Malware Analysis Report

2025-03-15 04:56

Sample ID 240713-v56xyszhkn
Target http://example.com
Tags
redline 5637482599 bootkit discovery execution infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://example.com was found to be: Known bad.

Malicious Activity Summary

redline 5637482599 bootkit discovery execution infostealer persistence spyware stealer

RedLine payload

RedLine

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates system info in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-13 17:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-13 17:35

Reported

2024-07-13 18:05

Platform

win10-20240611-en

Max time kernel

932s

Max time network

952s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://example.com

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5880 set thread context of 5736 N/A C:\Users\Admin\AppData\Local\Temp\1720892317061.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4184 set thread context of 5720 N/A C:\Users\Admin\AppData\Local\Temp\1720892358303.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 709cf1994cd5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023a621264b0c034ba468298c744ca3cd0000000002000000000010660000000100002000000087b05d428454765af4422e03d6112bbe41efd9571e5634a517296f40762d2afb000000000e80000000020000200000000c10d95e4cf24c0b4664f7c5a8b81c79ed62839efe3f532df09e174a816af92220000000fba9f2fe9cfa2adf173c7875e66beda15959edee76a4895f2e2f745217d61be740000000e47fa1d4a805e894ee3881e5d6321334e9bf2392cb50a6478962a30875080b2816e7b2605dcd3969a8a66c5bb089baf36b448c3229e308f6ecb772b557319b22 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c023fc994cd5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2573435929" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118668" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2573062252" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118668" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2573062252" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118668" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2573435929" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4E36A27-413F-11EF-9650-6A4C33EF0752} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427657736" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118668" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023a621264b0c034ba468298c744ca3cd000000000200000000001066000000010000200000002c10a143b931847a02abec63c502d300adefad48fae835b5934b18954bafcc6f000000000e8000000002000020000000f34ae01528bdb6992505dae543a2f216e8ac50444ee4b7f9551351cd6a9de59f20000000cf0e07f4959358ef023d982f2f0eb53813ba8304db6f0a64151b4f2f21e6385440000000b0d0c6b0be43e6402576697e0f34970de598b8bfdb306f546d2561fb97a366094084e0e04b75708e7e9d9aee88e03128cfab1c7ad977ae9303ba9af1d05ae98b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "427706322" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "427674330" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\FlipAhead C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653657526964708" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Monoxide-main.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Monoxide-sound.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Launcher v4.2.zip\jre\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2004 wrote to memory of 4728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 4728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 4732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 4732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://example.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb8cb9758,0x7ffcb8cb9768,0x7ffcb8cb9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2656 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2664 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3948 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4576 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5028 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2148 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5252 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4744 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5408 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5572 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2948 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4744 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6164 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_Launcher v4.2.zip\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Launcher v4.2.zip\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Launcher v4.2.zip\jre\bin\javaw.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Launcher v4.2.zip\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Add-MpPreference -Force -ExclusionPath C:\' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableBehaviorMonitoring ' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableIOAVProtection ' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableRealtimeMonitoring ' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableRealtimeMonitoring

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableBehaviorMonitoring

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -Force -ExclusionPath C:\

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableIOAVProtection

C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe

"C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe"

C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe

"C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1580 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2988 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Start-Process "C:\Users\Admin\AppData\Local\Temp\/1720892317061.exe"'}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Add-MpPreference -Force -ExclusionPath C:\' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableBehaviorMonitoring ' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableIOAVProtection ' -Verb RunAs}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableRealtimeMonitoring ' -Verb RunAs}"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3920 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5812 --field-trial-handle=1776,i,1498708965763456812,14382012219680903559,131072 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -Force -ExclusionPath C:\

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableRealtimeMonitoring

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableIOAVProtection

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Start-Process C:\Users\Admin\AppData\Local\Temp\/1720892317061.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableBehaviorMonitoring

C:\Users\Admin\AppData\Local\Temp\1720892317061.exe

"C:\Users\Admin\AppData\Local\Temp\1720892317061.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe

Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Start-Process "C:\Users\Admin\AppData\Local\Temp\/1720892358303.exe"'}"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Start-Process C:\Users\Admin\AppData\Local\Temp\/1720892358303.exe

C:\Users\Admin\AppData\Local\Temp\1720892358303.exe

"C:\Users\Admin\AppData\Local\Temp\1720892358303.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.0.401413233\2080755403" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba2e87b-235c-49b5-8319-c1518b9e5f0e} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 1780 1c8a9ef2958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.1.1609269054\159375276" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20926 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d9e708f-09f5-4bb5-a741-caf56519866a} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 2124 1c89ef72258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.2.1070260212\177356836" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 2840 -prefsLen 21029 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa26a81-51ee-4629-8dbc-1bc13814fb48} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3008 1c8ae0ac058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.3.1682135153\895949801" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b4de0a-a863-4960-ad49-f5f048bb86d2} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3616 1c89ef69958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.4.235764953\637303639" -childID 3 -isForBrowser -prefsHandle 3912 -prefMapHandle 3808 -prefsLen 26273 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2086e75f-ea75-44d8-b668-74cb19d1c0be} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3924 1c8af60e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.5.333709428\974559632" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4880 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec8bba43-7465-4b6f-8521-2ec6eedd8e63} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4872 1c8b05e7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.6.1127153131\74102969" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6aa36df-c83c-4879-8985-b17d8b8b776d} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4928 1c8b064f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.7.932198479\2034191184" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {822f4953-e000-40f4-8414-51ecdf295bb6} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4872 1c8b0651358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.8.1515117734\2144568785" -childID 7 -isForBrowser -prefsHandle 4576 -prefMapHandle 5600 -prefsLen 26433 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {847e1d57-7d78-4a1e-885f-db2a8dec4e04} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5596 1c8ae6d4558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.9.798682421\371345579" -childID 8 -isForBrowser -prefsHandle 4600 -prefMapHandle 5928 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35639a18-3c2e-45fe-8a30-c5c06c1a5ecf} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3148 1c8b48b2658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.10.1375145460\927066220" -parentBuildID 20221007134813 -prefsHandle 6164 -prefMapHandle 4892 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2299c3dc-5542-474e-b6b5-f7ef82898a67} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4904 1c8b4aea558 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.11.1398393147\1806066482" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4736 -prefMapHandle 4744 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93d53109-c847-4b08-b4d1-1ef68b0bf68a} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4952 1c8b4aeb158 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.12.2007023892\6113124" -childID 9 -isForBrowser -prefsHandle 3040 -prefMapHandle 4416 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad83a451-169c-471d-85a8-794bcdff4e58} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5720 1c8b4cdb058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.13.1542327805\1071606587" -childID 10 -isForBrowser -prefsHandle 6604 -prefMapHandle 6596 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e34cac25-d85a-4150-85b8-73228822cdf6} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6580 1c8b57a9e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.14.1649828497\146004903" -childID 11 -isForBrowser -prefsHandle 1296 -prefMapHandle 6072 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7a3d62d-0bdb-4df7-9066-b1ad654a5f5d} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6416 1c8b56cbe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.15.851321994\900928030" -childID 12 -isForBrowser -prefsHandle 6488 -prefMapHandle 5872 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d77fedca-0ac7-4007-843b-1ddc30e71942} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5272 1c8b5bad558 tab

