Malware Analysis Report

2024-11-16 15:46

Sample ID 240221-fh5daabg6y
Target 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
SHA256 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2

Threat Level: Known bad

The file 5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-21 04:53

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-21 04:53

Reported

2024-02-21 04:58

Platform

win7-20231215-en

Max time kernel

67s

Max time network

287s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9090b4f98164da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23E0EB71-D075-11EE-88E7-76B33C18F4CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23E5AE31-D075-11EE-88E7-76B33C18F4CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2312 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2312 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2312 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2312 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1680 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1500 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1500 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1500 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2168 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2168 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2168 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1680 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1680 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1984 wrote to memory of 2296 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1984 wrote to memory of 2296 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1984 wrote to memory of 2296 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5c89758,0x7fef5c89768,0x7fef5c89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5c89758,0x7fef5c89768,0x7fef5c89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5c89758,0x7fef5c89768,0x7fef5c89778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.0.1335461612\1423381134" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62a7e689-c390-4529-b94c-181e47fb2ac9} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1348 110d7258 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1260,i,4084277336914975286,479415468231660536,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2088 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.1.1648531\984724457" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bee4e78c-1d2d-4bf7-8e5a-456019ad9a7f} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1512 e72858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1260,i,4084277336914975286,479415468231660536,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2584 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1316,i,7461455057911414350,3422276838638082124,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2792 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1316,i,7461455057911414350,3422276838638082124,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.2.956258784\2033585090" -childID 1 -isForBrowser -prefsHandle 1852 -prefMapHandle 1848 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b665f79-a808-43b1-bee1-f0279c031032} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1824 1a191e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1356 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1424 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.3.1665892733\1931084775" -childID 2 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc51a575-7c6a-47f7-b946-2e2d844f3474} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2852 17dd2158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3724 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.6.1018978376\523409412" -childID 5 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {453f24af-89bb-430a-bdbd-5b64adb14eb7} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3968 1f6f5558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.5.1414675777\1699952842" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e948fce-431f-426f-b826-3d3a0494e3d9} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3804 1f471b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.4.1823214900\366257126" -childID 3 -isForBrowser -prefsHandle 1124 -prefMapHandle 3692 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b837f811-b716-4f11-8f86-66be1d7113a2} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3708 1f473358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.8.1511084233\680961112" -childID 7 -isForBrowser -prefsHandle 4296 -prefMapHandle 4300 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce870e7a-7341-4802-803c-57ffb464e664} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4288 204d3258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.7.906597753\1207584482" -childID 6 -isForBrowser -prefsHandle 3900 -prefMapHandle 4004 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {640d4e55-24fb-4f0e-a446-2cfa2c8c5c5e} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3816 204d0b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.9.2090492121\1810884701" -parentBuildID 20221007134813 -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {917ea6d9-f7e4-45ed-af03-71547807f48c} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4704 17d6c358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.10.581521274\170616060" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4816 -prefMapHandle 4812 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6f4009-004d-4907-bf0c-ebb950c1e3d7} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4828 1a123258 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.11.317342900\1355129429" -childID 8 -isForBrowser -prefsHandle 3048 -prefMapHandle 1776 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08dc9ff4-8208-4e72-b479-3f98ba56e291} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2968 1f767858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1344,i,16134917306306252734,16835504958453476992,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.239.198.133:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 108.177.96.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-hgn7rn7k.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-hgn7rn7k.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
N/A 127.0.0.1:50136 tcp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50198 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 108.177.96.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 108.177.96.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 108.177.96.84:443 accounts.google.com udp
GB 216.58.204.78:443 google.com udp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
NL 108.177.96.84:443 accounts.google.com tcp

Files

memory/1680-0-0x0000000002580000-0x0000000002581000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23E34CD1-D075-11EE-88E7-76B33C18F4CF}.dat

MD5 d69bb7167cd1344f43966501a67b1dfc
SHA1 6539b2b0bf694c6234d45b9de4e70b2ac2f09d29
SHA256 e826c50762364283eea1c23f16e3786faa4d04ce1fe6859a78b34c3da5db21c1
SHA512 428ad34c9f1478b4fdefb5a6e4cfe65e6f6c88352f20b35e3d77530b67d351090ead6d322effe850a5c058cef4e7022b6f96cd4bcb7568e87e3b06ed04315454

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23E0EB71-D075-11EE-88E7-76B33C18F4CF}.dat

MD5 0ebe0cb7cc083b2d39804f195f8adc1d
SHA1 76a660d48b751a211ccfa8520cd13b473e466d8b
SHA256 52b0547cdf429a7efcd7828d78081d7d7247086a240afcde4c45b25caa843eed
SHA512 1b22e527116f87e1c16ab64a3af25661414abe4201ee706f7004313cd3e807f0a7354383ac1bad9121396defe6aabc40e930d9197a7e1648fe1751ee0c78dcd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23E5D541-D075-11EE-88E7-76B33C18F4CF}.dat

MD5 c0476a9c247c133dbda75474a9180dd9
SHA1 fe84ef4a12133f19a7a528840f4369d0dacdb2de
SHA256 49a1ac35cf63671c878415ca1179c6f14bc0fb05ef1b895787c8c9977f84ab63
SHA512 ce3867d2cad8880c2c1560ccee9d5490955e907681783f24d7637e015187cfe49ae3f997d4b8de57acdb3fe16c89b3e8dd1587f9fd5ff40b526eea65fb6e8c33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23E34CD1-D075-11EE-88E7-76B33C18F4CF}.dat

MD5 8e09e9f58faa303e9f84c2b0e2b3bf5a
SHA1 3b00679c1be9f6d5cb2872f07db07852d86a8fd6
SHA256 7c6200489c3c6397f3f86247706dfee7c8034dc3d67420aa8ba7ab969e3dc3c8
SHA512 bedc70fcfa5bbb8d7a340cbdc019acd93817360caff83f3db851be97bc8d807f08d1064915c4f971206ee4709acd519ff12f949a92282ff540f2b94100788180

C:\Users\Admin\AppData\Local\Temp\Cab1CF3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2a59f12f1d55d152ef9131dcb0aa33d
SHA1 450aa17e3e940a4c4e689c1139ab18bb94d26143
SHA256 75eeb5770339133f89e7c0a9e7c4def5fd2f4734081364b497c602d5ef68ae27
SHA512 dc94d57382f8e0aa74442461c6f4912f80a9899e57a7a32024ef653ecaa19e94cc4c561dc0419f4eae576c92c9b463c8c2c82dcb4ba0575264aa9ff2f3867b0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 959e538521e7b8ed167a11c81850ea23
SHA1 71e2fd9af7cc0b2da303778189c6e1ac7ed0acfd
SHA256 be5e49321a83292427e10c5bf9df0b12e01fd2454fe341b3cd90b1966170f08b
SHA512 a59d9a9df4a0e9be6effd94a094a25219050ecd9585377d0e7ff0acfd28e9228637b538f6fb4a94f01a95fe00f7c380e8f0fc899e9877b7877574f7985ae5b0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0fecb652b34797178422a878c9e599ea
SHA1 522061b9578284644ca8d2e0903c23c6fd7e9b09
SHA256 4bc950fbad611d7bc3a88d7457550b1d6a3b2d3dae181416b35be0435e8b3474
SHA512 4e822c4e040efb1e7df35974aeb3151ea273dcd54f3a978c74ed36c68a5ff2ae4d116407da7658a3e24f51814d98bae1e389707e1d764d173b1d95460326dd03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8bcd4c1eca0436b1367e87a97251e60f
SHA1 171a92c34c086ad56fa42dea6d5ada860a210134
SHA256 0132c96f828464d1ead78ddee20d88d1594132ef692c65ab5dc186b4c6d9a3a7
SHA512 4e94a245a942c59f00cc7d99369e6a92fcdc86b01a9afb01249b38ef583d58b7096783217f5c5da66af64f5b10db1032ecba79c6c74d2be61ffb26192bd222e1

C:\Users\Admin\AppData\Local\Temp\Tar1D05.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c803ab8834341b092ba72d8c7241668
SHA1 cf7d27bc9209f8ffa0dc4f35382bd9bc03262666
SHA256 1b228d8bddf68492d20c3cfebb282acb8062649a88fcc024bf409321c9aaa458
SHA512 07da238b10b6076dda97e2f55665e498d8f03531dbf41bdce844133fa466a45df3df3e78ae57218768cf8c6b756b3c776e03fb26463064820412e51fa9d80e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21c3d32b26afb21c1badc5352856e04b
SHA1 0fb415d7cb5e8755426e57683391e1045872c445
SHA256 025b351c04f3877c2938f3d80e585bc95aa10f1bc48b7af4c2d286448b52e1c6
SHA512 d6be879e561c2a1f8f1f4b86cd024eff1db32ef35e798dd5ccf010ee5eade32967a446fb66a3bde6acdace1f29613805e1583a65d2916a059bf7b4ba06ea1aa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 aba4ee7cd071486dba80f45f3c762bd3
SHA1 fafa5e04058bf558a9ecb678670fb593d57fd73d
SHA256 288ab18301ee463d2f6c3e9ab765cd3f54ffa8ed65698da9b975f96dad66a2be
SHA512 3aba64353df569b4d85ffd26e5b635ea14b49bfbfb1811e23f4bdb710d715d51e4c407508a28efb395cbc3df9e60c36e7767bb496088663bdff0b27bf4c96a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 9539ca3f10cfcfc3589ca20ec2dd1c20
SHA1 f8301337dd2cf0cac81369d83efcf83e5914089a
SHA256 033b0269c4ee67c367243d462f2ad63f9e2ea0fbd80859302afb5164846d88cf
SHA512 eb0238b9677dbad0f8cb2916a859f9a9e44085aa551c17a508374bfc461b751675680f3e3d2195dd2f0a89c33d13feb3ec3a342ff39f56c40e561ef293b5ecab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 c69273dbd426bd69d1f7d95a3f3438f4
SHA1 4b7cc09deed03b775cb39a95dd2a18829ce55ab9
SHA256 35a4c620647568669677cef5841133975838ba227070bb4ca056ba0d707ebc7a
SHA512 3445e8544d0a495a79ec9251780e09e2513eb0d9bda88a41777787b0261684121d8c91e2cf3ed990b5e0b1c344614f17f4eb0b6f9805e4939063de0b0f7fc805

