Malware Analysis Report

2025-01-19 00:30

Sample ID 240506-1a1ekseh97
Target NotMyFault.zip
SHA256 e26db5a12a6e1f83085cc40446a0b8fb6e322b989c46f4cb649a955682c15de4
Tags
microsoft phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e26db5a12a6e1f83085cc40446a0b8fb6e322b989c46f4cb649a955682c15de4

Threat Level: Likely malicious

The file NotMyFault.zip was found to be: Likely malicious.

Malicious Activity Summary

microsoft phishing

Drops file in Drivers directory

Detected potential entity reuse from brand microsoft.

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

NTFS ADS

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 21:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 21:27

Reported

2024-05-06 21:57

Platform

win7-20231129-en

Max time kernel

1725s

Max time network

1657s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NotMyFault.zip

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A
File opened for modification C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe N/A
File created C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe N/A
File created C:\Windows\SysWOW64\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe N/A
File created C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A
File opened for modification C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A
File created C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe N/A
File opened for modification C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe N/A
File opened for modification C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A
File created C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A
File opened for modification C:\Windows\system32\drivers\myfault.sys C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NotMyFault.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\System32\msdt.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2932 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2932 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NotMyFault.zip

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ef9758,0x7fef5ef9768,0x7fef5ef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1664 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2008 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=720 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3880 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2404 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1628 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1988 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.0.545813307\673730648" -parentBuildID 20221007134813 -prefsHandle 1260 -prefMapHandle 1240 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8564b9a1-6438-4299-bc46-499a85ff799a} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1372 3dd9d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.1.297561447\180025364" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20681 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fa9709e-5540-4c91-b2dd-d0780001fa25} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1536 d71b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.2.556714733\1960753194" -childID 1 -isForBrowser -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20719 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d129b6b4-ad37-4075-b34c-5c7b3dc76f01} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2316 1b5ecd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.3.1373717128\1304347327" -childID 2 -isForBrowser -prefsHandle 2764 -prefMapHandle 2760 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4223cc-4373-48a1-a57d-f6047ced64d3} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2776 14c88858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.4.325185590\497124" -childID 3 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5750e67e-b2a6-4dfd-b33a-9e8ecca2c390} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2912 d61e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.5.1296317246\26289970" -childID 4 -isForBrowser -prefsHandle 1972 -prefMapHandle 3824 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f28124a-bf4c-41aa-8856-ac1104489f4f} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3856 18fafc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.6.1380645488\1583238588" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ffdea0-cd12-4b22-91e8-98cd7f3aff7b} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3968 18fb0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.7.1630389350\1222017442" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6845168-2f52-44a3-af2f-ca5615ce8f11} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4144 18fb0e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.8.111290849\1443848483" -childID 7 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26477 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {150f3f62-bd28-4e13-84b1-73ef14f0b765} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2824 2102be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.9.1062880124\1216661744" -childID 8 -isForBrowser -prefsHandle 4352 -prefMapHandle 4036 -prefsLen 26652 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07439ff0-ce2e-456a-8736-5d7edbae50ec} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4008 22b6a458 tab

C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe

"C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"

C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe

"C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe"

C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe

"C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"

C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe

"C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe"

C:\Windows\system32\pcwrun.exe

C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"

C:\Windows\System32\msdt.exe

C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWFA08.xml /skip TRUE

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bv5bycnd.cmdline"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB8F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFB8E.tmp"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\phs_uobm.cmdline"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBBE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFBBD.tmp"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.cmdline"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC1B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFC1A.tmp"

C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe

"C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe

notmyfaultc64.exe crash 0x06

C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe

notmyfaultc64.exe /crash 0x06

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:443 bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 13.107.21.200:80 bing.com tcp
US 13.107.21.200:80 bing.com tcp
BE 88.221.83.187:80 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
GB 142.250.180.3:80 www.gstatic.com tcp
BE 88.221.83.187:443 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 52.24.210.222:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.233.67.78:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 ac.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
N/A 127.0.0.1:49902 tcp
N/A 127.0.0.1:49910 tcp
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.89.179.11:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 13.89.179.11:443 onedscolprdcus15.centralus.cloudapp.azure.com tcp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 download.sysinternals.com udp
US 8.8.8.8:53 cs22.wpc.v0cdn.net udp
US 152.199.19.160:443 cs22.wpc.v0cdn.net tcp
US 8.8.8.8:53 cs22.wpc.v0cdn.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus06.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus06.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus09.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus09.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus08.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus08.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus05.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus05.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus22.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus22.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus05.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus05.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus15.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus00.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus00.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus09.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus09.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus09.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp