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\MeasureSet.xsl

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:360 CREDAT:82945 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Monoxide-main.zip\Monoxide-main\MonoxideMBR\qemudbg.bat" "

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Monoxide-main\Monoxide-main\MonoxideMBR\qemudbg.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxide-main\Monoxide-main\MonoxideMBR\qemudbg.bat" "

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.16.318877152\1841670184" -childID 13 -isForBrowser -prefsHandle 5656 -prefMapHandle 4552 -prefsLen 27631 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e4c9226-8fa8-4932-8688-fe277725425d} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6336 1c8b06ea358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.17.237430696\1846176703" -childID 14 -isForBrowser -prefsHandle 4428 -prefMapHandle 5828 -prefsLen 27631 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee451eba-232a-48ba-b5a1-273de8fd3ba2} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 7060 1c8b4c59858 tab

C:\Users\Admin\Downloads\Monoxide-sound.exe

"C:\Users\Admin\Downloads\Monoxide-sound.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x200

C:\Users\Admin\Downloads\Monoxide-sound.exe

"C:\Users\Admin\Downloads\Monoxide-sound.exe"

C:\Users\Admin\Downloads\Monoxide-sound.exe

"C:\Users\Admin\Downloads\Monoxide-sound.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.18.964331075\83449471" -childID 15 -isForBrowser -prefsHandle 5344 -prefMapHandle 6564 -prefsLen 27640 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb50d4b0-a1d9-4c63-bc05-75712932d1fa} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6472 1c8b6c75b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.19.2146394628\1794463991" -childID 16 -isForBrowser -prefsHandle 5816 -prefMapHandle 1596 -prefsLen 27640 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {827cde67-281d-41dd-98d3-ae69e924c6f7} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6584 1c8b7246858 tab

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 example.com udp
US 93.184.215.14:80 example.com tcp
US 93.184.215.14:80 example.com tcp
US 8.8.8.8:53 www.iana.org udp
US 8.8.8.8:53 14.215.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.toneden.io udp
US 13.56.96.205:443 www.toneden.io tcp
US 13.56.96.205:443 www.toneden.io tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 205.96.56.13.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 st.toneden.io udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.evbstatic.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
DE 18.173.233.69:443 cdn.evbstatic.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
DE 13.226.153.104:443 st.toneden.io tcp
DE 13.226.153.104:443 st.toneden.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 sd.toneden.io udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 69.233.173.18.in-addr.arpa udp
US 8.8.8.8:53 104.153.226.13.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 77.4.157.108.in-addr.arpa udp
DE 108.157.4.60:443 sd.toneden.io tcp
US 8.8.8.8:53 js-cdn.music.apple.com udp
GB 104.103.158.228:443 js-cdn.music.apple.com tcp
US 8.8.8.8:53 60.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 228.158.103.104.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 analytics.tiktok.com udp
GB 173.222.211.56:443 snap.licdn.com tcp
IT 157.240.203.2:443 connect.facebook.net tcp
GB 2.16.167.112:443 analytics.tiktok.com tcp
IT 157.240.203.2:443 connect.facebook.net udp
US 8.8.8.8:53 featuregates.org udp
US 34.128.128.0:443 featuregates.org tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 56.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 112.167.16.2.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 s3-us-west-1.amazonaws.com udp
US 34.128.128.0:443 featuregates.org udp
US 52.219.220.192:443 s3-us-west-1.amazonaws.com tcp
DE 108.157.4.60:443 sd.toneden.io tcp
US 8.8.8.8:53 0.128.128.34.in-addr.arpa udp
US 8.8.8.8:53 192.220.219.52.in-addr.arpa udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
IT 157.240.203.2:443 connect.facebook.net udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
IT 157.240.203.35:443 www.facebook.com tcp
US 8.8.8.8:53 i.toneden.io udp
DE 18.154.63.45:443 i.toneden.io tcp
US 8.8.8.8:53 www.google.com udp
US 52.219.220.192:443 s3-us-west-1.amazonaws.com tcp
US 52.219.220.192:443 s3-us-west-1.amazonaws.com tcp
US 8.8.8.8:53 35.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 45.63.154.18.in-addr.arpa udp
IT 157.240.203.35:443 www.facebook.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 goo.su udp
US 104.21.38.221:443 goo.su tcp
US 104.21.38.221:443 goo.su tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 221.38.21.104.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
RU 77.91.77.145:80 77.91.77.145 tcp
US 8.8.8.8:53 145.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
RU 77.91.77.145:80 77.91.77.145 tcp
DE 88.198.89.4:80 88.198.89.4 tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 4.89.198.88.in-addr.arpa udp
RU 77.91.77.145:80 77.91.77.145 tcp
GB 142.250.180.4:443 www.google.com udp
RU 77.91.77.145:80 77.91.77.145 tcp
RU 77.91.77.145:80 77.91.77.145 tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 o0.u2024.icu udp
FI 95.217.245.123:443 o0.u2024.icu tcp
US 8.8.8.8:53 123.245.217.95.in-addr.arpa udp
NL 149.154.167.99:443 t.me tcp
RU 77.91.77.145:80 77.91.77.145 tcp
DE 88.198.89.4:80 88.198.89.4 tcp
RU 77.91.77.145:80 77.91.77.145 tcp
RU 77.91.77.145:80 77.91.77.145 tcp
NL 149.154.167.99:443 t.me tcp
FI 95.217.245.123:443 o0.u2024.icu tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.242.121.21:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 21.121.242.44.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:53598 tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:53606 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.187.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.187.225:443 googlehosted.l.googleusercontent.com tcp
GB 142.250.187.225:443 googlehosted.l.googleusercontent.com tcp
GB 142.250.187.225:443 googlehosted.l.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.187.225:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.111.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.187.206:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.178.4:80 google.co.ck tcp
GB 142.250.178.4:80 google.co.ck tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp