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 7096bdb6a93a005520a5b6f2362c8fb7
SHA1 b376810f70c62fd523324c9e455de83ec1c330f0
SHA256 fb909c064d34c011e30cc8964a8dd10fcd72d2c236d929b229681eca2696148f
SHA512 9f7c9bc3e909d48732b7790465fb1721b78317d516c94ce564fadba9039132a9a098184ba7e53ca8a9b6c6e3cd6838ce3d2d073f8769c9cb9fff7ab18a55d9d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NJ576W4F\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YR76LW7D.txt

MD5 7bb04764ff4b362dab143f0ea58b5276
SHA1 1897fd368775d00d9ac3fdc4ac583d94f3672221
SHA256 1dbb84dc45eac52e2804d696425e01130f8c0600a30f70728169e9e2b51a1115
SHA512 6565aa53de7a13c245ac6d306cbb446c4812954bd02898afafdab7ce3b36688ff6dec099f98696653ff9621c702bd9507830277fc0764196f160d608e34bce48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 dbd14c8822d42ac0af82a891d794a159
SHA1 008bfb1ea1dddda2b7e89386afc41003d470ebc1
SHA256 e21cf70f09a6d42a1d17a4283ee61767ac4bdcf5695c7fc3a1481875d27d05e4
SHA512 a50523b0c409d12e304c9b345c96d16f4ce8196c2f7ce8fc3d2488a24c76ce56dff3607567c370b4c46ade8d5f6476bcc5e0ca6725988b4efeee260d5dc2e975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 6ead294ea585e46ef333a5e368f83392
SHA1 8053b1564c404dad18d07db916cca50db8ace9b4
SHA256 9dc45e3c3ac53ecb2d9f1f58c9c432553093a282896a7935d44f7b8115e54be9
SHA512 acf872eb26a61b97be89c03a81d36acd3f1d9ade6f6ec96cb22f99a4a617540bd0fd91c9e8709f98b10a7dcd5316f9b90d569e71720bb6acf3038530b104e7d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 2676eb7b0afa1c17d5aca4f6275f46cd
SHA1 3a51b2a97095234b6996103619978c65645c8cda
SHA256 036c81037bd7bc57a23d85b6eb4dfde64da4afff989681c7ccbb93358e9adb0b
SHA512 c17d1d5ac5f953952c9cd379125e201a92ccdfa27ca31a6c5afddd0c6a2e3e3703716657f6f3a197b4bc6afefc3104cb103787cb794914b32119148e98277fc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5de30871ac9ca3a40993063ddacaad1
SHA1 b6daf1a82566773cd8cf90d68b4f44fe3e6d7edb
SHA256 8ea702d328b424165819d857f54acb0f02c2cb2cfad04d997f1b081bb6d49452
SHA512 521cb5b0adcf14458cc4a6b4a14341b9709592c598a2b189b6a416e9af5b36455c9f3031ff8975e50e556e379656754fa814758fa96ac9e4af2aa273dc4183ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76369ab43e53a0c39cee8eaedd1e4d11
SHA1 606d83cf3688fa71fcae51bfaedd22651a1f3d81
SHA256 0d9a9909d330eea9744319555f90123c466652fd186495c44328eeb1b71f7da4
SHA512 d654281c063d7ceb6b7cfc6b5d0b6b0d03982b3fbb1e788a8e031cd22d81cdbdc396e046aea61841a7c92217a31ee1039c6d6c5b900f75bd953c3eb0b7a877b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2dbb968ffca331cb3ee74da925e0dcc
SHA1 ff0d4e9ba2ee93d2f1fe61d808fff709fcc021fa
SHA256 3d9e157f3bf83bbe80bb5e0ebe7acc191e8a4f09a234ed5456025f794d081ff5
SHA512 06cb238088d11d8e20dfaf2861a05c6c7d38882c0594756cf1a0ec392d5fe5769cb0694a7337c6306d1428d02e164287ab55296d44c03c87900776cd360d28d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef4bbc738c9c399eef56c483566bb392
SHA1 becccd87152b56462c4589ae42be206fdfe78af7
SHA256 0aa9b97d5f78a14f66faa94b0cada97b74b03eb0aa16dc2b57921aad355af1a3
SHA512 6fce4e5717a75fc54b9e54b0f621dc3db29fb59f9a810f3034d8121550f17748d15e3db547caa0bd5f0e406e9667f872c323af7b161c2e04fe80d6cb7b6c3ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a34d1601ccffc637bdba27aef8bdeab
SHA1 c1d385f81a269305517d81c09df7466211130a47
SHA256 b5f2c852a6ec42334480136b26ac175a0ab4e8cbca039e41872e0d8b4a946abc
SHA512 88005a1547af4cf595483afc27d8898bc026786c425457144ad434d74e19436433f25a923d7bc80ad835fd0b70e07de46b0a10043cb0f07b2201b6a45127478a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee853b0643156cd5dc042cc075854055
SHA1 0341ac9a8c783d63eee450dbebc5210ef72ac08e
SHA256 7b8f581e315f19470780a206401dc8e190b1afc315f5a356e9c79922d5b395b4
SHA512 6052f0aed98b79beece0810012e785a3917445ce7600d80e1658a15437599a39e73b3e3600a99eb9388274610faac1747000ef2b95a5bfbe33629dd85cf70cf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f8da437a6f8b12c383916a1a4c15fcb
SHA1 d47b92858a10e601a52e007392c12f2ccd6a4669
SHA256 4b87ab110da0975f2cf72f76a2beac7ac677959a3074add2b3709330e0419e85
SHA512 72a3f484c2116477255c93313fb770b8fa62fd02430d1322a177ef6f8aa6066b189203551fbd0f04d6c28c19f95179073442ffe0c3e0e4a0af0ef9ec309df419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83573f39e925e0f7382b14df6493371c
SHA1 68b35b77256988931cf75652f33c7d08b6cd078c
SHA256 c51f494aab7f73c2c52b0329377884202eb91893c5c522cb789a334d0921e0c7
SHA512 0754496f5435d2d53e78ac9cfd9466131c3366b81d32ece195fc7d0ec12ae965d55db2c9e73d85ca1b70c23d519749803e8164727c7fb59c39fa546b3da928cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 150d6b8e8bfe1d1f5511cc176bd2b0e4
SHA1 2a62aee623914ad711f341c7d69edf8cd77c2ee8
SHA256 2e503660722da21b9789febb0da4552cef64d1657c3bd24b34a102f063fe1b62
SHA512 8eec680ae47faee36b43fda8964eed67af80bab2df7409c4c81eacd4a67744512ebf96fb46687bdda114f267c0b3ba6502ea2ffdcb35fcace9a8b3795f891e77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 668267449d12be1248a8ae3bac9c8945
SHA1 98aaf1b1397c3ae4ba2cf19c60bae574fefee5dc
SHA256 b8e535ff99e301f89631954130c69e775497dd893e7f7006b7a3ac44ecec985d
SHA512 144864eb28aa5993a98d8130c4890002b6905033720cdd51479ea534e3e80baa869cdebe0c4e350eacff367c9ced5352241697db55c41323769bdb2288da7c72

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 1f819ec0a41e31e48a2c5810059c870f
SHA1 332cad07d9794f12d2dc255318ca6cb499ac6984
SHA256 56fdd3f7f58e70c457ae553349f91f45f4929544cf1795f7b51584d657f7a2be
SHA512 b0a601cd79010cce1cd552043463188d13bd3edeb80abb7e0d6890e67d009413beddd842cf5ddcb4ca2faea60314d0bfcf7b92d5d372a7d22ef26b5aacd4dfae

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

memory/1680-833-0x0000000002580000-0x0000000002581000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1144_VSQBRNTYMEEFKBMS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf767fab.TMP

MD5 5780192d39e5ad77dea0925f67e76fc9
SHA1 237c3f42fc9178a38e2f490443dec0cd44d13ac0
SHA256 999a1b23d93c542d315d56d5fb51d12f8030e7662722c476033e1b6ff1f31f24
SHA512 ae3ce0b8109dcaeca06663c24529136f53e99fab7128ac9bd129ea846562c63f8f9027d548a4757a3be8e9c06eba2c346705c0bae6c950526904818fcea84ea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0a45a18c-83e5-4822-aceb-7cb56766e3bf.tmp

MD5 9b526c66157991080cededd53d15e4a0
SHA1 bd586c994fbea6a731765de323c2bc69f40f6b5f
SHA256 0fb6d74741e3691cc44f8d4563d9d7656c50ca9825953cf4275aab018da4ce3a
SHA512 2be0146dac6511ed4d6565e888296af079a554cccf9e14d58881697b4e0f0b4740409e786b0ba5d8dec73ab62c0876d50978d087d21243da14ecd2e713526cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 81082fd6e713b29bfba023ebff59329c
SHA1 8a2743a60f4bd5cbf829d0bb1c76c6cdee2d6d6f
SHA256 5b1c48f5d932a99a439e759ba2fdee0d11dcf3dc679f5b084ebfd0370e541e9a
SHA512 050135836f25eac6073c537b00b3194027b966f58700070d89e9203f0e4009e0ff6e161c30d3f2e1aebb7e0335189525f67795404500283324c847f6b1c8482f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 aaeab1efaffbfb983ad2a81d7f65a34b
SHA1 e9af2cf4357d03bc9088df5e82b1ab6fe5b0202b
SHA256 9587bbda18f56f5b59a8490eec61ddd8d36205d629fa771b9804b6cbc991b2b7
SHA512 e7c99fb5d58f3b04eba62f55a9552e9135c6312ef3e553892a8ca7408226d8a3f938eeb72766b05bf519a14b30f2dec1bfb96f0e7435dc981751c7263bf3b498

