cfb3f432e47001632dcf2f65bb3e9f6d5b488b48bbf3ba8fed22982950c31fe654c36239a22a8594619b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3MEJIBA7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c67a7eefa3437409d70c70a9d7886c93
SHA1 75e4140a97df6f616ca44735493e28e3a3f8a896
SHA256 9b72e66594c18410531f595ed5d4f6b1b698141fcc6835407c719d7d00adae3b
SHA512 7bdf34a3da44a94695686e982d90cc6aeb013f4a4c272a63fd7ce00a233e73a1c93d69c576e409361c0a9fc4323118ba2338a62366e79ce6d4791e018c712caf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\95AD6E56261A141CFC4756C51476B6ABB38F052C

MD5 317c08485215476b646595330f854ec5
SHA1 85e5e82eb01b4c1b7c8d810893046eeb742aeceb
SHA256 4533a028591349fa0904c9b82d17a3c4ac946ac01f198d6a64a00b4a25d9d7a1
SHA512 fae8829b71353ef9191c995eba2d4aa2e01bbf31c05357250a285f90351c69adcda64fa8923733fad4cd4acf7be6538c5d5a2c8c42e913f05566c6a175f7249b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\6E6A073EB75E328E983A569FF6D21FB1EE78DF8D

MD5 b86a8b9455b20ffa1655ca5254060566
SHA1 769efaa980fce7a53e5723621259e76b7edad5b7
SHA256 579e04485af1b6aa58e9132fc84c5a7ab8ffb895609a14a5a47135f496c7e20c
SHA512 0977fb463a52b12761bbede75ef7c04341d3c65627456f529f353f6d7416d6098687578427f9e7502628c9c0e9c76631deac147cd7982a37d50fb211ea18d8d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\storage\default\https+++www.youtube.com\cache\morgue\32\{28f173b7-c601-4656-853f-12e2b4c26d20}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\storage\default\https+++www.youtube.com\idb\876707654yCt7-%iCt7-%r4e3s8p7o.sqlite

MD5 1d90295bfa350f3c91da7124cc70f795
SHA1 7ee8dd579b871be7ee0a741f6507e753de639956
SHA256 f674a13caa062906fd32dfcedb59be402c78aa31e6ed23a43688fd03fee452f5
SHA512 de724c07d4ecdb5716da57df1562932782e45ca5eb9fd6a40a751a4b3f166dc1f104c72dec0ea221c6f495511d90c0a51a83dd4e0bb67fbb23aee090f8c35410

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 29057f8d8ee1c8b465a7bbe4dd172ffb
SHA1 aecd93f22e464f47a4f100725c47229978a77cb3
SHA256 c2d24821bc681be13f3054e6ac61d5665ea2caeea81e4aebe233dcc8a032844c
SHA512 d9b1d6095e52430fb43dd9ef793d0952715e98de490ee1c8c3846f95abd019a13f52035bca95ed09e17992e48660bf31c2dee326e7cb53428fe1d83dbafebf27

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 8f6169add3b0fd6429826f74299d8ce0
SHA1 583d6e6dd6ac862420162a81da849d3938206d2f
SHA256 aee0c5f364de5773bd38295b56dfad3fdb9301c7a9b24d0c779cc5846dc3c560
SHA512 74a94fb8900c426f7896dbd06ebb03dad5c8388c7662047eb2f249d6b842bd7d036b212e7e3f2a43193d099d70da33e85d144292502472141ebddafc94051628

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 a40bbc9585a1bb8e45394a4e7ca788c4
SHA1 7bde847009cd286ffbbceb6c0dfc3be23a9440b8
SHA256 ee42f6c8d49a9abb47419a45bff3b1620e662e329a2ed9664b54a39a86883b52
SHA512 1d1665da6d463fd4c7e408b80f7f2e31416785b9f310e6fe29e6d2c62f611a035075260b33b8bfa61f125e952110c358a828976bb3fb82345604ab118e98c5ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 6c26cdbf52f4a7829af38ab963293846
SHA1 7e1099493adffda85247f4bd1d1c34953e0833bc
SHA256 33d99f008185d2a61cf6f7d4b191b6506f8571f419f0b0751970a4a6b2b9d979
SHA512 eb816d7de3d315d9477a1517b2bdae7a065f427d03a507d6ab856816a8817eb871d1e5bf3632eeb9ba03b34d04c46e6c36a7a3ed11b5ee2d5b51face4186d8e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 45e895d6d30befb37ca976be9b14fbd4
SHA1 09379191c371c93ab441981d0a6c70f50872c2ea
SHA256 a17356ea7595999268599a4020cab24af9c0ff31feb1f756e2e3b8e034f12a80
SHA512 5c57cf35423c2483cfe3fedaf336442e0b631975474bbd33d8183a06300342fd734ccf25fe5a57d8d12b811ec384b5ab0fbca38140f4e1cf1d7f463b9155ac9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51ce0130c09f9f0963de6886b9996d6f
SHA1 30e56ae38071a3f7e86798d15ac736934b399d3e
SHA256 3ab546cb94990a2e3adabc28933477c564e0053eaa0b83427e677004c6d87f99
SHA512 c6a03f26f6f4aaf9d699ea52e1f20a7b501c79ad28df65f10410a96b6616db26079289ef479090a5e096ce4855fcfee2de57159fc3785ef26397a1c814f41b57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 202bffbc2c9eaa4a8b77720ab0a3b71f
SHA1 3c29ea4caee3bacf4c096cd95e44c84366e75744
SHA256 84d9cf5075ed9aa08d6b8ba8dd6b98118619f2901c015ca97a2a75cca79934b1
SHA512 91b4f3ba044d32d24725447f2911e5b7716ff921f358c60214ab36fc24f426b035bec226eb4095cb117c37d152cc2d6339f3249c3f37a7bbdaa942a535f691b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586c23.TMP