Files

\??\pipe\crashpad_2004_FMWATHRZNLFRCWLM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0713cb77e5e68ccf90fec296c4542b0
SHA1 824c1ce5d37733b04a8e959ffc79ae4b5b1c50c9
SHA256 6ae744904281204206dd4df3285573a588374eb2e93a08b916195e17095f3739
SHA512 c6782dcbb3317a19e741c2182e30807ee04f1ca07b088e851fe0b3a328e4d8d51149d835ee372b6fe46c91e14ded0329640e7b97c53978082042604bf3c8ce4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fb7b453eabc54da97381f6d3b698aab
SHA1 fce92454a32053bf8276e48b261aaa65f82029fc
SHA256 ebe34b466a68ddacae7a1ae7692adc7182398ad1fc87f1761df9ed63109ac790
SHA512 5db6e8eba5e5d2531ebc01df49e1e168397bdab81828b70da3f34e221370834f731078464f7d333d091f21f85f82c700d6aa2cf887c2db6f478f858ba506fdbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da2a6656a0d18daaa092e51607cdeb98
SHA1 b755ce17b451fdbca939cdef6698f2a3cba47219
SHA256 f41b74ad00c5cb9c9f8adb3ee72ffbd899f551975d7a37509b62136a29c6b32c
SHA512 cdb359998c9d175ba6fb08cfdf76c3b478121f9e6b6cd1b0b14c26694a5f455acc33ffc12729f72ad1f48ea8905e4fe9472b13a66b0fe15d06165e4c8fd1b4af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 38c5ea98041d0a2bdedfe471d5c2675b
SHA1 bb4be1b0c3c21a46465061e4b8e78ea86ff63e58
SHA256 7f45fbf5d9400c42ea00400573cab2f88df5bf597426370660aba1d3dc5d9370
SHA512 04972a0eba62992f66941faa8b2fbd41eafadf2c5d60d8d5fc13b78ce7e64e63b6d055a524dd2b9430fea11f1fee64d99f7982e39a58337852c5f23eba2e34ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0d8fa06f93d4ef9fbe3c3e3a477fae6
SHA1 3b8595bdc0cd6e23567b1ac12c0cc8609d03b0f1
SHA256 54f94436e425b197085cb71beab8fd077ce88aac9e69150e493b3ce655fb519d
SHA512 9b71783eb27414c0e0c42a983ff199653eb22b4035bdd41e073bd59d8bde9083f3971c5e3c959486a335353ac77aa9eb7b8105da27079deec12eefe7e0580bea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8f2ceb78d887d934b365692337f2b53
SHA1 9401f3d2b5a89b0962f3a66080ab376614fa9fd5
SHA256 052e23a4d4c3baa6044dd099b2678f130efd1d83a938b9caba3280b0c38532e1
SHA512 083f2f372bdec92d6909766adc32872bc17508e88b36698b2d0adcff3ca83bb503653ec30b53f90ce04b60fd3da929e3e89204e880222d4bb4e0ee5b12bb68d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d6a6e6b7e8c84fc1fe12087258b87b7
SHA1 879b41696c327a4b31329648cf895d06b9470bed
SHA256 163b09d00f44bb36211cf54e15d84a8b7fedd0db1c14cb4ef5eb733c623da33b
SHA512 f2fc573aca02967b8ea69e6fa480a9c42d322bbacc98b3685f8b0c161ed54cf12b5bb90bbce2c440c2d7da73d6bfc145def212b5efe8696e69845424a7aad9f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e868ae308ab2a79e3e685cc66a93e12
SHA1 d12f89a18524b7aed32f2bc344e8e078e3c211df
SHA256 8ad8da813fe722cea892fb368c7996a033d01e8c6523c8c03a0bd05a539ef312
SHA512 a3bbcd8d7ea92c8068bb0c5eef4fd5eae240a5bc83b302c43426f8175195e64a3c7eb69fe6c56506e4070a21461cfce9a961de53d9368238098de5b64ee5d91e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 11c6c5b926f978da7f0e66a39e60a805
SHA1 e3c9175ac9e39c8e5ec681b51465ec234b71b481
SHA256 3dc091e7f4da8aadda68df171473a5977ac46ae63644703167874cadf8398a1f
SHA512 bab1037e0629abc58c27a6fc74f4c1d385bd76aa205c7b50f8488545f1232da4ff85cfa94b692e782813f5369c072d68b05f5a13e0f00fd71b22ea595ffc8851

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71383e9306ca6f710f93cbc080c58676
SHA1 a6d1e338374628fbdf5915b011cc0b1bf6149266
SHA256 4ef7480c9fac6118a0b547a55c56cc3f523cb9ad320e8461958e3bcdb424589b
SHA512 845f55a7ebe7432ce025efd3407b25561892b5703b223c3279454e467b99c8fb1b20455726414c1104978e401660d0f3cf49cbb102f894b550e6c6939e6ea63f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4040d798534c12e95e4e18aed69aa5d4
SHA1 bb92a12803bac221c62250a4036da38b1e424abf
SHA256 a20244b2cac6ad481e64893fe231cb51261c0cdf7859d9163fb21a48ef0e4cdb
SHA512 28a73ac423a0bbd9aac7585ed27312383c64c355669cbdf1a853295d9729dd7e1f4199104b76fd2da457b4fce69df34bc534d60d5b4864534027fd1e42516294

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5914b7.TMP

MD5 00c18efbcf66e1684ce228e1d3e1efbc
SHA1 2ed7c281a505c83b3ebd2a3e5db90b08d5bef9f8
SHA256 6fdf84485345b80d71ee40596480799b6991f65bb2ec2080b1abfe59dd39aaeb
SHA512 b18f6868480c7a97bf06352d3565d29fae68e1f76de9bf060f6b66fa3fb7658d11073845288469e8600ac0722d0e965dd6bfad7bd8bc66c411e27281fa1be900