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 7d5bb12673d59f224332c526da6e1fb5
SHA1 7dc3e0a2b5bf23db1a644b2b4112b047e2ded6db
SHA256 16d7c066069313df1954aa4d28907b22c8ec7856a1cfd8260b5546369fa6ac22
SHA512 fc855af18879c7508bc3bc3a385b5b1eb5f608699be8ee034ea4b696dd9b6df41ff0eb7f3feb6ab4a9b33364178097118307c0a29ba54210790413b55bd85215

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 f290e860a722df5b7df79898d94207c8
SHA1 a2a9493a3a39de5d8c3aa715b2050c4d20bbd322
SHA256 2952d3bc6b6928a6297110fd527f4432e27285336699dc89e025bdb2d7dd359d
SHA512 2a91add4768234a8ec68d72e304ce1f80b2b0c3d28058daede366d361bca6ac0917a63878292079c997eb14f723385c17d3282548c0ae3a26c399ef6c6d91f6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_CF00176A6EBE9EE7FD3F5A98527C09C8

MD5 53f98fe8d189f5eadf97a5f616a7c8e6
SHA1 14b921500c6c45bbb737f42f0cdc80463562edd1
SHA256 7499b41034119a7b7ec595bec8f3792704a7722997b1a3558a6b960f9e4acd78
SHA512 fd7492fee5b909c4c910095d05e4d2eeffcfc6eb374a654e80904cc0db38ac8c589a18b3f7879a0064b78764200d6e591426e7035d9a99fd6e19f630eda4d36b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7916b4831b9b30f323d28e584a2f5072
SHA1 06111cde279c96c61400580910b9c98776fa40bc
SHA256 e260d1dcb0f1fbd849e957c9365318449b2586f2cb87852bdde808eadb05054a
SHA512 677b6d3e6be5adccfca163bbce8f07e236df864d4d54ce2b236b68d1fd188de0777491053d327856ce3c01c1d6ff85c5a629ebf4a59f84f966e81db4bdef7247

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 9eb4cba46924fc428a20d8eda06f1a04
SHA1 272225b6bf3432ee44794bdb4cad05d69b81d3d8
SHA256 37d9d3c5cafeeba5e862baceb5c0bd49042be30b8e195f927c9c0480139331e7
SHA512 41a177b39d51a80ddee879f5d5f5cd2013970525e707d4073741e91d9defa6b35127743d55f4e8c9979d72d268c8b8fe18eddc60635c440c7a35208ba8018e5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_CF00176A6EBE9EE7FD3F5A98527C09C8

MD5 8d5e254e4d4ab3e6c9b083bbbde77ab4
SHA1 4631e6229d60349d29ab0da566f36ddc19e7d036
SHA256 8b3bdae97dd1235070d4a910cc6ec63cc006323aa90c299e65573ecd7c284c4f
SHA512 1a696a331ea40453c18594a96c9060559bcd3825c3ca4df7d881b6de09dc242f289505dd7b80ea9b1689e765482a40b2a93d16b44a3f886dc7fedc852b9ef1fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 8461a556a49d6a63697e384437b33156
SHA1 567d957c86335dbb71581ec4a3aba8eaa6242d00
SHA256 fef1ea60ebb722e86fe5e39665f91ffde1baa23e2ef602695dceb0edcf09f980
SHA512 fa9a86cd96052688cc8ac5d9d37333e9ac8320b3690b91daaa1d57ca103a9e7101a7ef11c41a4d4424e6ff944e8153f784ce278f0fc33fc1e78e515eb3bf338a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\24863546-790e-4ef7-be3e-42676cead941

MD5 ef034d991d1ded8b67f89b1751971892
SHA1 ef9e52b734cce5986445318469873ed73fb6a729
SHA256 a8ca873516b584b7882ef5a028ff4671d6a4f3b9412ae6492491ea3e496daeba
SHA512 b7474358f330dd260164d07208dde878acb65c0e8429e85680520a4962f512f7c8a800450262172644ca74217a457192d8fb20950d283341ef6be7115bbe04b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\0be85eba-6701-4336-ba0e-01b8a3d63661

MD5 f5c98e9baed710e8f66493021cb6088c
SHA1 918d66ed3a9fb21633f3487f960acc6ca9e9d5fa
SHA256 a3d5ad1287ce0d831c827d7f78e803d32c66290281c6a0b7da1a950c24f9f49a
SHA512 90ce645f9d191f406c24864111c01bb793820618402ddc0d21ae8592d07c0d9cf892c4d0b0469a5bc571636bbc3fe25a4abae6b4f91029dbbafa6a1262070e17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 f17290d263cd7fdb4236be745a554803
SHA1 9c926b58ded4f2d3bfc4b4a92103194566ad2d32
SHA256 7231c32d2dd2f408f40f46ba8100b76258208c5db1bac388ab9559411aa5f36e
SHA512 132e23e17123662a00d9c41590c438ff584b6ebcc2ad7fa251728f8b0124670f26ecf4860d6479765c43ec108f739dfc7e37bda8102df7255a88f2d7a7a8b6a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 11c2aa7bbff3838408b70bf075e14c3c
SHA1 b1c83d57a07aeac73e652730a06d582e1c720ca5
SHA256 dfe5b193ba0770d3f40f1620c5bc6b941b9b9d9466a4e4e33e0cca342a10097c
SHA512 953a5df43c6349417d65ba0ebfacff9caebaa119644343475d025e0f14cb22a8ec2fe429520b16c95e03e7d406ee216ec274e034c84780fc609dd54357b835ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f93c0aa5062a00848e7f44c1761c487
SHA1 6b6dc3ce97e0a264e279690d0da8267a33f5ab81
SHA256 b9ae4c3db17c5fe68ea2a899c6c00ec5a667223c750f2e83edd205705cc90682
SHA512 e11a83aa54e9e788566ce77d1986251609a3f848098747cbc656c5cda18efab0ef10c14a25f168e1b4811ffd64a2ddb514494fec296699915b4f3e49de39e284

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 1d982430f8e240e3ad3d8a4d92fa58f6
SHA1 c4a22049fc749735e7757f7e41260991f2a2bfd6
SHA256 e2f362d0817aeaaace4ac0485f381be7ea10e25a6dd357a98e535719d7077bf8
SHA512 dfaa7d4b3ce2b1829ccf6f686cfb52bfafdefa384ec697efa859c8a6c102baace0b15d1715768a992fdffb0375d08aa559e173bc02da6d0ad10fa52c356a29a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76b599.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\223\{668d642e-a062-4fbc-b45b-8a0936a996df}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\1701430588yCt7-%iCt7-%ree7s9p4o.sqlite

MD5 eb207e772d0f8d011a74c75a2529364d
SHA1 ba5a2d422fddaed96725326c8425cee634c7d33f
SHA256 732e83b869cdf2167c497fee00c80757d51d842486a2ae05e60be36af08267d9
SHA512 063c7129e39ee27bc93295b258fe6b8efc2325653036193219c5f47f286aeb22bb9b0367d587f0f1ff39031976a847a3375468ab88ca6965c2776606a792b235

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1500_1695459253\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 e444797b6a59d6a7cdde8315dae1a68d
SHA1 44ffc6cc1875cb10d94450925c33c463e0526559
SHA256 8c3a3add74dd6c4295f9cc7c4328ab1aba00a99277c9809bbf1d401d0a86c1fb
SHA512 ea81b5b2591f09e64485ca16173306dd0a19f34d48992de7aa7ffae7b922a7eb6f093c6a26db5169dbfe88f96614daa821d170aac91c0abaa1f4ad45b6a526e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 4a00b1a04e6bbecc3bdc92ec4871b0a4
SHA1 03e6b805a6f5f0e66db2c378a84e41788024578c
SHA256 95f5bdf94be576118d9db076043f271838c543615f259a8896046bbea3713488
SHA512 7f27d4cbb2b3007725b0c6a6502691f7945f32929c31f0df695efe2c299bef71c8aa3be25da7b8e5c5e4ab195da8fe3f9da4054500506aaa814e2dded474b595