Files

\??\pipe\crashpad_2932_IZBPDSRHCHSQZPZD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar9EC4.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1605a3fca9956c65f6476b914de26df9
SHA1 fc6e17307008469f4ccc6be3440e59a9faa5b88e
SHA256 da061a872b1ba85f27a7caf1b011a508621a19615976bc3d830c7c64e48551aa
SHA512 817c438601990a0320199e1628b2d9ff0fe09ef11ceba9ac620e31b851e0940e1487689f0571b04270c095c90edddc0e6771ec6217a9a2da6e549f1ecf2a4cf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 f782de7f00a1e90076b6b77a05fa908a
SHA1 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1
SHA256 d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968
SHA512 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8bf8cf9c356ea325d5d68844a2e5610
SHA1 99bd9aae31145571e88fdd43019d52de9fe906ed
SHA256 0a80c5b15b1be849443efa8cfa20ab0b808c33afd4a947e326a1d87e050eff9a
SHA512 c53abf6f3633315652b457167c129688373f92f64b48ca0f9b3cb122db81ef8f970f1dfdef162c83afae5f045da78a4c901ce9e88d19032f8f18bd9a9a4d05b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56ab629042b155cae4f8a5e3696fdca6
SHA1 972022f0b669f0ffee5d1b2bd974b2a1d22b558e
SHA256 00714dcabb9bd685e73565c8da9a443ed0ace1059b79d2d9e25279c35cdfc801
SHA512 d5a8a4976112c4b5806d49a31a6007113e070c3b92dac5a8d7d388afc2613485b0023b667bae63473d41819df86914846b883c6080513ea60c6f5937a5144a22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea82729537570feabda05dc73f95b8d6
SHA1 30dd87e0c50a05e98458212ea53581d831874e3d
SHA256 0bf341b9c5021e88e08441b4509dd38c63bbcfbafcb1c657770217e9cb5b1738
SHA512 a6f9f512ddee4d09af92eea084b87fe770c5f82ecced3487058ea8a7476aa3f6381d68e22fe4e48f630230b687930a21afeca994bf0f5fb29d110f923f645b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d287f735f4ac0065_0

MD5 f9c25d960890b681a440c29950438eb1
SHA1 5802f2f82c9a7dd6627640c4c06119cd5574a177
SHA256 8d18cb802a335d5f5af165a3286eb7ebafd424e6235a50a10237f6392b10d1bc
SHA512 a361383c8895d75d046ebfcde6e00ffef21cd34fc4bf85f288ad947e1177edbdb2d88150b229e9af42f71d697e62c9fca95261d8ce37090617bbd9a17b4f863c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c03a66f55691377_0

MD5 9063b78748ae3c344cb0506693e25068
SHA1 a3055b3a43b0b364461d23a82746c58988b522fa
SHA256 ca1fbbafe92c8fb780e961a86e0b97cc7a615e1aceb199eaceae58b7367f1aba
SHA512 d567fcbf8b374f6d2ec1065a43623f550b57c921f198c5595ec1b6f776d841b38c95112a0bf7cd5382c2f26d7e702774f112f43fcf560eb0490eb5d59130b77f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c35eefe94f0ee438_0

MD5 b9c5d5b4704d83eb30b9497df9da71e3
SHA1 7cea60c22655c7bcc16d4c554e1b9deadda41a96
SHA256 78ca6a3dbd9bd1b14e5f3cdb9d20f2902eb0098e545799b36ee845ac317e6284
SHA512 c3099b3d9a94fa79109c85b37511b0429b6f953bb73264112ee4e9f8a2655433770aa42e0c9f894bfa47240fb6b05a77b0f359b8eeac216924f47b5a746c2414

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09d0fd92f8e726a7_0

MD5 18000c420ea180823b38b1eb5b1bd24b
SHA1 114a364023550c2b294b37996da7a12f7b822052
SHA256 7263020a9cf19882504de1b53f05195b69e63c1a0f24fcbbe13a3d82cfe6a3ea
SHA512 3b88bb4b433c65bcbd93e08abd0252264caa4a884aa2e7518bb135526b42209a2ee9238a07fa0b7a0672dee346709f825087f775c51864c5489a0ab334c28a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76e1d14ce2f9e433d34edf84d46a5f74
SHA1 e2939ec90b7e081626c065e28fede207eb7e66ca
SHA256 c66ead0fa3f2ebf8a0c3747988b9d913ba363e7fd12fc83b84e407d28ef8f32c
SHA512 0232ea01bd4126daa256d3d2dca22a3627a9345d7998d1b44144aea8e1abb6d9710ba03e0016e8362501c7041256c49062086a5ee5d4f1d50eba22760d412df8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9f792dfa93ef83500d97b8f336aafa4f
SHA1 2fe5e59c192c2657745fbc215808025b58b2e9a5
SHA256 608a0cc3ad657d5e6b57a6662c88c3cde685d20a79135abb3ac80a0dd4ff6332
SHA512 6b934ee2f4908efbbd510200a6c67e1b4f423ed894218e958a1881b5e10dee8f4278dea71818cd04f412c9d175d83a05618fe3e832b8196b7b481d0b479afb68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04262b97987c32c96eed460a289d988b
SHA1 7e1fa2553a5cd74e4734b268290f9250f067d6ab
SHA256 a54106e863369d892df28f869284d72e6443e60c2816f52d16464a2243249235
SHA512 ed9eb15146f4f348ff26e22a815dd634f36ebc9269a3c5a489cd0beb938e2130c6a49acdcda1d7263d6f69ad759af68c7894cac64c3c34eb776aa5a4102e8098