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7a68766922f4da769078670bc5b2d7dd
SHA1 82526ba3750932a9548fa625b76fbfd38b72f509
SHA256 e1031d32a59b326fd41855be4d6185c0320d12203ebd498bb6928a8ea274f35c
SHA512 a69e5b9735b312b886d070ce7746ecdff8b0bceae96ce6b21f82b3b06e776091b42ba9c57169544da66d066acc3fa496b9b4328fb10bf58b86162c9128f2cb87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d3577f460791fa16af94e28cc191953f
SHA1 a76fa16fd7a9462e832e77b9cd5f994aa6d3ebd8
SHA256 dc0fbae02a0bad62d5cb89924d800185d009a912e208bce73ed77d6df23185bd
SHA512 36ce79ad701aec6c9f6ea6aa694d90b1f8e765ba8f3e478b996a1f281ce5dc932ebb21f8fe450d9516da9131c5247d3450121672522004b04b0cfae01047d04d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 db817d64d80bdb5c12b723e420017ab4
SHA1 cef434b9ea31fc4c5b1045d4f0022126281b8b64
SHA256 80e6d70f36ccaa904f2c3b9fd45765a26a5099cbbdf57bd02a7b081d507b2c9c
SHA512 783622198a7aa888b6ecf3543a1c0de202b790487cc91eb92a26893bf9464bf5ce64ebbd61972595931c09c9b3411c9a31e2b63b74580e266e5d93c5eafcaa70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a2cc48f7ce9638823e43cac009561e6
SHA1 f93be8bda5b725c436d5bff8808e66d9bb111543
SHA256 2b32a9641fb9afcb13af26ccded76d55f50d9406d29ea26981db1200a7b49743
SHA512 41b59aab6c1b0302b4da29555d02e7bcc8493be4dcc78f7d6161a99ca30b33d57e59dbbea909a0a384ffe1d2eac345d51e8b6d8d873ad883fbd548963664d0c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0bca30332d5366625b428e546833876
SHA1 16e73fb3141aa1c6d90e6a091773364ac3aab2f2
SHA256 28c6edc99b672d32a7f58d5d14a7775133846d14605ff05187313b3212e7aab9
SHA512 220fe902ed92dabe887b8c1edcfbb6df23fa7049df24ebc62cef2318edff18a9c3f19e38c0a7356f0e457e90808d48b8550f3493e27e61601a2e5e82d5249880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c3fcea015612b0b48a6af7eec0703a83
SHA1 3cec98ef261fc464dfadba3fb910458da7ab2a08
SHA256 2de4d5e8610b1b90e79455371475bd06e33a00f5e498390ebdaea77e8b7ceeda
SHA512 dbbc879e3571ef8dbd6cecdfcffa0878fe8d69dd9149c30aa8d634352c87c1f87a2eb0cdc8a52b03b3ec4e554163fb341dd2da0a95b716c0d78dd8e675fce5af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d8c9cb6621b405967dc416456830f82
SHA1 17431c484e2e02a412aa9ba625135d5160cd9281
SHA256 08a4ad9b413617b703bdd8af92bda694b93887be7f3754ed316ab3de3bdd713b
SHA512 175e4776f0c50e0ab9da5c1b29132d963ae601bdba9614388c0e13823e2df50a970e26dcc98f58a40ab2aeea09035b72645580b1a85c972a22aecfe91dd0e32e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 633d876308a844727885e99144ec3645
SHA1 f17e04e44537eabf2e0b512b83e1eed81c5a0e30
SHA256 c6b1b450c5dd3b9d2f518ed196f295fe66bc6217cd3507f4173582d9eb4dee09
SHA512 377626fabc18c9e24b55c89f3c55aeee056758de3d55c15ca5ef0bcbf40292a650d2f2e47b52a073cb3187acbded3bcdcc6341d7a2649e8e92de8ed24bca9948

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba6c783bb15bc596dd259c1a3dd6bf89
SHA1 552ab2745ebcf878899be348933b8cea30e3d1f7
SHA256 30da60306fec7fc33a952fed7c79c05993ec5523cff8726ca3f5183da427e706
SHA512 a4aa021f599efbb55128c6127bc863ad5b78cad742c326e3f7f1f3ebded66da2807473fd371dc2106be03c9c56c8a35be23d926aabf66000887d884f336d30b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6616e60d35168cb5791895e6b0e9a958
SHA1 f0354277908999e7c56dbaa24b688ed00f11e79f
SHA256 cbf57b37dd36865264ee22996a8814ce6b2d1f4a4ea8b038d21254caa3d296a1
SHA512 0e1ce37a667af5cc6ce217133856002fc94fd678d620b4e23813da443901d7243c22d03ae35df4f9b1649ac4d60154fad3a1bb4b9c26369af9f83316a084b994

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f808cd27ecdd8b7266e157be91204f98
SHA1 4230249d83ea6552ed4ec7dac61fb93859cb8a14
SHA256 f01b459f4fb08536b775bc456ba109282edf26939c134f8534d4cfa786fa2c04
SHA512 7961f160332cb5cffa097e84e12fdacb263355a1ebfd0ef0181f8c9f840fb7dcdd9a4c7c029ae7ab174469ad6be6232290d092858d5c1e6f9d8a2c9307f45886

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30fe90c1bd0cb51bf54832e207c972f5
SHA1 e50c60a4d5ecfca7f00aca06a8302ffec2ad1ba8
SHA256 b7e70382db5a9f5462485f3ded98234abe03e115ddc8733fee4f1835355b8853
SHA512 41475fbfb6ca6a7f6c1c7a25a1d069eab8e88a1d855f707b109bd5668e03d1797b4fd7317656ed5ad436021ce0e261f1261103f2bac988e544db2f5ea180431f

memory/408-765-0x0000000000400000-0x0000000000425000-memory.dmp

memory/1128-795-0x0000000000920000-0x0000000000921000-memory.dmp

memory/1128-803-0x0000000000920000-0x0000000000921000-memory.dmp

memory/1128-834-0x0000000000920000-0x0000000000921000-memory.dmp

memory/1128-861-0x0000000000920000-0x0000000000921000-memory.dmp

memory/1128-870-0x0000000000920000-0x0000000000921000-memory.dmp

memory/1128-869-0x0000000000920000-0x0000000000921000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 aab9d2de092cbad9aa2afdbc2390289e
SHA1 91d48df8e5e4dbb034e1e70bc838e8d85574f139
SHA256 4b0aac6b24ad9ed4a11e77d24ec7917cd02f69b9463f92caff58b3c739c9a6d7
SHA512 cab028897cbeebe7948a8e6cedf6fbf79952074944855c96fd2671a0c9d88bf8a0bf6862c29773ec8d65bcadb453b27dc2c3fedeafb5446080ca451ffb171749

memory/3492-946-0x00000000048A0000-0x00000000048D6000-memory.dmp

memory/2672-947-0x0000000006E50000-0x0000000007478000-memory.dmp

memory/3492-949-0x00000000072D0000-0x00000000072F2000-memory.dmp

memory/2672-951-0x0000000007600000-0x0000000007666000-memory.dmp

memory/2672-950-0x0000000007590000-0x00000000075F6000-memory.dmp

memory/3492-952-0x0000000007DA0000-0x00000000080F0000-memory.dmp

memory/3492-953-0x0000000007480000-0x000000000749C000-memory.dmp

memory/3492-957-0x0000000007C40000-0x0000000007C8B000-memory.dmp

memory/2672-958-0x0000000008030000-0x00000000080A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kr3l2tr5.trf.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/2044-1017-0x0000000009020000-0x0000000009042000-memory.dmp

memory/2044-1014-0x0000000008DC0000-0x0000000008DDA000-memory.dmp

memory/2044-1013-0x00000000090C0000-0x0000000009154000-memory.dmp

memory/2044-1022-0x0000000009660000-0x0000000009B5E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 42bf0cd1854e2f599c72313f3b709ed4
SHA1 e9316805fc4d9e8ac3a64d66f9d8a734824c08b4
SHA256 c571d2fdbd5ccdec4f251d0e179061beeec2b6889e2cc19d2162a9f41d0aaf0d
SHA512 21b4715144801ea78caa784a09c3efb52af288f9a8c2ef66b0f7e66ec6ef0d74c6b9724e5aa31f368de9d93d0d5197d7139cd7329d5bcb3c124ddcfcd99d5220