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 420f52e05915b128b6cc2ab07fca5f53
SHA1 01ab2eeb938e4bf13a3aa9070064235b2470f8bc
SHA256 88af43819ff9929381615ad54ec68f594a98333ea3b97c9524a9b8cdcae3da27
SHA512 f8c0e36d0231cb99038a1bef3187f363c2ec218a74ae2a3900c17337cab1a74536d17522c51f96aa16677545e1c999f66d75856784f1b92c642f17b34b15c2e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a8d8ad20ad1d4634ba0734c14eabac7e
SHA1 463e7071d7793ba466db507428ab9ea8ee44564c
SHA256 873d9b61eec3c9b99394501b7c359bcc791db67182374f331eb2c4c309e27cba
SHA512 5e684833e25971c6f471b99f9525a932678f08253c7ec13dcc0ab2fb0e01dbb7ecfa4d5c99c0303e52673b5f8b5caf77de76e67af5db2245d7a026d10fe928f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06d9cb9c1b952400a40c1ce3a086c215
SHA1 66d6aec3f7096d9db2ad214436328606f19361c7
SHA256 071c131a695bff352edd13aa88f89d617608c3410fc595f86e4bf04e3a941aa4
SHA512 0c9d736a0c9b42766dbccf0880acbaff6b1fde78500daa1ee6f605e302557cf5cf5aed20035f2b1660133216585e8578833031c13d81097a82c00a03ffd733a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 43adfc2436f24ede7eefb1b2cc747ddd
SHA1 4542e4efb6497d455b032669e71ac7efd976b712
SHA256 588b2df8b391882bdf332307a689201a61ebfad807de16ea5b34121718f539e8
SHA512 7fc3dce6a79f4ee5df0eae7733cc906d27f5434ba933e22c54143cbae5c1da83ae4cebc17f6025ffb39c6968836b55308170e57e94467ba023584ac56b4332fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 43a73e5018be37632f2cf7e7e8c9727e
SHA1 7b8faa2a0c0a49cd491da68dbb434b3338805415
SHA256 5a3e18fe5c043ffaa0d48f9cb8f3e482efd65d350344bc446e72f855fdd23fb2
SHA512 dec68a88444cb3abf476016816dbb40617b7b21fef0bdf1994102051f31160ccad2a3fe8834b232d71f70cf5084e417065c04f036e17a1e33ab793b24550542f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\255\{057a96c8-2ed8-4185-ab57-d08decd10fff}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\47\{cec7544e-a53f-47c1-bd04-73b7bdce6f2f}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{a1838622-34c5-4ee4-b71a-b90103623c94}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\140\{afb9c726-2401-4a5b-85fa-e1767979468c}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{c2f75dd3-eecc-4614-a99f-7d952726c187}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{11cfd364-28db-4891-acca-a0c9b77f34a7}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 a03c682b1ecbbf54965f0606d0d2d5c4
SHA1 29748c36564a200cdb5ab108cde27b16e34770c5
SHA256 13bd56fc4e5e3d6f392ab6f2b4903f6f197deaa50b2feafecf1404624cc106b6
SHA512 715514e787671cf918db1ddc63864d435e5ffb637a02ee31daef988279dd8390c566e43311580ffa3c45eae310c9ca0cc36b3322c2172aa83162f01f8b7d253a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6faa17fe7586eb5b078308cf37e9577a
SHA1 9280dab6318c6c90a5f882ca381bc18ace34b4bf
SHA256 bd6751af5ccde47bcdda01811a1c0ab8e4034dfa029a10a54f912cba7ca19021
SHA512 474d8f5f5fcf58a634eea95dc99dfc85b143da9bbc167e79a0e42c864c001c4f8a58471c2d19cf855cd7389da31edadcb77222f8a6d838d581cbd99f26d7499e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9e34cb40cfd8fcf7d30f6cc9153f11e3
SHA1 d6af280cd45cae56a159fe3fa42ff1ac9e6791b2
SHA256 fe0e61e8136bcb9c3584011ac0418579ef74bbdf2f6390a71910c6f234e0cd5c
SHA512 a30c8642f1f11b24ba659c10cb65c15ac5e114281ee6d57791192c874b61a5a5e854a45a5068ed10811e870107fe840e9cb30586af676810ab5a856825b92b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5698b1faabeea3aa2c4a179af071cefe
SHA1 a967d89b72c5953fd0035a0041a71c947aacc452
SHA256 88b609adfa05626b9cb7da5e2276ee01e2c2e1726ecb69907536f535b3437bd0
SHA512 320112c8ac9f5fe2bb4f88313e5c94c55edc1c3b47179223ecb98c06626f247068fe3f4ec7f82f34b0bf28f3818bbb8794c40ff98fd377944c4443a9f4aa70aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a5b77791b2fd42846442844125a0a4a
SHA1 c9ecdbdfba1ac00de6ce92875e17107b9d66d2c5
SHA256 7a4edadad948a693a8efdc043a0dc15e303f61b41fcfcab91adc91eec67628e4
SHA512 927ae13c600f132a633f9d6228ce64dd0c87b3e217a20d32d4c60a052e25760d698dbd4353eac8a3eb4921da783ebe17cbc1d0578ff3b91bbfb19cdf931b1e5f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 433ebd6368b6f1cbe779391dc9d26d29
SHA1 8acf2e154830b30c2ccd9c62f4387c5705e9b244
SHA256 895a0ccb54577ba722f4c8d6b38d34c6b62e2e7c1638aea5a00023f34c3a1271
SHA512 955c9b45dd0c21566c27c4a4cd095130900a16d8a4bf0f98be71ec00e0ae0e0e37caba1e12c979f2419575823d4073bbf3f636eb637ddc5d7c5d5f811ea45251

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f965932514276d0b4cadf943454eb325
SHA1 c7cf126866b7340f48fe6ae917de7a7f025d6f1f
SHA256 5ae8ab2447168122b84cf9c342274f28b82b84d1dd01e05a8370db67d55bbeb7
SHA512 6d76218f07c686129b429ad89374f41f29ee1c45db85476828e3ff644beb9e2bb0b3a7b743c628c94a9d159d13a4c4a1679a1af23e537754701c6b338973d2c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc1c7662a2c9b24c007f39353b45e472
SHA1 0dcac201eab7b1f15b9e068127b40cd1f057041b
SHA256 6052c2e752e6da73c3ad6cd686f58fc161c3a23d5ea987d228f80a00c06e4124
SHA512 57d512a3532e7080c879cfdb250c93b036b840322010a348ab033af05693249704bdb6e69a35d171e00442a2fdc51a4cd872fe227c5573904762cce706b03ebb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1f7f4c8d8c2ec0fd0ec77da4c092390
SHA1 b022d93bb580f55186b05b66aa5c2ea274ce3c7e
SHA256 2dd6d47bcf5f061ff0726d90791846875d4efb78e576b576d13bc8696bad9afb
SHA512 cb965cec6e97c0831a10f60f69850f1a48438b4bf725e9f5986112bab96ae339f4d750e83d7e87277ca1b15183456e80142fab0126f0a3b6291b687c39afb7b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 378a92293f4ec337afd3a903880ded18
SHA1 4669b09e5a50e321d09060ca27d2d4ffc232f9a4
SHA256 0b04bf8e070b85d40da06596c4507d82decd8cc455c26a5bfd373f6a73e4fdee
SHA512 dc27ee2424f295e00071c6ead72ee510808199e7f1d825b30f5575a6f0b76d8095a76f2aa4cfdc7570f998787f7c7fdf416db338277f2a0b677db65b74bd82d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 f52880cedd0b8983e9b6c82cc9bd6554
SHA1 5ef316248c16600379b9bc05142f7bb5b947911d
SHA256 c49931e0dd6c6dc2216d6af61b147067c8a02d61ecd58feb2dd8bfe14926c9f7
SHA512 6a510488207440c01bddf51ff7ccac61c0457819613a169ea8c6ebe9a2b8bedd00e70c3d0ce46bd0c4617e95d8fd64325790c24eb63f522d5a0be7373fefee93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3b1a563e60283ad7b64cafad7b43cf5a
SHA1 2fb4bda0fd9d359a5b7e83a8d0e74024b80bf9bd
SHA256 6e4216b648fc5229d0de5b03dd3beac5aa498f5174e86dd933240b204e5233ef
SHA512 68e25747e61373b2680aafa7e7ddbe95527911e56666607fe5190562d4f1352fc12fe4b5d1ebf397dac77ceab1841b5cec50c04dab8e0b5e2234113eb389a5bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7b997fca93d28da12d6566ee1e357ad
SHA1 e8d50cf3b474aaaa72ff0972351949c8c7a6be84
SHA256 51be4c6ecd2fd2e79716cf5f7ee167dd8f9d78c74440623222534643a7e448e7
SHA512 a24a67cf3281844afc7e49940cbdfb83e872876a21f59fbb5b74803ea7ea02e9ed9e887ee5e068ba7012e4ee2f461dfc13b0b80ee82c4813aada340a09713ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\34bb9508-1a92-4806-99de-253caa4d2bf4.tmp

MD5 39d77591bbdae294a57e002ad5b09d8a
SHA1 ca9ddadb011ce104725705960bcd20d26c8a1740
SHA256 c779d94f09624f9210fd7ee19a3dbba889b85233ee71ded933d1fa669b335bdd
SHA512 80eb18972ff1fb83551fa7f9a0d5f3efd4b16c7e07a18f5b2090724786aaac9114a55847313ee8247d4c3983510b162628bbe163e91a1fcf3b829d283153a9d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f18fd4dc1373562c03e37e0687355b0
SHA1 27ae6ec97645a9cb0d867922cf781e443afed950
SHA256 9f762d1607bba881a7f26c8383e64712d150f67e2a0e6aec81b872463acf33fd
SHA512 4aedb1752a424db68fef126d7830016dc362a7a139f6c559c6876deed766d90cdc84a19a56a005613b71a22c67cd09b55a04337d83198e3906ef44f3c1608d95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49adc05a60a057a4c8c43a60bb6195f4
SHA1 3f998f5af7083a377fd1010b86dd895fb5b95b6c
SHA256 18bad5ea2d77a251cf8204345a7671ff8a084fa2baff4ab6f077b13d4f3da214
SHA512 53bb738cadaf6bd2072f3af3873a2b1beaf88f488474fa6942689f474afc45123582e6f8ec44ca4d22ec590ad996b73dd8fc72b9603bbb03b5552f54d3041b48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5aa53d40f583960a717e32e339bbf990
SHA1 dc4137fd7ea9e1f22495207f75d5638e095f68af
SHA256 42c238cdec2401cf77028c1241a479b392c1e5edad05496fa9f1f34f90f1e20c
SHA512 6e9fdbce99c3cf78a3b821265d26e89bf57ab444ffba24aa228123dc2e412536c7d0bbf3f27eb1a14ba678affbd08bafb5874e5e0345edf83567823a09266237