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d08860bcebde550a1be9a5423280e872
SHA1 20634e6af867e77e703ad501eb11fa8d76889f71
SHA256 6828adb1d84641134cde9777c41f54d0154e4494d324264feea83d8ba4d0918e
SHA512 8ecd60cec1b071b2751b2b749c29293b9a62a411ea35dc747ad018babea03e004816b5f3afe08a71d1bbb790ad37c11e4f28d31c730b3b04390ef1eba056066c

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c63e1acf7f20b1970b52bdc8784b5eb4
SHA1 54002c2cc2f88b8479acb5f6dcd9d5aabb158867
SHA256 46148bfe10b2aa5d0582de39702bb32eec24cea14a77772528ca30fc6ab193f1
SHA512 395464e314f6a5732dc5b0e60ead97c0e94bc58e7944b27145ff596edbe7d8eeccf8daf95d02f1276944130bdb8591aa9c68b142a123a6084a056bb9f4c559e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 347661375e259aa553e5fa200c12dfb1
SHA1 8118f5f9adb83c8867029f24161b035d24db2f75
SHA256 0a7e931c2ad99443dee9878af362acd35d7efda690e38a3f5ea32b7e6f2f4629
SHA512 ed93adf752bae678c4fb08cb5c4a7e9ee6326bf08ce26321f134681d7370bb0be1638ff71e0c8c5ec04fbaf000d04ebddccc920d389cb86b54fe3b20ae0c5bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 459a6fa994b59b80e5bde1cad707ccdb
SHA1 53ab73f65d1357dd4b860a2a94d661e4eec3224b
SHA256 fb6bb713faa6fb343a4d843d72f8b6d6b96d36684c6c520ed43eba87a1f7bbdb
SHA512 3e97d6bdb4a6f6a723c927376241528c175408e29ee792bbb5e02719b3ecf3b3905d532691b74d816f112a53d953cdc9384451875cd95f045df0bab496900f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d2b5491b-1af0-4833-af49-61aca38b2308.tmp

MD5 fa49ae7eb14328e6ec58a5c2575f1d3c
SHA1 82d2b9f309afb1382ebe3898acc5a6ddb87e5f10
SHA256 b23aa0f925fe72631b8e9edceb4f4e6be1045c52759bf42fa03270a15317fddf
SHA512 f945d4461a6891ec52529bb0e063a0b35a71b28dcdc74dde1ffaa0c5d0e8a8be78c4de8b95ac853e07e04ad0d86f27188abc795c63f4c6cbc68757a74e7cac50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\fe3507c8-3ddf-4900-beb1-10f5c9df3045

MD5 26d84d26a97f3a050c054bd9336fa7ee
SHA1 c9e6d995bc9c474c61473181597529e41b8f09b8
SHA256 9029f698ff473eec36ba557faf25b079108235acd8c294a0140b9b66819accd6
SHA512 7148efac0649ab512c36512a73d9a5dfcf812cc3746477af79390ffe63d91723053d235bcd3c024885e42878cfd28f7ed56664635b9b62e86e5364a819976171

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\bc8331f6-01b7-42af-85e1-b36feddb7fb4

MD5 b69446933fee03d5100bfedf3b4c1024
SHA1 f932dd7d9365c0c3c8fb067eab0277721c2504b0
SHA256 099ea5c87b4a0845cbebb4305204522a68f113cd9f0fc9a92e44ccf55b6f6b1d
SHA512 44f3fd6da01b183a5ee56640e6f8361b06797dc2e30a1d7b05acfeef4199f65440e72143cc542474650b7fabf0f0ca3041cd160534c32d1aa4e0d5bd141ec4c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 69db0906c828dfaef2e77bafda0f9c1d
SHA1 9304b4fb7275c2e3a5bf07aabb3c86e17159efe0
SHA256 40064c36f56bb77230f14461a37672dbb83b1e9d099ebca85adf664e81aeaf56
SHA512 568c54aa4193ee08ecc18bd7575b0c15489b7ae3c2ed4c9ef3b23a3e7f57940015a7d35bbd6236a0a0b4835cac7a4e26ae8ddea6e2e570469a83c82f528fc682

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 49c5b368c1898df08a78322108f587f4
SHA1 f59894f92a18540f0a49146ec5ee59d28e182969
SHA256 9d6cf847978fca7c09d0ffaf264950b343d5ec62378e8dd5d0f3061d0807088e
SHA512 aebf5dad06d6ea78b5639ae096ce81cc2cd8e661c40f337b21c084a81f9f9bf502b3e3e69c84179d40c5ce897657b434e28c507521297db6048c466e027e3848