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Powershell.exe.log

MD5 6bf0e5945fb9da68e1b03bdaed5f6f8d
SHA1 eed3802c8e4abe3b327c100c99c53d3bbcf8a33d
SHA256 dda58fd16fee83a65c05936b1a070187f2c360024650ecaf857c5e060a6a55f1
SHA512 977a393fdad2b162aa42194ddad6ec8bcab24f81980ff01b1c22c4d59ac268bb5ce947105c968de1a8a66b35023280a1e7709dfea5053385f87141389ebecb25

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3be48c9f32ce04ed97a13865da87c833
SHA1 17d6613d2239cc85b42f0a1ca5ae1c770c579bec
SHA256 0f651082ef84bfd7b1a1fa85595365ff2848c7f1b29731ca533e985186c93d26
SHA512 e0cf29d47733df0f0e7b2df22a0a908a3e738f119d6f457ce50113e22f7fc0d64b412ffa5d7b72aa6df768824c16a164d8ac8b65923818cc0b673fdc2c31a8a7

memory/3916-1123-0x0000000009530000-0x0000000009563000-memory.dmp

memory/3916-1124-0x0000000070A30000-0x0000000070A7B000-memory.dmp

memory/3916-1125-0x00000000094F0000-0x000000000950E000-memory.dmp

memory/3916-1132-0x0000000009660000-0x0000000009705000-memory.dmp

memory/4700-1135-0x0000000070A30000-0x0000000070A7B000-memory.dmp

memory/4720-1146-0x0000000070A30000-0x0000000070A7B000-memory.dmp

memory/4704-1151-0x0000000070A30000-0x0000000070A7B000-memory.dmp

memory/3916-1664-0x00000000097D0000-0x00000000097EA000-memory.dmp

memory/3916-1671-0x00000000097C0000-0x00000000097C8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7fbbf1bbbe404e46f025be1004ce9bd3
SHA1 e4a78100f288f7a28f5f1344ef592377244e705a
SHA256 3c996b3ccf274aea8d1732873eeacfa04435241954d85bf7d89b1701355c87d9
SHA512 0db76e684ce7c85e3070ca94ae2322058b20a67db89cef15813d3600c2a0ca6269a40544947f577f0d95b4c78db2bf53cb93f8a5820b048d25da39c42abd36a8

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8a8eaaff0cbacdbbe752a52dfd4c427e
SHA1 309fbf34f050a75aadc8f3ea4cb827955f8fd5af
SHA256 3d70be74c6764a41b8d7e3a80f6ea76411430e000f75f91054865263466b280e
SHA512 5c2455bcde42b38e89260a30626326262703e5a67a97c6c891732c7dfd2e99a026ca1285071f1c476460d9c1ed94a26c35be3101bad32fffc5ed158eddc00d39

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1453213197-474736321-1741884505-1000\83aa4cc77f591dfc2374580bbd95f6ba_f5749a82-599b-445b-bbdf-fb54150d3ac0

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

memory/1048-2229-0x0000000007BA0000-0x0000000007EF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 6b9d801ab25cdb907519f89be9615d0d
SHA1 870aa8b7f32c847091a9929effcad3b6b9964aab
SHA256 bf1e4af33dce5b0a36f22333ddd8d3e8b353451191add0961c98bcd848b820f9
SHA512 48634aa1835f184d8c82aff50b4c83348c5f66426e9319d8f967995bc42be244128856d2bcd1b24805d515d5381cd9e63e0768aab2ca749648ffadbe280274fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 3248a4b95884dd02bf8757daa9cdc4cb
SHA1 98fee5867b5a2ebfb8b4186bb2ddb3619b07b565
SHA256 1ee38ef51c30dab58ec92ed761e44fb74bcc5a5768a0bda8188f5f2356d6dc29
SHA512 8f90e6bb87720e090ad9b8bef79442add764ca85b3d8a44beb60cea9da2a420013132b8afb5af62eef0222dca5d242c3c80413cdafe73214f18dd51da3d220da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 716e28f3fc616954f7b9bda36b4a5bc5
SHA1 3b6896ade647a55ce23eaf47de54a49823618f78
SHA256 63382e5920e0ee343f01fd688f18c0ea475358c2724ec005dade5f3172011e74
SHA512 c2bd1b793082d5c87f40d24e6d91423d3cb6927f5e9b777c0e80205d6dd813be837e64afe06729580b7ffdc135b51f7db2bf358ac102e1d965637e2c34d5a29a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 f9a90d58144602c12373f3a51ae11c3e
SHA1 50930fadc719a0cf689f480f053fe55eaab64817
SHA256 477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82
SHA512 0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 bd79ef67a1b5167f4719b37c41a19143
SHA1 2e7aad38dbcd02109bcc27a318df98929926dbab
SHA256 d975437c2c6bd17bc6abca8960e66c902ec189a9af372d13cdaa664824abde34
SHA512 02ab3008d4564070f2319102c2836133d1c4c01bcabc6488be8ce746ca36e69707c33529633f1d589bf07ca0f6b2b77729bd8eec7ba72cad91e8df97983490fa