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d28b4ff0c4eb95b052cefcd0ff82d62
SHA1 b20fb6ee48c146dc66ab6571593971d030e973e4
SHA256 b442410c8cbf05188ac2fea14a464e3a52a122d707f364f9702f67a1dd1151b8
SHA512 76f0a70556b46915d1f3ab8e9da8e94694334b0b9e17bfaf3043e818596473909e0e6206af55fd9843ec84222ca7469ce6c7f55cd02895bdebdf32a35706d65a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3fc318e8632a73cd9879386f82dfd456
SHA1 4f696ef8b94f56259e335b58b6f4024f2fe58544
SHA256 e899cb8b1e61eeb620e3ff79ac1e8786e02e08a549ccb3069e9c02ebd9091266
SHA512 cf47b1344829812b6cab23a3a026b7107f05b033555b19c9a4b3e1334ca26435c2301a70a802578c1a41f4d4595728591871061b8d7caf18870b210a2446477b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ac8dacfb3fe80787b6abd245188fb533
SHA1 4f3a766a18b62a96cecf6ce3b3d72ec8103c4b55
SHA256 381c47712f11637ab694df7ba7b949a37dcf1f6dc40559b6bad1ca06d44841b1
SHA512 fb4bb440b13442f15dcddfc6c2dad0225d9d1e49188cfdc4ed92e6f2454e15d2760297fd342a319f145624f56d6d5189d822532d46e8827667d2815a004eae15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 96b1880f9351301366bda340e3a1b99b
SHA1 cce92325724b68c3fbb0ad7fed7a3e000677699a
SHA256 76df14b99e211a4abc46247aba1e89dc385b242c8124ddd08ec7b756e828ce03
SHA512 01fa29a889beee8addceadfb51ff7aa78332dbff13856ed1d8acf2a85ba175810a7e8d7b97dc055ca9d233f3fd8b48f335a59b78672f0bac34ac58a48bcc089a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0f6516c8d96702e12e5a5c91614b3988
SHA1 5ee8bbfe09a9c0f3d93df114d34b75432ce7fb4b
SHA256 ea90ab34689f99b89348205476f31dd75ee887676a0df0dda2c270f117a6ab8c
SHA512 722a51b1bcf282f6c31b72b436643a681caa2c5ee3f3bfc2b61fa09c5c2237be17251c7d9578e17a03f8771084b386f6af5d9f6f957d463f30aff549e77b64d8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a2be646ca515f71caaaf0d90506d0813
SHA1 48d75d9fddde93bb00bfbb16ef2781ee047d6c4a
SHA256 81e5cf3204630834f5030e44bf8befd06038b566e6fb3d2eba4502f935a2a055
SHA512 6cef862b64515fd6b34921add05b24048d5d6ad51769e909a259df20c8dbe8712cdb574b558eb2d09d3248fc98729fcf6c0b520087ffd78d58464b7f0c802ed7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b766fa5537c682982ec8a3b562b3a11
SHA1 d7810388793da57628c65a35d6564258ab24bf4f
SHA256 85efd0e8e1ca067fae3cc4f9b68980d010ef2f7af2540bf9d025507317d656ff
SHA512 f348e0f36ec6ef49c8fb8f009267390f1d46d358da66c0dc09f2be1880e7f3cce261b9ada51b696ebc4c87b135287980c7e8c3cb20437cf8636ab7feea680422

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-21 04:53

Reported

2024-02-21 04:58

Platform

win10-20240214-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529650168564388" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = adca3eec8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e28b22fb8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a23f54ec8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "415275440" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "415259675" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "415260661" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. S C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 86176cec8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f9778dec8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9e9eb3ec8164da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-79906965-4104874056-73860534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 3320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4832 wrote to memory of 2332 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2224 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1248 wrote to memory of 5128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1248 wrote to memory of 5128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 5136 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 5136 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 5148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 5148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5136 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5136 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 5208 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 5208 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5208 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5288 wrote to memory of 5328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe

"C:\Users\Admin\AppData\Local\Temp\5c4bb54283db7a67b7516c10bb2f8b43e4d34699e94bf60c6b3691d2bdc18ea2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffdb3059758,0x7ffdb3059768,0x7ffdb3059778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffdb3059758,0x7ffdb3059768,0x7ffdb3059778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb3059758,0x7ffdb3059768,0x7ffdb3059778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.0.580254967\1627686995" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {050c3ae7-b9e8-4d08-ac4e-2907de61d653} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 1776 186cc409358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.1.1196691838\1359403189" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63250a19-fe3f-47ef-8e80-afa7992333a6} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 2164 186cb0f9258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.2.1494131753\939582081" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2664 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf8cfdba-3729-4058-9a1d-510906cb368a} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 3192 186cf0ec558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.3.1133827893\320123079" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acc33c06-c38b-4bb5-8de7-527300418025} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 3524 186d063ed58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3752 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3748 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1828,i,15169912966253793684,7516506427139332780,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1828,i,15169912966253793684,7516506427139332780,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.6.435024119\539009432" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e776be22-3d53-4546-bed2-f95b58a44506} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 5100 186d1c32b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.5.1084403677\1658135098" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2deb90a7-3bee-42f4-a6ac-6c1e7b359774} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 4924 186d19a6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.4.1208727310\1484758721" -childID 3 -isForBrowser -prefsHandle 4752 -prefMapHandle 4772 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cb55cd2-c1dd-4dd1-a2a2-63fc2c7d1ee1} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 4720 186cd8b0858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1860,i,14035206349468825462,15398490207499835791,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1860,i,14035206349468825462,15398490207499835791,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4812 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4952 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3548 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.8.2035118909\56582957" -childID 7 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45f8ef05-8bec-4359-baf4-f897b6f63a0e} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 5508 186d1ab1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.7.447273557\969551729" -childID 6 -isForBrowser -prefsHandle 5456 -prefMapHandle 5168 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8c6a69-ff92-4f89-b1d0-13301c3b25b0} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 5404 186d1ab1b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.9.95132323\937962703" -parentBuildID 20221007134813 -prefsHandle 3036 -prefMapHandle 2780 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9132a5cd-13ba-4702-9ea2-bb06ced01610} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 3540 186ce025358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.10.807175154\707153316" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6032 -prefMapHandle 3648 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f062951-3bc6-4a5d-9afe-d3379060615b} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 6020 186d14ee358 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5272.11.1694418739\538925197" -childID 8 -isForBrowser -prefsHandle 6220 -prefMapHandle 6216 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87703e5f-f342-46e3-bad0-a9276c7bd80e} 5272 "\\.\pipe\gecko-crash-server-pipe.5272" 6228 186d1985058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3384 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1856,i,2073962251705592513,11890008767994120122,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 84.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.239.198.133:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 133.198.239.44.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 108.177.96.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 108.177.96.84:443 accounts.google.com tcp
NL 108.177.96.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr4---sn-t0a7sn7d.googlevideo.com udp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-t0a7sn7d.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-t0a7sn7d.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-t0a7sn7d.googlevideo.com udp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
CA 209.85.225.201:443 rr4---sn-t0a7sn7d.googlevideo.com tcp
US 8.8.8.8:53 201.225.85.209.in-addr.arpa udp
N/A 127.0.0.1:51026 tcp
N/A 127.0.0.1:51037 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 108.177.96.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 108.177.96.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 e2c73.gcp.gvt2.com udp
PL 34.0.245.166:443 e2c73.gcp.gvt2.com tcp
US 8.8.8.8:53 166.245.0.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
DE 216.58.206.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 35.206.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.200.14:443 play.google.com udp
NL 108.177.96.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 play.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 108.177.96.84:443 accounts.google.com udp

Files

memory/4824-0-0x000001D119220000-0x000001D119230000-memory.dmp

memory/4824-16-0x000001D1194E0000-0x000001D1194F0000-memory.dmp

memory/4824-35-0x000001D1168F0000-0x000001D1168F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NQDF2V38.cookie

MD5 d99d7965c2cbcbfe7cb40a4fc34ee681
SHA1 ba4decb8cda7ca507dd6d1db70bb0fd483cb0bf8
SHA256 41ab5feee6d8c14bd82c166a99ba72fc99143807ad6b6cb043400d519820bef6
SHA512 00c39c25a097182285c6105268b680f9f8161aae846756f91621fef4623c230d9a9f80ad21f6ed7973fb59134dc31da30230ac8df5ced7256be713f213680548

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FOGS3T0V.cookie

MD5 9b3b61e226f2edff738919f3cd86f222
SHA1 e64571530d2fd1e6355273add424ee9cecc1a280
SHA256 7359c9a1355ede7bed35ed6f5e2ec291dea4b37aaa71011a21d6b10ff1e08806
SHA512 36ccaaeed0cc418f65ed23c500dcb14c7cb88e4da042699faa801d807abaa996ce7de9bc6d1aa6dba7ec7e9dcb24be62cac52233ccacb7e1872ccd34bc0c36d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M1WXQ8T7.cookie

MD5 5eb7d8228d6de25a5127b94c71fe551b
SHA1 f8a9fb9fa5dde81addd6482f5d9ddfef825a59f5
SHA256 3d49a53742cb34aca526ea4a1d824981b0f1c493d8c8d817d3fd19e80142ca40
SHA512 7469f92423db4c5d0b1ae2b52ee7af472cc9316a95955fec1bb0a72bc42fa3a7830a420988e3c44d8c19f79127cfc93a863316780e7cb8cadea52646a8408f75

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 754ecdfc636bcccf7e77d906af92ebea
SHA1 40be019fc698916de001de06a8c316e19c8569ba
SHA256 33838ce13c25b709b47170e769441f053e66021117830781c6e9f9295f44ff52
SHA512 9f289bb36f6e0551ac8a906c10652898511235ad23b8456f62cd65ae8e6fc3f90adaa50087a86e6e89d06888285aa4437a6f16e4243fc423d7a2629f63339a4b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 959e538521e7b8ed167a11c81850ea23
SHA1 71e2fd9af7cc0b2da303778189c6e1ac7ed0acfd
SHA256 be5e49321a83292427e10c5bf9df0b12e01fd2454fe341b3cd90b1966170f08b
SHA512 a59d9a9df4a0e9be6effd94a094a25219050ecd9585377d0e7ff0acfd28e9228637b538f6fb4a94f01a95fe00f7c380e8f0fc899e9877b7877574f7985ae5b0b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7a09c143e1f0cdd300990d16c81ebbd6
SHA1 76531f47f0ec539f2517e43c07a22488248769fd
SHA256 a3c9f2cefaa61a9a4ea1627a75fe40ed4963ad3bdaa1e9407b50bdb311f437b4
SHA512 1c221ef7b252e2b3b8d94616c516c4671483ab3cd27867a811c0c00ce68bcd67b81c211790e2779cf8af6309179c0d1cfe483d39b36e9fa865bc031e29283096