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extensions.json.tmp

MD5 3d95ad7f4c3f0ecb967bf5a0ee96da10
SHA1 fd50c488f94bca1cc6109f38ed8ea88c821eca09
SHA256 6f7e50057eb99c8fcefa87e0abf180316cd0a06327555068ffd3de2a0edaaeee
SHA512 36f3428a77ec50cf7f778a507f86487e01a711ed2955b61f8a1425399a0ed7f31ce01743f0488ff26009532c8fb8452e965e30631953f80911d607e17375893b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\activity-stream.discovery_stream.json.tmp

MD5 a452031bf498ddc05af06febbd88d617
SHA1 5c84567b287f74eaff2dce4832424ec0766b51ec
SHA256 57ab21fc8f01a87a53341068def035889abae5fa3fe6abc1568d44192b214955
SHA512 8b868e9ae9be7de57f8ffbe27796b0e1d3f7a95eb561ee3948375d5445e9055d1b360431ef866f98c57e619f82685f5f6522994ba76c89a9f71f768efcad04a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f9c06ea3fa3d7ce9449ffa9473fc3ff
SHA1 d5c458c5ffd3de6e257461c1223f73840e7f79be
SHA256 4b6ae0afe0655290db39196c19c56f8e190c0470d9b25a2b9785f434df06279b
SHA512 fa56d02946207093c3487a55d3b7492b9c95844b997352bb13925083f7794aaac2e665f805d7cf50fa1e80713b85a6d60f3c129e00d2e9b1f22943ce15ae380b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 2ce666b3ad6825378091e36f9c1bd4fb
SHA1 afe24c1c4fdc472d4c9e94eb515893a1d30c95bf
SHA256 580e454b567757547e057990a1d8816a05f7f2523fad46307cd961b20519e3f3
SHA512 a5085f0c61a5b2754f488e6ae133f8fd13a9c815176888295482724cdebef768f7ddb486e8b7fc4dcb1b19f20756f96540fb10f4aab856fe49995ad74f17701b

C:\Users\Admin\Downloads\NotMyFault.Suq0GMqT.zip.part

MD5 0a8d92731c833019deb9cbcfedef335b
SHA1 2abc14fc5a887d70eda966c7f30963156f207d95
SHA256 1584c4316a2eb12609c2292e60f2d8006922dfc896287a18e7d3a6b7a2afceeb
SHA512 9f1313fcb0fc3bfae30c3f791162cb63f80e93d70c2d6ad9236110346f8e868cf11d4bc00e3641d9ba6e3b6ddbc92e6d2b6b144eebbe3d4e6bbb5cc00c4c7398

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 54e9245d9b3cd81a7c6b1a3e79980400
SHA1 3c5d1c4f63ac63c63c359a9185a541bb0b4e0925
SHA256 6a288268dcadde7202a1434f8accb104ad3fe4efbe75b33df528d36725eddf0e
SHA512 93acc1fdb9d9de38f681d903e3c0583f35d37d313c6a99b0c6d77b537ef8a6c0e7da191fa80c8865f47ddc97b2751087b768827614cbce30317ed7af6b4dcc7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b928234e6d67fc9d3ae973937c299f6d
SHA1 9bf24e258cfdec20510006e3300f57762e105715
SHA256 2df1c6715a43082bba9820f9c7b0b423e5d8dbf93f26221d06551c4279db1e04
SHA512 486fa2d418a7fc25a56af4af84e463e039c7200e092f2271ba88c16c6ac71bc8b8d463a063770a3dac924ad539f43dfefc113760a17be1613bf09a5977c0087a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fbd183b87a91f35af6a7612e9dc67698
SHA1 73a7e6f50acec67084ff5272af8d5716b6f571f0
SHA256 bf615e491ac8f53cf7bfe0602e8c01a6fb53427130f37b017470f65f6fa45e2e
SHA512 a8ee2b1b76960af9585f333266eee3c5c2884684440c2ddf2cb30e57eb4d08f74d616d4b5ea06d8c553e6c8aa312fca762baf037a1a02438eff3f2bfd2c0893d

C:\Windows\SysWOW64\drivers\myfault.sys

MD5 d5adea32410f975ea943521da0f7f31f
SHA1 835896d28dbe897fe11c8605f59588741389c152
SHA256 49c93b06246d47522e1a9cb9b1f5e0513db736bc466983eebfbf4445479d9419
SHA512 5f4814e3de3cfecaf3f4b2a9daea783e8d61a516b2ef3298205fca050a4674bdc5f38c2823b33e8aee24346efcd56a75a92409be9ee2414cc2b178b95322743a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 93e8c672653372f7fddf9bc3130e1021
SHA1 41aa3d923cf72e38813d37cabac6d835525eb417
SHA256 17183dc01ef20793f6dedd5532f53c0139ed523afeeb0e485858697dd7a9d663
SHA512 3b5a7dc042d623cd486bc3fc875f2a2cdc3ae56a7721e20a16087b600408cc356451bd14769355c088804f36f2f42911b1f415f14f095cc08ede2ca55014e42e