memory/4380-2359-0x00000000088D0000-0x000000000891B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 701533be431670495065654697562ecf
SHA1 dc7a58cab7652d578dc29e242bcdb07294dc3105
SHA256 cbfa4e90624329e0d54d0e6b940403f1e5178306d62c2510f1696143a85d6026
SHA512 d6204827465b0c0abd22db54996ed8cc22e2d558a784c46f04b776ff66193ecb184ef0a02c97daa7c07713e4962e786d33ecd7105cbd6e35c3db33ea499cbb85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bce08d0a09f036257f2e8c438a54e2e
SHA1 0a47e7f3b49485e8a872292e6baa823618d8c160
SHA256 3c937733b3fbde9bd53a83a14fdfd4d5db88c57d153e2fccd141a2bf0e0375ea
SHA512 fd01b135d893dc75a158fa4ae1e74a16afba3a4202e7f3e96fb4416fb3b60912f9531bcb8704dcf3a67308b620f22f9c502614dd4838b864cba2635ff1ec1c36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 c38fa8e686f73dce02480a7ecf3f3ddf
SHA1 b42876d0a2624133bd5ce590349b7c59cd83c999
SHA256 d052a61c1766a408fa66108446089aa4f62b1ad87fb259adeb8fc54f3dbf342a
SHA512 583af5d1613f80167b7a5b2202bebaa95cf7ef115c64bac81166c10effc98ff0da6eb41c32be5f17808a10324b263ed3a4c7b48cf055858d00c45f92f34de42e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6295f5da5b6165633a32ebec42cd136
SHA1 9c08e272e4d27d323e8a0e8a3fec7839b48c606a
SHA256 38225a44eac2a294b9ec33c1e68a043fe08cfafb25c402e50f040efd44a28d90
SHA512 6d3b628aca04fcf21c0163a0d56122e0024414bbec26f8de6188c6da873dd471974e12b6ea52f930ab16834061cef0405e77fdaee2b9d2741ff6c0abe44b04cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 019264b3e778cbd444627ceee7db434e
SHA1 e1448d49071a39e213223588feb04dc50bbba58c
SHA256 b02ef9f9acd3c7ce08374dee7f18d4bac1f33390358bae1cbe116da27c9c776d
SHA512 ceeaa1d61ae0b0d86485e9674e3dbc59f384da0489f6794c3f77fdb69ae5ebb77f783b0418ede98dd7459f8434fe85529643ac9034b35f5098726efc82f78893

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 be3a6ffe40aa0f92a07ff71e29a0d648
SHA1 af4245215a81b0c2bc5217b15b71e8daf2b2b48d
SHA256 45c865f8d3632baab46954bb9f14d15ed1c46f48017a46867ef6ae59ec770f8a
SHA512 0f32f4a9f715c4de5553182902c4a6b64cf96818e981b89f8b5ab5902db85b262c0d974d1ae0e4652369a3b4e3618bad503d42e5537a95ee49803fc0084e350f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 59aeb102c42cebc60edce82df1dd942d
SHA1 2820c3d2825675b9fd0960d345005bdcabdb7470
SHA256 a126163f6ede34c3f95052eeb350decc0a9c2505effb6f64ae103344e6fe9e03
SHA512 661756c05f805281fba304d43df016627fd356468da120660df376039bd061cb81468bf52e024d9ab7d47bb7d54cd2f5eab8d97bca71736f8585058de4a533bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 537d023e471158798b1a3a6b8ad42b72
SHA1 8866ff5199997d278e0edb2df86143021a5ba8e7
SHA256 545f3e3502657761495eb0b1d7c1914811037e13afb79360bab8e2312f5c6cd3
SHA512 39d76deb699b0b3ccf7483e5694a3223857610c082257fbb8c784e65025c162844aec75c2f3e22333b0055ece6385a53120fcc5fdee4517155963a9b9f4ce6b8

memory/1940-2570-0x00000000081D0000-0x0000000008520000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06c2f32ad884ed148644f08197a149ae
SHA1 a7ed904855918ff7176d779e56035ccec623bc0e
SHA256 8082b9227d374498b5f93b67c1824a5d905585790ead89f54be2055353e4a5fb
SHA512 a820557ca7797123e0fbbbdd0ecb9d7eb9dd7a9c88364d833dd7eea4189c0559cc83a70736af5d4dc6c5604d42ec5d13a886f7c8a46f7ca9df0fd32c96df3c9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6209e70c0f10abad9b805a681ec9fcec
SHA1 cc335d5a819363ee7268722ce06284fe394df9c0
SHA256 5db2b93e820e26ebc5f58c8307ce15dc1a837a9126825f04a269de7790d1c7b5
SHA512 801233201af6592a86a9f10d53e06a2147a8b537f390eafb3c1ee4ab3fc9bfd79c9136b1e6a6655071951a669dda79a679af0c1fe6b721474872a90cc456004e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 260901e80aec1a20a19fde3cb0b0262b
SHA1 a01bd2eb1a9187b6df47e6da2e87bfc744a669be
SHA256 141724da952d03b78e2ea502abfa45302c3f5b7bdc5fa73f84aa1521d6ee21cd
SHA512 f6b163f8d6c9d9c9fd719ca0d02e8ed36d57b371d9579c0fb107dd95ca47f5d9485335b8cd2178349d13fdc9530d622cfc528d36b85eb39c326346f94d90b6d9

memory/1940-2669-0x0000000074360000-0x00000000743AB000-memory.dmp

memory/5848-2679-0x0000000074360000-0x00000000743AB000-memory.dmp

memory/1940-2678-0x0000000009C70000-0x0000000009D15000-memory.dmp

memory/5832-2684-0x0000000074360000-0x00000000743AB000-memory.dmp

memory/5792-2695-0x0000000074360000-0x00000000743AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1720892317061.exe

MD5 81a315ee8a076dfa680273568c405092
SHA1 37e9c5392eb869e6bec942b38f290878fd9aba81
SHA256 5d1e24eb87c791a66430583d8dc9d8cf14deead56b4a07c6ffbb0885144f9d60
SHA512 e6bf47240ab6ca20c77e253a22d9e3c5c9006b70a72e5996f0fb203abfcfecf68808f9f2efdabc9b5057b90fd134d4457878bb61705f2207217bf0cc117493a2

memory/5736-2985-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b3db2753644172dee0e8d9967ffc302
SHA1 c3515ad1aa39675f3af855bb53063f3ebce4a084
SHA256 f2683030f2843bfa5933f764989ea4a4b4aa64fa7422e081ed2b17d6413efe8c
SHA512 8d769175a3d488fbe4946a2f139397147c99a9313b1d165ad23e7a9a63a407e8d6119750234c4195df1eed270b220bee5efec644524c5dc5d8faccc06344cbbe

memory/5736-3011-0x0000000005930000-0x0000000005942000-memory.dmp

memory/5736-3010-0x0000000005EE0000-0x00000000064E6000-memory.dmp

memory/5736-3014-0x0000000005A60000-0x0000000005B6A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d366d0f0e218048ce30a8876e6680e3
SHA1 d4a83dbb050964cf79a10a73360c28d8b30f1b28
SHA256 de063a0c9942fae7593def396e10d3b6707906dd12075ddd8c2b7b0ccdc09693
SHA512 955a77c0b8a6453fc4bd3d97bf7342dd6045955e1587ef3a4c365492309ff8392cafc0ca260ef27088696853f09063c1fb25bef6c29c83fd6a4b21a9d7ef24bd

memory/5736-3548-0x0000000005EA0000-0x0000000005EDE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 84b9466665150933e7f2d3e20d99519e
SHA1 58b990e436cbb33d5bb5f60e397acc8e1ff9f08e
SHA256 93c8098e87e0de4f6589c9c1f88f21be9c32b7db5ed1a14bfc42ed947a4ebe98
SHA512 a490835fbbef68f01461874dfc1bcf074ba87e7b1d5b85e9f198bd2c9d423036184a4efb5aac7cac52332844e18f7317e5c9a22e79ba9b24e0df3a834f3cf482