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

memory/4628-155-0x00000238238A0000-0x00000238238C0000-memory.dmp

memory/4628-168-0x0000023823220000-0x0000023823240000-memory.dmp

memory/3320-193-0x0000020A19220000-0x0000020A19240000-memory.dmp

memory/3320-195-0x0000020A19690000-0x0000020A19790000-memory.dmp

memory/3236-206-0x000001B9FA0E0000-0x000001B9FA100000-memory.dmp

memory/3236-259-0x000001B9FA2E0000-0x000001B9FA2E2000-memory.dmp

memory/3236-276-0x000001B9FA4E0000-0x000001B9FA4E2000-memory.dmp

memory/2332-272-0x0000026458A00000-0x0000026458B00000-memory.dmp

memory/3236-289-0x000001B9F9BF0000-0x000001B9F9BF2000-memory.dmp

memory/3236-284-0x000001B9FA4F0000-0x000001B9FA4F2000-memory.dmp

memory/3236-292-0x000001B9FAF10000-0x000001B9FAF12000-memory.dmp

memory/3236-299-0x000001B9FB190000-0x000001B9FB192000-memory.dmp

memory/3236-305-0x000001B9FB1B0000-0x000001B9FB1B2000-memory.dmp

memory/3236-308-0x000001B9FC100000-0x000001B9FC200000-memory.dmp

memory/3236-314-0x000001B9FB1D0000-0x000001B9FB2D0000-memory.dmp

memory/3236-319-0x000001B9FB2E0000-0x000001B9FB2E2000-memory.dmp

memory/3320-321-0x0000020A19310000-0x0000020A19312000-memory.dmp

memory/3236-327-0x000001B9FB440000-0x000001B9FB442000-memory.dmp

memory/3320-339-0x0000020B1A4D0000-0x0000020B1A4D2000-memory.dmp

memory/4824-342-0x000001D11FF30000-0x000001D11FF31000-memory.dmp

memory/3320-348-0x0000020B1A4F0000-0x0000020B1A4F2000-memory.dmp

memory/4824-346-0x000001D11FF40000-0x000001D11FF41000-memory.dmp

memory/3320-355-0x0000020B1A500000-0x0000020B1A502000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X5TA01FN\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/3236-414-0x000001B9FF040000-0x000001B9FF060000-memory.dmp

memory/3236-418-0x000001B9FF880000-0x000001B9FF8A0000-memory.dmp

memory/2332-466-0x0000026457ED0000-0x0000026457EF0000-memory.dmp

memory/2332-474-0x0000026458BE0000-0x0000026458CE0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HDWW6PNW.cookie

MD5 4f2a445f90b84bbce46da6a7ea6227d0
SHA1 8addd11ef8c4d07d360fe48f593f8062f6ed3381
SHA256 b1df6e91fbe1dd8455880f28abf39702c218094b444916d7813bd5bdb5e7cec4
SHA512 5a8f7cdd060f3506a8de07ae757b3c837b4a6146166ba3614fb8a9d6ce960097b556b7fd48093e90b0a91712f55a65b4ccb04d08662e77102f867d95a7b51446

memory/3236-572-0x000001B9FB310000-0x000001B9FB410000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\E8K8RS2X\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 aaeab1efaffbfb983ad2a81d7f65a34b
SHA1 e9af2cf4357d03bc9088df5e82b1ab6fe5b0202b
SHA256 9587bbda18f56f5b59a8490eec61ddd8d36205d629fa771b9804b6cbc991b2b7
SHA512 e7c99fb5d58f3b04eba62f55a9552e9135c6312ef3e553892a8ca7408226d8a3f938eeb72766b05bf519a14b30f2dec1bfb96f0e7435dc981751c7263bf3b498

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 bea868eb8d5d54ceeaab500820fee9ee
SHA1 04d0f83db8fe4e6e553fb53275071a318be0cab8
SHA256 d1518a32df8cfc3d813d4bfa31bee0ceaf84ca5d51223f06a4fc36c3b9758602
SHA512 18631a6922e96075793de6e15f1a761e2f8d91525e43eba6ae48a1117f438f66ad4b9acdf33feece7a26ceb17912e28f7fe3f3917ed5e926d3ac96eed616a20d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5AWD36CW\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\8qymxdn\imagestore.dat

MD5 1c59554bf622be617ca11f41599a627a
SHA1 53c4046b52fcf5afaed268c07ce3355ab1e6e113
SHA256 9a3a43f7dedc6c945a46787845ed57b259644eb44877c1d24723f7c007d2b3d8
SHA512 c4b94b8931f5fef15e7c5a4cb9567f92abc570ad61b87283b9c767ea75b776fa38b00ede9cf0f24fff74e49148f5496e7747bc00c8ce8c58ca8674cd3d869de6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 aba4ee7cd071486dba80f45f3c762bd3
SHA1 fafa5e04058bf558a9ecb678670fb593d57fd73d
SHA256 288ab18301ee463d2f6c3e9ab765cd3f54ffa8ed65698da9b975f96dad66a2be
SHA512 3aba64353df569b4d85ffd26e5b635ea14b49bfbfb1811e23f4bdb710d715d51e4c407508a28efb395cbc3df9e60c36e7767bb496088663bdff0b27bf4c96a16

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 1ec77ebae2e7a86af7aa84d0152d5068
SHA1 f6694fbd9fd95ee0602e62d6c1ccc9ede6784cff
SHA256 67419b64ed424843a53f324c3037227903f342b21aebfe1d5fd90ede2e4f9133
SHA512 d99c047bc1759f3d21b6d58aac8550067d2180a47cee3f7e28ec95a3971603f6c76c18ebda8a098911ad8a0a10f89d06de6e5e61f3ade69eab82da048a1bd197

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q2H55HM8\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WV7HI43W.cookie

MD5 3aad9affcd80a51cd6520cd4deb05a0b
SHA1 12b5588827956cd578cf61059527dce167e504bb
SHA256 8392c5c829bddbd9a330dc117355118653e41ee88992c6f9761e0f808f4c31c2
SHA512 062c2fb41010270c3eef9f34a0f5143506da4259aea54e704c0c739064a0c128cb7ef78a1a19bb71a06fcd43288c584bd098a3a047e00534df58aaad26fb8668

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 dbd14c8822d42ac0af82a891d794a159
SHA1 008bfb1ea1dddda2b7e89386afc41003d470ebc1
SHA256 e21cf70f09a6d42a1d17a4283ee61767ac4bdcf5695c7fc3a1481875d27d05e4
SHA512 a50523b0c409d12e304c9b345c96d16f4ce8196c2f7ce8fc3d2488a24c76ce56dff3607567c370b4c46ade8d5f6476bcc5e0ca6725988b4efeee260d5dc2e975

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 ab53b2c72b3658ba83cba4b004424a69
SHA1 af26bd4ca8ec9467a51dd600ea288925859729b5
SHA256 a5c24abfb3fa7cecd2c40c8e6c9c71aa7cf4ed45317cbf4c40ab97cc39290cef
SHA512 fabd628fc4e4b962d9bf640d7886be12da5cd1bf0f2fccb09035b380f7ccb8a89c592cf0ac480cba14a0ee96122d17a36bb95b7340be9d127e54b312feb51255

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FVEQE5RZ\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FVEQE5RZ\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FVEQE5RZ\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FVEQE5RZ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5SZP9UO3\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5SZP9UO3\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5SZP9UO3\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 040c26b6df71b3d4539cc49ccbdc71f5
SHA1 9114a7e778ade95e10a57170b74bf6b4a6a7c2aa
SHA256 57eae9104a2a5e699d6f563ff438052fac9777bbe072ca0d855294cd509bdf36
SHA512 4ea292045c41f14fde25cee65910f933db065a1360b9d3dce44558c18524e5898b4448a7dce5bfd5ab3d8c87c3a466ddde3affec288b47739b61921d99bebd0d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 693cc7525580c30996c6b2172aef91ad
SHA1 31f5e817fd28220c35424749ed183c5fedf410fc
SHA256 194aec5529362ad154fb99cf01eae3181d9ec9f602473b06bf841cc342a934e2
SHA512 0d22df456c9f83d9682043cfbddad4abbc96ae2dac8fb81d22b8f0ffe7cc7c564c5b6ef520d7a41320af6092ad08c39f4fe3fcc451cb58fe89e4ca8ba34f0a22

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5K96USX1\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5SZP9UO3\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 73471ee8536256d4f880ba1a8be8dea9
SHA1 6cca6bee5ea28ba153f6c013cd8a7a249edc64cd
SHA256 2135523904a99149a0f818b10705316c7191e2cd0aab3a391d8de409ca406e2d
SHA512 90ca381d744c0fc0110b4ac15b4b683281de4947845a15b907ecaf83c773ba9ecbc1a5123b1df772730a3268872a5aa270fb9284d45af353dc1a26ec75b4708a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\datareporting\glean\pending_pings\db5cfb27-db85-4272-85bc-85c865a0f30c

MD5 389cda6122fd82f0a3227b0a2b73f503
SHA1 e0f90ef27e57d7db2931e3be9cf073c7f007221b
SHA256 0665cadb8602308468c3ba6a7bd8b9cc9f1508f710821511f2f5716d9a8d0575
SHA512 b740418bd8cf246d59e5f9d3cfb8890ec531f76328de0a1b017fde0fc123d8ae989e6c04bd40412a62d596b798d0846295ae57a69a33b82b0b8660061e34ffa2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\datareporting\glean\pending_pings\23e26c46-a1d4-4f2c-982b-1c7a14d94adc