C:\Users\Admin\AppData\Local\Temp\PCWFA08.xml

MD5 018b3bce62e32e1c212a892d70b7327c
SHA1 adf054fc289626f9db9707e31bc4dbf160531729
SHA256 d5cbc71e26889ef9c92c4249d2485eb947754177b3f23e577c0e8758a57aeb9a
SHA512 ee280ae7f757a58309d1c2f1bfcea21cadba08f809d6fb7dce5afb93866e5d4ddee019691f3d938f0f9704f2cb3a9cea9003d5de6cff394ba3f42e66aaf3b82a

C:\Windows\Temp\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\en-US\DiagPackage.dll.mui

MD5 526bcf713fe4662e9f8a245a3a57048f
SHA1 cf0593c3a973495c395bbce779aef8764719abf7
SHA256 c8190f45d62c5c03013ffc66b3f9bf60f52a32464fa271d2fad5fd10432da606
SHA512 df7e93617461c2fd25b5b684311126e66b7cf9f1ecfbf4c8a944f65fb2c904194ec635a9c7b962d4583ea77b0312435c7dc1b5ecbcb1fb3a5a74fc1eb2c21d04

C:\Windows\Temp\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\DiagPackage.dll

MD5 e382ec1c184e7d7d6da1e0b3eacfa84b
SHA1 9a0d95eb339774874f4f0da35d10fd326438b56c
SHA256 786d95dc0d59089e14055385cce8765888f55236b5220fdfd28cf2d9b07e63ee
SHA512 019bcb4f41b5bc5853db2fa528ef126e839c5b0d0dc096dd441ba02d8c71e7913efd16b74aed93952ad2cc5422b151c12d3017fc22a65ae5ce2e7e1fc72a396c

C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\TS_ProgramCompatibilityWizard.ps1

MD5 46e22c2582b54be56d80d7a79fec9bb5
SHA1 604fac637a35f60f5c89d1367c695feb68255ccd
SHA256 459af2960b08e848573d45a7350223657adb2115f24a3c37e69ffe61dea647f9
SHA512 a9a24df3fb391738405d2ea32cd3ef8657d8d00d7366858a39c624dc9ebbf0b64d2817355d41eed6ad3cc7703d264d2921c8a2590ff95601d89f3cca72ba786f

C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\en-US\CL_LocalizationData.psd1

MD5 5e03d8afb0fae97904a14d6b2d1cac9a
SHA1 78f401b1944ed92965d7a48dba036413688f949a
SHA256 538a5f22a12b0be59a7a83e0381c6ff661932f07643a87c2d3a542eade741671
SHA512 884c0494728dd9f1a4fc8092152b2253350304b745d6fc1e4b02c9cd2366bc8c92a169c549cd77bcd67e5e2e515d89d46c1d11de5eeb500d531d87839365cd19

\??\c:\Users\Admin\AppData\Local\Temp\bv5bycnd.cmdline

MD5 2ff2063fafcb36b03caeff1ac5ed64c6
SHA1 9300884df4115a6787cf3252862e08ab77832c57
SHA256 51f6f326044d94e2862f3c5a16c2677e5b8e72a7a1b09a59f969de80877e5a09
SHA512 df5bf388675f397b17d2f0acb8c30989102cac565faa1c060b9092c20abaa260ba2dd27fd2799b6520c3d8126872dd26775a02e554ecb8d5c4e8794bd111d67a

\??\c:\Users\Admin\AppData\Local\Temp\bv5bycnd.0.cs

MD5 b0dc59b099ca7c12fb8ad72d3c50c82c
SHA1 f19e28849921cf51e322824c5a8ae8bc00014cd1
SHA256 e75eaaa3d7908fb05000c0a957048d20091a0d2575e87d091d11cdb3a5b562e5
SHA512 852c937d36afe3b6df5826b9f1877d511259e2a0ffcdf229c8c655ced7346b36e526928537386121e3ecbc8b1285144dabe3b760db1873cb3baaf70a0f21c364

\??\c:\Users\Admin\AppData\Local\Temp\CSCFB8E.tmp

MD5 ca726cbd46264a24d32258225956ae01
SHA1 19dc2263c2ba5152a70028c910715554c969f173
SHA256 d21a7258c9449353ea88007ab8d228b17a693c3c5f3927474e0793ea05f36283
SHA512 8f6c89ec71c7431794b188af171e5567e629a8bfab4e85de783c3754047382bed1ea3e21d62a6df13f9f4b2c5bf1d33c8fd27e20ac012c79ce9f4a5d7098c4c7

C:\Users\Admin\AppData\Local\Temp\RESFB8F.tmp

MD5 f5c9034346866dac6fdad8ac8234df56
SHA1 f0089bc887fcb1c48e750a13e0ce94384e38e1b4
SHA256 9923bb777f82fd3a76e2eed6764f66930c3c19899d67e15daec6d354360c4824
SHA512 812e79a909c8fa129d2160b31e29b6602fea5f5c8684c8436094be62fd10f40ab2c4855b9ab2293797c4ae54b4d3bce8756950f40ab830994d61df4588b5b2a7