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 38bd18a5a96537f43f548a305280c8c8
SHA1 6f1483a656ba9ee7eeb6a1b87b2412e50cb60585
SHA256 20fe5f2a3aff2242d2d9ae0f2455fc7676964ffd85a0976271e4fc5b43205b73
SHA512 380bbf4f003c632973bed3ecf6b20764fd596d257d02d0fd94bf291a0b42bb28d94b5281d45013bb8154650e98317377dbb659a9a4a1558c9980d1c41e706681

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f23eb16b411a5a76288d5d6b21f25fd8
SHA1 89b33e52a216064800256c8ed8d36d65ae2dfd5c
SHA256 a7e7096665e1b6197dae6f44a29f46e45ca4c3827804e8ec9afd349d694421fe
SHA512 2043c823990ba7231d8187f9eb887bf942ba7eab29ffb6e2ed91ad20ab6d0568edaea57cd58c638ec9ae0c3dd9aac3f740a3e7673efc0aff576bcf00dd2d2173

memory/5736-3593-0x00000000069D0000-0x0000000006B92000-memory.dmp

memory/5736-3598-0x00000000070D0000-0x00000000075FC000-memory.dmp

memory/5736-3616-0x0000000006DD0000-0x0000000006E62000-memory.dmp

memory/5736-3624-0x0000000006C80000-0x0000000006C9E000-memory.dmp

memory/5736-3630-0x0000000007C50000-0x0000000007CA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 0f57877a195c201b01eff90f3fe8127b
SHA1 6db2eb608cd6715d9bf6a2b8eccc7a733eea63af
SHA256 3cd6aa26d04c99f576dfc2c148a77fceb12e8a3c8bd6f7a29ab9ff309c46fa6c
SHA512 3bb9c31a3254c1c0819caf23c45f626c2c058f412042d201daef6f1ef3e5de91d01b181295ed500f25357f411586e17ce3af1b4ec0a34608336fa792d7cde1a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 87aef219e84daf91cbf4e3c3803840ff
SHA1 c4b2efcc8c40733619a82e3cecfa2df9c289a9a7
SHA256 15365e664674b81f876f4fad1ee952b3f9e234f37d8f57b0dbaec94652c53cf9
SHA512 42a2493c2cae8e5012ea9f480d8defa495b8a3cd02bdbb4067779fd735d23f84924a69625ebc078e2d59d0259582209f02d57479639f6058ed9e9f3bb08a4273

memory/5844-3663-0x0000000007540000-0x0000000007890000-memory.dmp

memory/5844-3665-0x0000000008090000-0x00000000080DB000-memory.dmp

memory/2680-3690-0x0000000007490000-0x00000000077E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4ca3ef872ec3ad256366d91f6b4f5908
SHA1 d71b2c0ee48bfadf5eaab0f05f15853b25c85aab
SHA256 2925c272965f2b3c9d973337761d9f74f18ac837809d3114f7f1b7b2084ed5ad
SHA512 f451196852907a54ffee007eb3de34455e20c2b502dea30c513d0b419369f6e0bdbfe9c05247bdc66515b70acfbda1085a17642c90491a0e4d79b208acee3820

memory/2680-3692-0x0000000007CE0000-0x0000000007D2B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

MD5 a2d477504fc2f1a9801dbaeacb379c38
SHA1 bddb38a39ca48270e0e6763199bb7709b3647e1b
SHA256 4a8a7bc7f1f7c968de6519c6fa447223c3a98a9af6a1dc2cf27973abb9e056a8
SHA512 72a978415990be69cf93784fe2bf99d8c8eff0b4ee48bfc26abacda03a72180b788f683c30fc1f1bdbd093a0660af649e6e9d217617a268fac9a0b0ab1012204

memory/5720-3717-0x00000000063C0000-0x000000000640B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\638e9a87-db6f-409d-897c-228c77518ff8

MD5 be840b63427e1b352c8db56c549b8a16
SHA1 211486b95f9e71769f6863b6e68694b0fa5a27e0
SHA256 5cd88027abda56cae906ccca6bdbe1b8e4ee68ec0a258f367a1c95ed000fc8a9
SHA512 2579d0172853abdfb4878e47193e8c055483be5e5c5134a412217b74673ced2540042b3b26a226cba7ce5c0834836a5efb4e8ee61be7e4ed70dd67a8a13009e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\ff53b4e5-4bd9-4194-a5c4-b17d1c3d96c0

MD5 4492a89fe749c2c852668830c93fc407
SHA1 37590c02f224dfe3e0208b4154ece3fd30689e5e
SHA256 19688561a00a1fa67c0f00ceafefa86ca0a6b8a2004f2435e0c5e687d9e84fef
SHA512 b09fd4a05880e89c994f7e5ac39a07d2a61ec29ec766ec6bf3d1a202c31e8aefe0bf649ec3d3bf0f7d8e9227e12eb08b5b83b3ccdb756e4190bd89ece97fc45c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

MD5 557f92808397b466a73d2532cb7e9c1e
SHA1 9f0575ff48829d34d75281a4d1173336702da24e
SHA256 d85d42aaaea71bb464c01a0a6e6487717050711b78f3f859ead184e306e2bad2
SHA512 a00895d28d111e87e41fc6654168c06903baadc44f2f2994028482157968e0a6d33e57b4eff52ffe526049882ca4fcaa049939d7d4e89bf91e734aa7279c8ed2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