MD5 e53536b2bb2349b853f1114d202bf568
SHA1 80e70a2b0d3ece0c87a41ae5e70f36d21c467b8e
SHA256 323f7a3492253736ec465a6074e17f85210255089b309a55d8df5ce916768b14
SHA512 26f40c5790a62c8a759e0e658577042606aafc1e63f48ab4dc214d6d1beb7024f1b6fc5c6858d41684ae20d1b6972503a65bbe542fa84139bf6c964b620885aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\datareporting\glean\db\data.safe.bin

MD5 b4f8ef600e1a58c05821d083a72f80f6
SHA1 a90a7f6ab374548c4f9ca0b4ed8a69ac5729375d
SHA256 448c2182115170a6e96a6b1737e3bba1079ac20b1101eaba3f38b3d900f4fd1b
SHA512 524d2271378067b74aa0755e43a94f73812639dc4f2e900f130e67364c17fbb03ecf6973c954c8664deaae0d589a8ecd846ed0bb280d1c13a37233dd79129568

\??\pipe\crashpad_1248_GUWPQAARBPJNXWOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bac3404a357d6d9b7792a29482f87d37
SHA1 10985136dd1fd07b356cb10a182ba5c04ccaad80
SHA256 8b2c0d15bb136a20e56688b3e5bc5bc8ea8b3e2eecf561f4c9a6a46fb98bf6db
SHA512 ed485120f6a8b623425d48734947cce6dd0e6ad06936ad5cafa6d736b335d887a928c3939970b3865bfe0592ff22331d1a89edfc5f77ab5486e87469ff61bca6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a13cd725e63d418ddfee0763403136d0
SHA1 60d96804eda047b0243d8a252aee93a9a2fac4dd
SHA256 bc95b9f5fbe5fcf96ac96ef38c27f30e12c5162b2ccb9ae61a90e9f7fadba1a7
SHA512 6afcea033eb0bf456773eba9a94f2d22b03f9351eb0c3f848b54e76d3fab7770f7822a6c90caaef4f553339e5e3d35f777fc937fcf5df6a9a0f5dfd8d9433c25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7d0cb0cd32cc1b8bf310f44eef378525
SHA1 49417037c8c233b8bcccc289269f85164c452564
SHA256 8eb15606e7af8b680960299ee973bd3bbf5cea8b4538230fbff4a0624732d081
SHA512 e6677f0c8b97390f2c1dfc467d095a7a293c5b0e8e86ee3056b3dd391b7934b51608c82bfe1b84fe3676b1c11d3209d25d6f922128286078eaf8ef92af1ecf84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs.js

MD5 8c99121ae842072526e8ca8e511a7092
SHA1 2b61b58497d3c62a717ca3418bcd617f92f59729
SHA256 eeba72e5bd30b7ff81fc8dad874918985fd157a64134164c02effeee71e39a70
SHA512 8443f3e2394ec6662e1f6c7d663d6a750ae16757c4059841e1ea455fd0b80f6c680cb66cf811002da7bd7fa9ebe7905e4c40fe1f4403a7bc6b8118ee671c919c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4520bc6b1b53630444fa4928e1053317
SHA1 d17cc40f89ed6778e7bd2b9f1fdb7b809d1a281f
SHA256 a07c612a232509e5b7f272914574d50d643bde9af0e3370edd6ecd492a52d0d6
SHA512 3e367f44c83a131afdcb7f27b2c77ba55a0b3c2580546d452fff87ff8d46158d4bf08beb5210937bc5c1613288215fc633cb6eee25fc06a8948be8121033773e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7HUGAIYY.cookie

MD5 be24b472b708ada96d7c97a7e17460a6
SHA1 b277cf546ea527a58b4c1cfe4326a60d30bb5257
SHA256 9b3247e2a0a0e15148e6f00ebb45eef07f6d32892cbd42319a527c4399001970
SHA512 fc5afd526a8199ca1e199ebf8ad2bc615792b3c41b16b254c52c897d369106f02339bd7f75b19b9cff931ba0e9bc79d8aae5d4df996fc96b21fda68b70c80067

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lq89frqa.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 a63f98c6f341bf60f9c78e112bc2adb2
SHA1 9220c135e32a78fa2b6617e66ee9c609132c1a60
SHA256 b3d064d20bea7d1da140fecbe5648109afce27ff41f186d1e094b71ebde478ed
SHA512 81f750224328774aa091ad10c0f06cfae505a616fcfc10f7d29ffc98fd5db5939e84de47da3b39e9b7cc5a46c48bfa1cec2ffc519909fdfaa4ec9bee8cbf3b7e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lq89frqa.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 e8720fec2e03faae3092eccb4cf5ec5c
SHA1 7068429133cdd0319d62868cb36490f8b2a63e03
SHA256 55117c2dc93e63a64b41b102d1a1029050106e59f208b0db1d3c248d9548c903
SHA512 07465e58cb8e9177193a1e7b1e9300ca1b3d7adbcb630269e9a4325b118232c3f20ae23eee404fa33e2dd2cac6e14371a7fcbe6d8a90825d7164065126050c14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js

MD5 9c05d42e8eea8fb01bb1eec23316fd89
SHA1 320fc90dafa845f50e5420c945e5dd677e4780ae
SHA256 d80147ca6b96f92338037673618783c51a0aa129eca80abca481fd5b7d8e3f6e
SHA512 0decc335c96a3194240ad741c09900341fe85b1bd2ad894a8e6ca384b17f17d0f7ec4b0cd5e1f46d282b4d4d06a16ffa2479426fd7dc95ba18157488c24ccc60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee4de0649b72ac9a645084317996cc0d
SHA1 fdd58d7d91db19de10f0e9ca1646048e68c5427a
SHA256 a6e3e4c8d79f3ca4868059f4b9cd423b1f42e6f269ae555d08526dcfeb6f8250
SHA512 ca10245058d236b78670da7c7ba6825e3e1174fdc1867fc8a69e37a3450e5f6467599d6d142f5f258ddaba0747d35b6ce4eab53c4048126ce93a5530f8b59a1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 638b99c30633cf2a77d4ff1e756fdb7c
SHA1 f367e91c77663eee826a7f1bdb3b210180adafc8
SHA256 82bc7df5e393715280d2c2521000292d9aefd7adccd7db5248d624e479579235
SHA512 0cb8bf43a564176692be7b85f9b6539cdc157350278f92464895413516f7577c4c2f29e2925c91464cb73f88d41a74a980084d09e651669b8f6ef9ffb05fc544

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d342315cc615c4af9f00b366af050c66
SHA1 4d2ed6c5057d161317b856f0b48772d9905eb8c9
SHA256 b0c9364541c0a3bf7c2fd4241527aec4800b53e4efa562e0604cdcda6b4eb72d
SHA512 dd3698d7527611eabedeef2d6df20ab2ad7bed9d515aacbda4e59026077bd56e34e63b3a84d7a102e795fdcc347196be36a942db30c0ddff8706abc0e92b9089

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd8367bed0ece14c98d977ae5c3ee4ae
SHA1 1384f9b51aac47e9a92aa97a6e46bc82adc7095f
SHA256 2d99360bf3989dc8ebaf94d2a9111d452ec018905830b494d612d1e6b2ba542b
SHA512 3c71bef3d35f8fb2205031c51bea102167bea1541279180322241f16ec0066dad002b03fd4a3efee99c84100ef2fadcabb00e51ca7de5a4f2530965383f8f935

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5YQIKD7Y\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 15666b6ddbe307c6806064ff5aa19dcc
SHA1 1419a5c43fb35399ba1a07535219825466a0a656
SHA256 b62a4058050a66f269dd58b578d2a40fcd60ebe2102727769b4768da4420e665
SHA512 c798c2bc1dd9fb5e6c914662781244fea636b4bbd406cb94f8e1082bee753bcf9c6721cec3ca6ca492efad3ef9385920e18c0d1399df458f06144f005e30bc10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5839e7.TMP

MD5 584c02b5e2dbf601b3b54c327bb0267f
SHA1 07aed4789c23d4670d69eb27d69dab8e2919b387
SHA256 9781e158461e279345e897f9d924f8a388ebc6a3579e07b74060351cde7b5d19
SHA512 4c9bf133a9355c865712560fce06a86f5c934fbd9f16767185c25f41d47dedc127dddc64b96e6f181ace767582f6ed9cb31de5341074a9e07340c642761f7779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ffbdeca270b2fafa336549c72732f34d
SHA1 6af2e52213e0ef91a29dd31e03d18bb733bcd944
SHA256 ae39c36b06d6df34df1e7daa22ee335dae5c408de834a9bc50735f535df6ff34
SHA512 255106c137e3117143a942ba197d1e67740d7ed5ba0339bfa0878b289e13db7f524bd4739e0d67aee4870aa59f527402014da1f25f502cd328584011262a70cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionstore-backups\recovery.jsonlz4

MD5 24fa4db7cea378136627886a6d2e12a0
SHA1 6d016fcb01fcd733dd181a0ccc5a92a479407426
SHA256 5af722e54d833de580ce686717859e582d73dcb1847bf463e5f4e4e763dfd53c
SHA512 1cab4c5593ee91edc323d3766bc8fb9c05ddac10e49a65c064e4fa01d44b4bb78de7770651d75b5d951a4cc35cac83f9048720454ee1157cb7511f420a9cfabf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{b810b268-a6be-4d72-bc8f-022d9e439c12}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45e3543ae7733f062abf350259322ecb
SHA1 18c7d5dd3bf447d29c4ff482307a69992ef2b86e
SHA256 34604a8f35c600a11b3648df0a83551a542909cbd7b7fbbdbada97fb8d78dc65
SHA512 89144f8e5d935b9fcededa1e3e120d32cbded6f25bbb1c2c44ea567ae720823c5d4e2d50a0298b467afe09a48b035de8049904da47d80dd44b4581e5310acd3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\storage\default\https+++www.youtube.com\idb\2657180601yCt7-%iCt7-%r3ebs7p5o.sqlite