C:\Users\Admin\AppData\Local\Temp\bv5bycnd.dll

MD5 7dec6558b4dbaa74fdfc7f3849e4de4e
SHA1 ab00d9dfd2255235c8e90e0db387cd295e3b6a77
SHA256 a506fd09e671edf3e70b0c6b0c2627859ccbb104492d1beb566def7e25e3eff1
SHA512 a92a241d77d85cd6d8e6e0efea98b41d87fc5f90ab942a29ed4ae8d8ec5222516c0fc9e77e037e53b447ad8f7124ceb72d170633c03166c90db0923ce167e1ba

C:\Users\Admin\AppData\Local\Temp\bv5bycnd.pdb

MD5 cba8efc7611c2050ef2253560f7a4f90
SHA1 84383bc9eb4ac01c67a788f8c04418ae392c0343
SHA256 c930ee11c46c996f4f2c264e7ec9f413224b9eb7dad3b7f7d0146988827be0a6
SHA512 8e15ceb56c4bc43014a7405e40317eacadfdde670605e89d6a599b1243b70206a0c6f8330bc60bea87eac5624e97f88bc4070954f011f40dfdda3c526542ec4b

memory/3952-1179-0x00000000023A0000-0x00000000023A8000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\phs_uobm.cmdline

MD5 5ab33bd4945e9b8eb0f1dd2700e7cdfd
SHA1 9245771a1035bc75fe2353ee70b0f267c086e65d
SHA256 5beded8a8217d6ab81be91df78ddd636a30ffb49aa62a7e74b2a0c98e3bd8123
SHA512 cb642208fd02bda3d35a7d0e1ed4afe63bd1b7c23ced79a1eb9ec8d8601554031961730ede1a9ef98f1cabe4cd87876f3a14bb57e920d7cc86b469bf56eeee64

\??\c:\Users\Admin\AppData\Local\Temp\phs_uobm.0.cs

MD5 3880de647b10555a534f34d5071fe461
SHA1 38b108ee6ea0f177b5dd52343e2ed74ca6134ca1
SHA256 f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e
SHA512 2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

\??\c:\Users\Admin\AppData\Local\Temp\CSCFBBD.tmp

MD5 e3e3f9404a3a9768cad917ebdedd3764
SHA1 4c171cf61620696e899f3741875822382187fdbe
SHA256 fc558dc49513e1edff6642b09bb86f14ec62113d31edcb74c1f3029f69747047
SHA512 86b3b6a33407e316e81f07a0df9a744a6f126b857f70c6962b1465271c2e29586ba20035d74aea62c10af5f5a9a90718fae15b0a9bed8b5dd87e323662d62756

memory/3952-1195-0x000000001B200000-0x000000001B208000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\phs_uobm.pdb

MD5 ab9ba38efe841bcefd8e40ba71bae80f
SHA1 09ef350050deedc30e205fe01e7ca10016f4dc4e
SHA256 c85bb2e92c5e739b4557a816212cd61d8a10fb11664af6d88441548748a15eff
SHA512 a10c9cdbf2b4d7fcd90fd0eb1d4e1463f74cd1e0991621e17f0b34eeb265a5b20ed45b78848dbd4ba69055a971a47c618e668d3109f63c4301066597c6671d2c

C:\Users\Admin\AppData\Local\Temp\phs_uobm.dll

MD5 f39ffaddb1d6a72bd9d84dc6b5f68aaa
SHA1 c9118e3a5f6d8d79956d6d7a5edf930ed818dee2
SHA256 5530d199db31f433ab57fe759ef25509516a9c510af9f90a76b602c6bbd85643
SHA512 358de256ea6855caabdcae13bc7391605b37322877ec1558e5bc325e39a8ca0996d6f48ec224793941a29084ffb544a3167b102eba0ade2790e5c58cb7f2fc94

C:\Users\Admin\AppData\Local\Temp\RESFBBE.tmp

MD5 17577abf0e97152c7ff68c2001ef4b85
SHA1 a5a542bb61ff702410bdc9c198fdb50e763f1bd1
SHA256 5d66df0a7e5cf7742912b3731b8ef97d78875a04822decee8dd5c7688ac59c16
SHA512 eda85bc8c1dcbf6e3c18a81d63af9b040be7cf5223e48163658e9638f05a0828901c033c34b4cf8fb17a9ae44e9c9b9c8f042b571a6bc34c8bc23a19d8832a49

C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\RS_ProgramCompatibilityWizard.ps1

MD5 367fe5f4c6db87e1600f46687e5aac54
SHA1 9807dc03ea1ecf6ab12f36feec43e2a635ebe145
SHA256 177625ac9b07bbffcbbb47101c2d1121f47b03b42226861bfd7974b9cebc0c98
SHA512 694e1a2c2c508aa6105872d867981431ef895834703ab498c2483630a97a46cbc1ecff9a62857fbebeb85cf2ef9c4dc51e4b6f20cf74c65c1b67f68acabfa303