MD5 0b4ed9eb99d11bb4b4b45fa4e1b68487
SHA1 739c4672717742453eb98e1c5dd05988920b8f45
SHA256 d9a8ea3abb7c92ce8e983cfba720bd9e4b3b180f778d6dcc5f28561e57f6df5e
SHA512 13341e830c2e87a4811530c04fc9dbf92717618f26ec7b1ea6b6e55c684488ade57bda3135ad3d42260d8cd0fd68fd9f4ed2e5698bf144ff19b668a7416dd3af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 b6fb0b52205d169af6988f61a7c25992
SHA1 310a37f5206f700936afe3f04a2204295bffcc89
SHA256 42fa1be26ae56079f1c05cae72ffbd76997a019f392492def9a31c600434ebd9
SHA512 5f9cc0dea7ea2a5278fbdd6407594d5284e028f332267ff72df0c4f246fd9b47d7cc9ae105734c877ec4b9c60c4619350602115fac8cb666ad875362880de352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40961434166db1ae561a09adabf36194
SHA1 679f7f774a67e6f7b1eba0cea565700c8fb8e554
SHA256 8615ba4f4c4e8cc97a53ebef6dc803bf24089b65e96eedd50ff419bb81f8cbae
SHA512 cb4d8e2a3ebcdeddfad39f52c6753a4109e962327b9eee69156c4bc6f40231e2c86754cdb155ba38fbc7fc4f4547336058710aeffec09c685816e766b260b622

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5HVFO6O4\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 0264025ccac6bb09a0709393e5a1a5a7
SHA1 bb816d4178206be857ece78b27ca956fd1a7c30d
SHA256 97ceb8958f779732f77d8af64975952b5cc1ea428fe652b64ba5b22a7d8b89cc
SHA512 1883c97e463fe6028d17bafbaadbe190ab9f5acfe08e3b527a470a0f51e022e1281d2c5ff741d438a5da5295c83087952cdb5369a3f46ba1377c2e5522938207

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 3920914a29a582e17ace00ca63bd5807
SHA1 e93c10cc3bd937a056edb95c2a44d3e7ce11d320
SHA256 30c997f4f3a1f4999e41d91537ef4e2bd7d2e5e09e737057b557ddea38c2a467
SHA512 828ce8f91891cd9c6b65e8433e06eed76ce607694d81bad0def70abdf6778b67c343c22f3de42bf52b12dd0465e7cf8c4fe189d2b41eac4c6ccc0840ea6b8330