MD5 784218d4eb6490f71a0caa2ec4025480
SHA1 dc8f4bc100dbe62bfe1dd4b74407dcc64345b988
SHA256 c92f64f34f91eb58f02721b89d5f209091a623c21eaf0c0feae3d42c13b838c6
SHA512 ca9cec831ec5c46df288ecec2760b2b91defe3316c641898bc9609d9fbc5ace7a9e80b657ad41479e93a8152d11d1576dabafde04c8f4bbb0a2826db848f373e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js

MD5 0a0ff42af50647458049511cafb708c8
SHA1 8d42f91892299abec99544e28c9ccc79ad3c294f
SHA256 77b1e1684d93b17dfe6916232de1051a618c6082a9457fe80e9984ffddb3a2e3
SHA512 e67296d6ecb2f4b578081fec20854254ce9695a085291ee37719d027479e8c7cad04b589fd2d9b436d4e4788ad739554193de0708aa249ab603abe7f4d231e2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d41b1b4f9b67d82a2b069ac667518c2
SHA1 0739e099b78e271e44473648417e5e61d46443a3
SHA256 52be09708710eaf2a936e788e59018efe093aeff3c0f8d06a5c512ac8626c17b
SHA512 4a7902424bf5885830a9a9c748ecc3b4d54e1c65e719214a35d85c57ae1527ed1b4fd273ad1f949923e1d1b79fd37d5403bbbabbb5fd1042dabe41d97fc52f77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e91c66296f0bde9ca045a2986804eeec
SHA1 d60a6c5907e1d2792e75ccf87dd2fa130d63ab61
SHA256 4ef4048270d2f1259a72b68b7997919ff77896645ca3c56b77f1eab68cd87ecb
SHA512 cdd1c29640f1c1a45d832b08dae9a11c6cde50aaaa2323c94f58f41c50cfeb88312a58aa9512e9607c983a7b265d80b64c5ad498ba883e206de9321d8e8fba9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588865.TMP

MD5 c9e6a432e609faba526779830a9cf779
SHA1 7e28c998172c66569b3ad08ee6bce144ced142d3
SHA256 d876965fb264367ad7757d7c658b2d1292c751ec6ca7f4e110db08d4c29aedc6
SHA512 8b5b5b2ebaf7437865221d856ce2dfa9d998f35c3e18e703702a4cef816e195c4d7adb49d3246270fdf667383fbc27b12d22aca5368b9820a81da0fb39b612b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 256b8a1b84fded0c56468abf0a0ba0ae
SHA1 8cf55ae25c748db7ef80cdb99d884f1cc583459a
SHA256 92556e7e30b04bf846a3cd18d3ff7389fc6c7b0a5de1aa680faf732010ffdfaf
SHA512 8b3bbada1dcf8cb4746d53355e5a8b963d81968522719a993056365c1792ede571a9c4a7685ce6d803de7424ff026b23a52be3d1618fcf3b94978db4b3f7aa5c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js

MD5 f97f6544c3e5cfc1ed1b828c7a9837c8
SHA1 4e6e2221db0d54f6edad9229e9ad73e866f7982a
SHA256 7989b5de000d23e4593986f3f19700e4095cbb01532944987db7e7a202ce6257
SHA512 6e8d76ec29c4c0444669584fb0d03b1831d95683147325bd19e61555c514a82d9fc6c673928ea8ab3963a4bcc6c411120c2837840c6b85399e78f048bbbe5fd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c32ed0c5b0273c04e7c09e8c2130eda1
SHA1 1c514dc5ec7102dbd17ee3ecb714f55bb4673569
SHA256 cf9519b8001928a8bdd8bd4cd0181cc5b3e2e165859b56ff6f3248d9361875a1
SHA512 4a21ad1cd9ff3df4087003f18514292afdf3156b18c3517ec14696c0f6ea7fde49c2dad26ac8078ef3658dcb0c02b07bcb3e09be63deeabc72129e24de97ad35

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6OJ32R3G\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 3da67f72beb2bc918c50c0b09d703498
SHA1 4c3cc781eef2a0cba34a236690366fb3c737b765
SHA256 de7d893ddf1fdaeaa94affff0e8e03f160817de06e85d125f8cf3673297d6121
SHA512 ba5d90975e1d1ba2c5cd201c1e85e4d2eb4ae7ed12d874283b2b9102fb0e16b4af8958fca085b4692b46758f087bf0300c7bc275b3317df73af2e49093168447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 dcbd0bf905a34f76235964474df1f2c4
SHA1 f26058f8fa02e188fcbd4e01bf694db844342ef1
SHA256 43026d275209adfe3c16b1daf6f44de6740e529d8f71b9762a9ef9f227c27ee8
SHA512 dbb3e12c0765bbf254ce830e9a0518139021c7afb4c00eb77a8485da196f63f0c56a0fd0f89494a4ed16070ab1faffb13784a031271bef2e90814b3cf0dce6d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e4ba6cff60132e4670497704d11bc659
SHA1 a3565a8a589cf87c83ff0f90ce5be41bb5ffc837
SHA256 ec110f96b61404ddd0d464b54997095f6c5ef0edfc7b3cb74016a58d22ec3267
SHA512 35bdcff30640675528a0431cd5e12d0568efd3e4f1388d66091cb58e8ada8d013545d5e406616e185f036f7c6e96c6b05dd69fb86af9b1608d5a0ef2dff2540d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionstore-backups\recovery.jsonlz4

MD5 465f0314c89cb0ebf1df350f21910027
SHA1 6b8fb8c484ac3711835624aef2a9acbf12ef59c6
SHA256 5339eb668eb06325aa1d247a98a22297b342b70ccff83c316a8467088ca22f07
SHA512 e707c6e53fbbab867de641cb2f2250564d7a2695be3904186bbab3ae47f6c772ac3c77467e77746d7cb1299bdf64b8b164da20bcbf6deb93f9a32a454ee77385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 721783644f7b946e3ea511fc6ac6e221
SHA1 d4eb8bc1c814f98c1a94384389e2b7a9e86de35e
SHA256 7d0068d6180518af19506c7c15ffc6e09aeeef1d75cc093a89279224e172c483
SHA512 54794172c1c511009b260f69194fe3ff93ced4c42780df10e584ea9fc092489aa6b289e50378496933c4b0aaa442fdc30c18c2d13efb4c97163fcb920394f3e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 218cebab80e22a6d5f061ea506f2ae74
SHA1 1d1710817dcb206c1c41cb3841d7fd4a179e99c8
SHA256 24bab22316482060f1111473130c8c77cc45b87d7797b54cd300ef5a763c93ab
SHA512 671e17f93d9eb9800d5f1cc6134371e417fe377b0506d765904477f889f999cc90521d00a768566b20f670a9be6d989adbb84ed8c2167ef67c644a84389edd2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e0ac9048f1377d4674b5ee67e63cf25d
SHA1 7aa3807ddb68b93d4ea6a6b614e462aae5e9aa05
SHA256 f9660c972e54a4ac2122323737b02db1bdabf648901f5bde4b96d6c139c30a29
SHA512 eac33c1d1865bf82b3b8b35e57912ad3c6668befcc957afec878313bed37ddf018029eb905cc3cf8a8156210a24a87dfd51c9799594b352bfb2180a30e77f818

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5445b817c4d648f6e3aa20d3649c510b
SHA1 667a944e12bc933dac7f4fb6f6e4f770d50656d8
SHA256 268b54508386e6f1ec9e0a77eab32811f3ae0cfadc7e47b124afb3eca0b4303e
SHA512 279e28695aaf1d84fd52924b07ff7e33bbf1f48f5d50ef5d229d64d87269bd2bb251cba886945d96e2325f373fde93135110163e9d509fcc82e54c4269182be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f463c0e8baec3fc8b73b6afda8315a95
SHA1 e5dc68eb55b4ea1c9e95c3ca5f6c8702e6966ae0
SHA256 6074785cb4efe399277dfee9ba564ccfedaaf2c2171bc9b0d9d62844a9cb4853
SHA512 1be2f55c1b77c01a8dc10a55559b97858d965293d254fee5834a9846b50f9c88e9fc5520b397c13408ad422fe0dec6aafe0b7e8d18e47fd66785cc93a8402f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2dbf476cd1c93987c662191d3c076090
SHA1 5af3ed90fce43dc71fb175e40066e7bee5c98dc3
SHA256 59abe177f0ec54cd074f4f9d9795ea4228b0346130f63efd854c8b854a541fa9
SHA512 4b39030d0bb0cd5e78e49ec5e84a866deca3a6bfe39da80105acc9e284adfae5d9da7a0bcef60514d23afc85d29580b8df930b94c624bb002477ce994d66d8ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f0f7eb2d2762c0ca9d197f1bd6a960a7
SHA1 48eef2c99be7349c2eae3770ef8fab48dc57796f
SHA256 7775e8ce3575b0e5c2f7beb62247083d91666d2860f5b1140a296b10a192c257
SHA512 c8ccedb83a1b0a3b9fbfd615be3cebbebee696298c8a5302f7dffb93eae477621668de66aa56f61609d032e28bc947294d1f75a737b8bd48a24a2e4d70de2cdd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ce40bc5ec5bb83d14215b7ed93057a39
SHA1 640375eb1f753daaefc813d7b62466cbc51e01e6
SHA256 79fcfd50b024ade15eae5b48d66b37a962eae4343913cf48974a0f7fad28245c
SHA512 e081fa1eb61f8f60f5df40de7bc3cc7684d9a7f9ad3f285f639a6e7997065dbc51e2ecc0cf8f08fa79404cbe1d8aed0a680595a0b4b0cefdb3a6678724673cc1