\??\c:\Users\Admin\AppData\Local\Temp\iyr-zpxw.cmdline

MD5 2079a9de5b5659b3f7fd55afa2fd4ab7
SHA1 b86c850b3526cd4b4e97d607a0748cff59afede7
SHA256 b0b1ee8863f66ffc747ff719d51fd821029ae045fcca44089858a6864aeba577
SHA512 7000757e448caf14ce9e65e05cb1018806f201c71923560e1a4b5194b3f82c5abaaa00366f8d8cb987cf9a7944debd6e66ac79d947920def4768060001d8d899

\??\c:\Users\Admin\AppData\Local\Temp\iyr-zpxw.0.cs

MD5 252f38959fe104203e386334ad7affc2
SHA1 2c8d8a8f2952d79afbb9f1c39407aed139a6ca60
SHA256 32d6b5a428a39416d88b77bcb7569c68ece04d78805ee8200275ba37b4648216
SHA512 7a7cb397908f0b68255f44d13b56f24b98566445f48f609c04093e9f319b3b1e06df22a5a0783faa59c12e221d3597a8a950d1c10f5a3502ddb091ebdd362421

\??\c:\Users\Admin\AppData\Local\Temp\CSCFC1A.tmp

MD5 a207bd4dfdbdaaad4ad23be1f9b2a338
SHA1 d0a775db69be42163e9d773be101878add7ede7e
SHA256 53aa2587723c12e252e57ffa2cbf5531143f7a7e66dd2a85dc1c3663d14cdbd4
SHA512 72c70e74601002995bccfcdbc8d2857b4d881c1976b4f1f0d95ca20d27dbc4961f49653ef573e5b0bb97f3f75a0f43861a1567a25725716af2b8f2eb979e7291

C:\Users\Admin\AppData\Local\Temp\RESFC1B.tmp

MD5 d4a6d5a83dc15956a5ad42856d3a53c9
SHA1 e6da03fd89773cb47a8fd3339f7b84d65cff07b7
SHA256 96fbcec50263d8de1068520d6d3b46c46fabd070c00781809de271b99a69d12e
SHA512 086ded886189bb87287746ac24ffc8d69491e395f177a62f4ab03a36f703ebb403a0ddea196828c42bae132432526d0e69370391f885c009255d4e0b2693c344

C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.pdb

MD5 2f627d8c69bd21d048146c7277a46965
SHA1 ad37c3d07e45de6ffdd7cb7923b9bd28b1006992
SHA256 46465c8d72397c5c70b1ed736a6fe6c72bb3a7b35f274b87421ef72655fbc6c6
SHA512 6adbad39ad6ebe15e4df1d03335c1a9652db0e94c378ad5cac01d78fb7a027b5dc3170dceafee7955bd96142ab51201268da660cab6a6400eadd5f30e4cb458c

memory/3952-1212-0x000000001B220000-0x000000001B228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.dll

MD5 1955960925954c71bda53fbec475044d
SHA1 ee7c614270b40f8c5a0afe93531de8f7091d4df7
SHA256 084ca4c3e2b0acb00e71b0d088c1940b9049e8f1b56b1b16b746a3523abf1c9e
SHA512 298009b3194b35cc2f6d7ae42c2fc8a7bdef894fdcacd1d77ee700b46e5fa5bc42760acd84c882b9baed05c49674234d9d7a93278d8c9f51781f794b7d409ce3

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024050621.000\PCW.0.debugreport.xml

MD5 108c0f3bf996592139497e6f54dbe614
SHA1 6996fe7b669700e1c16b6949309bf1fe0f64bc7a
SHA256 dc91d7eac34d7ceb3b3e4a3a077b7cd86b46939fda6179caa6bbf022f12b2c38
SHA512 1698596cd4bfad27b6045c6bd916893f2d7ee1483085d7128ae852173d89ce3cdf376d5f22897c5ce84427520fe69355d90021f841b05e62bb8f4b8844b00335

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2017932e01c87aba694c47a5e410cc90
SHA1 01aa7f0a92e18ba585a983d5e9aa2fc0ac791230
SHA256 4d5c3df5308599c80a6459baca510ad355af0c7b28ab439c1966a2ff268411c2
SHA512 6c4f2b5be373d2b96a0f9b4262aa4bd7de0175712b2e37fef1e815d2d4c63cb9c9b2039f1153cf2014db69e6a26d3948b3f543116897c234719bdf0d3c9bc669