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 c3332aa155b97378af29a9d6a6df1a4b
SHA1 33b41191923b5ca626e414139e8d13ee2441f4f1
SHA256 80049889409f6d14477b9391ad35ed34c16b6bbb1cccab0f0360ce6f0cb02c7e
SHA512 14af841a537601ad305690e5dce825d05b1a325eea89a6afc32ac31a0d6fe9451ab81af55f321d86bf6fec6997a34a2eab77e0a9543afac040c5df0150911a66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 29c7711f5c4e4c54507ecb96ed2e38bc
SHA1 6e87ba81dc8a01d27fd731d9057775225d0eac93
SHA256 5509216a088282549feef10738f8090c9b7b7d515e5af0477c60b3fb08e2e911
SHA512 ff556dc54adce827dfdb23d1c88c5ffd67d913ebcc20489c6b634bc1336795e5a0330abfbce74b6737ad5c45576a3ed8c1a3dd127663ee54dc8722ed90b867c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 141ee1a00b765e42983f3110f196a2e9
SHA1 1ce09f3bf7990ca5c585b14e695fca0190eed5be
SHA256 dc970142a4b48d95089d38658579247bf84a54890319ee83d8b0bb2bc2f535c0
SHA512 b3205699dc422afd5989a42a44f1696e0325f73302e8956cb369363a4c149f01c83e84d990b455438b5dbc59a5820756099161ca8b612e894b829f19ce9c8c2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5023d3f436780a95b54cd3d98274d7f1
SHA1 122e2e92c7fbadbfbb875c1e2902b2de65eeae40
SHA256 469f9c774f8da453445a584db8541cebea07434a9357299b1f873436e5c203fe
SHA512 e49308252485cd29fec3f5b2650707d1484eac8885677ecba49a8b3974f41f6d2743e29cfcea4bbeef1ce42919a78b1afa2a0f0d65ae285a79b8d00d778fb992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 05a0bd3d07356be4da5eefe939b6b7f6
SHA1 7ff15e2af46bd5dfda2bbd869ab2bea565783e23
SHA256 38ce8483fc9f511155d8db3455d733592891af2f2a7b9277abe44f8f7d3704d4
SHA512 c4893010134e320d0df442732ec2ad763db62e33c34c12576ecad75c1606ed066eefbba02e1cf4b64778df9eb935756ae70d8c6db0a03519b42cdaf9b31d56eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e794cc7fc0b4ac656ab2514d35d8ae1
SHA1 93193fd1beabff34ec39ea1ee891423754ea8bff
SHA256 a3639a00534843793548215cc887647201028247574943686b97d0b17e9e4c1b
SHA512 980e4b12432e49a6da501bea3ab67bd164aefd8a472733ada4b5aa7e14eeb9fd71e39120bc4b6509378bbfeb28659ae252d1174505267825450bf8bf63f9b69e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e835a4d4fab1f193d709168420d02fee
SHA1 28b16911adaaa92848a14cd674a72d43d2e39613
SHA256 118b1b637194f45814330f9cc062af85312cf614092791bfc7d87a3ea2b8305c
SHA512 29a11419b8ff87734d0485adf3cd77b681b31d3dd07a23043c7bae6fb9be181d82b57fffb73caa858c14818c989dce416fa38a2c6c6d67db23f2b12464d6e54d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 96bd3f4b2a09cd459daba82759e462ac
SHA1 ee255c354157090ae24f3273ab109a1ecbd68bda
SHA256 0d1018aecdd07f8426dfad867c74fcb6275b3b2980b3b5898c6b8946fef6bf52
SHA512 bc99c83f24a6278eb45407377dec9bc6a08981def57056a682486f094c25579de259f7a1843833448cc5e39efdb2be0d1c36d83bfba935de70b2311c34de051f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b2be598d8f30827dd7a68f8604d585e
SHA1 f32d0c818bd91576f95072f25417ec4e81c9f245
SHA256 252451f149686d28d572c35dfb9468f4713f0fe41b61bb6f4edbdbd3fedfdbef
SHA512 5b4cada0a9babd66000a2bbca27408af26e0bbf4aa79de0ff221c49c912370bb0fc9ce41ba92f13ca8628458e65d059a355d9b94172206ba7be81b38655bfe60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d05637ccf728e2f28e10478faa307565
SHA1 5da2c2c10d5bc60c7bc8cf1be00d0b5aefdd0222
SHA256 1c8190fd6d196290321186a4c1763fc22fac3f6732dbc134ad5f0f5e40bd1015
SHA512 4aa0e7a31c41be817ff9f62a0b2184e2c5e6fd4fd23003e4cdf10772b809ba539a3799a6ba6ecbe0c7597c4cba1bfcad56c095199748049516449675d39e26a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bc0895a213f3722e776521e80893b929
SHA1 546b0f987ed9405a6242bdee5bd118f6a680d225
SHA256 464d132a0f1af21ed23294a0050f0dc058a8e0b3de386d09fac821b52f9e098b
SHA512 cbb8feb6e17746152c36447d7dba0b9dc0d1f1b80f9f5dee9b3803b445c39b4d4e0944271f96e7f5043a2f72a8844a71426235715b6939b2732a289f18cd5990

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 289fd56b8345974dcd495d5206f13143
SHA1 6b59b3e769cb03a2ba5d2d41f458e283b3c93d56
SHA256 f2e46533ccfacc9162c6e068675280c9703b0bf09ee3681a0b7862243f51c1e4
SHA512 0927e15ec5cd5a45c9ca796202b557da533105161611b7189bfb64210e92c13ab2ef202a4bb39e6210cdd461ca056fc8cb71aca2de37b39266910a833f130998

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d74242ff86a8d8360186440868bab6b5
SHA1 6e28eb07c92a40f6cb55a6de5258211e88cbc912
SHA256 3e9b55ab8d44205cbf1fb5a68006bc56e8a9b5c769993588ed418b52f39448f3
SHA512 61bad247eedbbe248aeaad318d1efa01d47b73dd5d6e29641e1012dce7af5fb956bbd041274840ce68d17146f561ca85ca6626198f5f57ca81a86d966f3f4d54