C:\Windows\System32\drivers\myfault.sys

MD5 c52966a7b415e208bfb17793576fd074
SHA1 2f2f3f31adcd9572a5e04eb79c93155ae4b1f143
SHA256 67572c9a0bb9319d7904005e83676026a7b23489581040806a6aadd22d150185
SHA512 a5b40941cf03007e69cb4317d2b9db8f2881c1a88c4970406e2126e19c9eb155d586643c4ce5e9a6bc8083e586d070b71fd1a5139ffb65bd093f56bb969657a8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 3b737135d1a45102d6bdace0a9a2b7f7
SHA1 82cffd5557476010b5384672e7cf3b1db2139413
SHA256 0eab18d24969a7451cccfed7e66ea36e8569f8874e4444c21669eefa428c0f02
SHA512 1ed106cb616e7f09321dd90a213529cb694cc48c6e76e959f802e989089e5b16cf770920ccea9814e3efeb006770db2b36fcc31a9562c756e53a2ac88e257d32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 c0274df9d748391b14678f972edad37c
SHA1 4775a48e1618d59dd629260fe7bb1c7d1013b02a
SHA256 655ab7ef074fba184bc8cedfb99d2adf0220c971ffe2e8d2b26f439d7afc87e6
SHA512 88b6a49203d9d8c75dd3ede9ed48a9c0cc35c07fa97ddc1be94768b957665ae42e1e085095b5dff3534104d7f5ffb3b08ee34e8031a7821e7cad088a2540d05c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 95f877f1816efebe50a70ee07630f79c
SHA1 5e534f289c6febb996b8e736b166d70ddfb92160
SHA256 87cd985c28469d0af21219a1968e5ea19d7855f9e973f7406651384aa70bd875
SHA512 dc7ddf9c30a78a9482fca30e15a343a6d010c88df41828bb7f49fbfc8ff8150e04428405050fd4ec616d6f5ef4840444f2a06ced072b4e41c988ea9c64843d70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 dfb8bcf943945a50c911974574dfb7b1
SHA1 39cf31d66f19666745595f62812b17db28b49576
SHA256 2a1153fa5aa81edb0238ac4519eca5d1296cbb2fb201e0ebf8004625743263a1
SHA512 c9ab3805be6684b310d004ab24f871bd2637c48cae45b64944ee535c4192a3e1b2f0d954276c011371070a526be35c302a9bbff81b9c8fe5b1abc2a78d8842ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\addonStartup.json.lz4

MD5 35860b7440797fdf92b6b343858fae39
SHA1 62c24f43eedf6e71b226f0159dbbfeecc152f47f
SHA256 fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498
SHA512 5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extension-preferences.json

MD5 0bcf208899396bcb6e659783268d3b67
SHA1 89b0cfdd4f7bfc36e9263cff6432080429a3eb49
SHA256 0013ff84e9c5a777f6f161b7cb6bafcc3fe1ec554300e97be2361196af214c21
SHA512 f45d7288b84b08c977d55ef0de766aabab0223f027b1ee6cbd2e29f179d4e6555a479c13abde15a73b1335b37721a17c32135ff3f8ea04323d6e9a68e1c4ab24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\xulstore.json

MD5 8c8e29dfc7492b92903124e1da454a88
SHA1 09e1ea8b5a53255747809121543598e55e38f9ba
SHA256 08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb
SHA512 bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\targeting.snapshot.json

MD5 466a525b72da72c8d3b7e3e209864591
SHA1 047812768cacbabad7abc81ec545c3bf562d15b4
SHA256 cdd176d7346839e4da433ba182d2e452935f397929c80e677ee0baac378dfb79
SHA512 816ad33744e2f4d0f4f8cbe21db26851400a51493e5b62ff2a0c3dcffe93a597548107bc8fa37237a45a9065647641398bd579c134903054dfc2d4e9976dad2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\search.json.mozlz4

MD5 e4b66478ecde473b6d9c95d7a4350d37
SHA1 cf125f3ec9060bf59a3e4449b0fb151eaad01c5e
SHA256 4510c82fc9289533b0dbaf0a2a70a45589814c06be7e9adc395100ff18d5fc73
SHA512 0fef6926821a19f686d0291db9e7efb1a60cd6d13d94d4cc6fc3eeb06be3807d697debde0a5a264b430d449482bb26666b8273c7342e99d592e9b516027c086d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\bookmarkbackups\bookmarks-2024-05-06_11_mUDMqzp9jbRt6ySnwvoA3w==.jsonlz4

MD5 20be0665130ed556da4834176282d8d9
SHA1 2e90b493924bd112c82dca176d8ecf30bca37f4f
SHA256 d19af3cc7ff4ff9d3debfdd830d6009485c59b9018e3f72da8998c9398475df1
SHA512 f982351d34fb751d3e4d130a0fb08e4bbfba590ba9fc889c85b20f4b604f652073becd30c68190d30717904ff753f18c060df03a5fde0d663a0dfe3722820a19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\doomed\15894

MD5 1d2bf0efb6010dc1662dfa66529b21cd
SHA1 e86588b44f441eada1f24321320fd8b340473ec0
SHA256 94f57733f2eb1e028ef4c09964cbf1915ac3768c5a2915b9f7929d341ac92b97
SHA512 e11fbad501f807c754cf3e71ec15f8fdd1052c86543fb9f527e38e2919fc087362675a3850fb5b9984ffc15c19a9ff80618ce539ce5550aa6e231c93f6ada901