MD5 4b2226c893fa00138cb5c1792f206336
SHA1 861a4ddd9df05f2b82f3512454c2c1bb231222d4
SHA256 90edb8960851f401ca1cfcb85ae420d89629ef557405fe4b5e197936b041386e
SHA512 e47a877cccfeb84dfd1f37147cc28fa6ae736af3ee83355ba92a419381a2aae13768d9c197c508d1d0a6fb84114f104a57a8821e666e75dd5120c314c6c9059e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 e77a7fbc489fbee48af42f060213fe7b
SHA1 d1189b2ef8da10ed4afe728631b97b232f0dfeb5
SHA256 b06e9b4a536d65da8db0cbff9d51859fd44bb43e55b7c50f5b26bb1716fad9d0
SHA512 cdcb7c15b2173a9b85cf27ee0f7a416a8b598bfaa455a471a456763ac0108286372ae55319f744ae428b5c1a20d43cf3b74b3c5fb0793c607592204a15e13f12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 d7ab975a2c533ee88697c9e365a081ca
SHA1 148d10ac868914d4f3222173cbc3582682008e01
SHA256 2d824c7ad9507257252bb4f320c7303000fa77ef8a9b9dcb77b46e2b8cfac57f
SHA512 82522d8ee050d7e4211da3f5ffb48ea04fa3b1ca17b02ac8843b7f428e49278b6da48d0880e024ea75bc3385587e9fbda6ca5a39ad5321b6ea0da3a40301e9ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D163E5941014961769E3A13B7473818E5FDB4286

MD5 f50faf801866b8b863d36238c61c87ff
SHA1 030b6217f14f1724d627a05207283fe9fbfb487b
SHA256 15e0e0c5d3c0bdeac278b94a0d2cf4cd4debd82aef4b133677d902ca859a28f5
SHA512 5310888dd85d0f48af6ba191466e14b9b968e348652a981b094563fa3000a1c5e1eb15068fb780caad0886633bb733b36da3cf809e1796637269811356be9b11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8459fba7187257edd63998b8d3f8d8e5
SHA1 ff2bd72659b3b6c3c0840f32dbc0dfc9db351aed
SHA256 6b8404d87f321e382d985b4af935e6cc964bb7277108014ea31bfafcf2e01860
SHA512 6bb11d7d28bbdf9ccedae707dca8559b0cbc74ca565d8433f4aab082b70a1a1351a903c9738e42604565706aba27978807985c321bc1a5f16e9e36d618a2916b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 76724f5e46e3cfa0cce0a3241d3ae91e
SHA1 155dcaf34fd587c15320ec1b5f33edb0e3d96f18
SHA256 1a4ddef6ba56243af01b6d72172a0b7567985bcfc1a7048503be89e42333dbd2
SHA512 c1b4d690af4021d5379b37cc40b67125f006758ca311a1e41def39d9bb6010f91025bc63a22d13912757ae4798280d6e4952dcdad673adb3c620791d8a6bdacd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 225d6fc329ad96362b370fbf78fda509
SHA1 dadb5fe33e3864e759e5d1741c91a3f36b9ea474
SHA256 bb67906a84bcff8e7a6968bf6cdc065b581ee8c952f77a8380b180dd69d7ec86
SHA512 93e094168c9c6acf756279bcb90f8e5584cbcaa611cc74b4b441913800a6c40f895b2eb4e547d9e69bd3eb635b66481d85da5f218360928094dd228f8300b05b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8afc932b9fb801e1ef681e20f31a9aad
SHA1 51af2dc66c3b9de865f9981e74127f8655474d64
SHA256 fe06d0d3a55cde520025ce9d03b42efa0b9426c6374fc74f62504caf3ab3f7e4
SHA512 36a1e2329046a1766d5bd7afdb68bcbb5d91fe3758b777d03ade69b07d291a5cbe4fee09ef08d818835569e2eda29df1e5b595ce1013fddab7fef1bdcb58854d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\73DBD83ACAFBE07A338D6E38916BEBFA0EEFD8F5

MD5 fa20624f4aa38bb978e3672bc7be67cd
SHA1 a2d5188533c3ede19df5cc0958fe5ad54830f6a8
SHA256 2aac5adcc11a1dc355fd7f26dbdd0ff6a58fe009767cb3c242859fd383fc673f
SHA512 49c0d75a998a124da5a2402fdcc9d034b599c74ab76c597cce620b9420b8c9b95869dda67b36be9fc499f247a3cc135cc0aeffb987b4c2ca204e4c1df7c5aeeb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c71696c7ac9d741962ee5d78819732dd
SHA1 68958cf9b2cbb53f821080931be8a8e6e14b3e17
SHA256 fae0d37261fa4e4dcdfda7140c9b1384735d450e323745ab471fc4e303aac225
SHA512 ddfa2ae843b3123259c0d6af69b4c8c499e07dd74e0fd246a6e18a2b6aef3b207a48b004ef3138a260d6a1705a4ad5a306043ae5ae3cb44a57d75f281c6f277a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 423e1a9fc1088cdd9f04a274fe4944ff
SHA1 8e149a7828b4fb4aae4fc84d9fd7ca0e3eb24012
SHA256 6755027b94ccf9ce968b4438f848761209d6a02efae6e7f0cc0e25e391563551
SHA512 58f50e9d82cc63180ccc729d53be4a716cbf41ff42faf0a2bac7ea12deb964d703b96114267627c539ee9c49be34baf6e5cbca43715772f3503c58d7df997629

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5df7bc804239970f885299acc100e209
SHA1 3a0d1bccbd96f1229f282d497c850f9258aff7a7
SHA256 346631d6da82056aaab24622993229abeac31c1e04638638ebb963c41ccca75d
SHA512 e19a62beb025cd5f3be6f3b4b95f4d67e9a0d52fdfa364a0a919c1d63faf34178ac617c4dce302b00344c9f22572e2d222c94b974edb413d72e2cc0bb63c5876

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 79bec7fbfd66b0c00aa7171994b0c598
SHA1 43221c80a01544cf9d7d42806cb09fa4b7b8d01f
SHA256 ad4823600eddf98f31d171b94e96e305b653c641e9bc0bb324f76d81efa5b9e7
SHA512 98a5d797df69c78ed88bb9de697545383bebe1fafce82a0ed28ca3e1e3a20fb025e84572a387710ed2b73743b46ecf617fd573f4161f46ca33bdf9eba0aaa483

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\30378

MD5 d98ab192ed2c96fb6bcf326a930bca23
SHA1 526fdef3a8be6181e0ac069d61394dfcc62e89df
SHA256 b981e5b5225d6f4ac7f4ebb778d69fb277f5e6461fe36736b286b45930569e36
SHA512 5e447322e4821bb404cbeddf515b7003e312a9657a983b2e374c13912df21bdf4c10cca7d07b84ec12faa91f7d9df6cb17d708fabb70d744be196e37704cd63f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6c339c791ba538191817634673eb6093
SHA1 57e00c93e1bdef5c633c4cc6fc4fc36fe0ec4013
SHA256 4f66cf38d62f57cb165b03d244605b49231b97e56dfabbdca9c46b573c571570
SHA512 7500bc31ecb843adae986c00eb4b40ae060da3dd668e3c78713960b727276adba85f1488d2c034bfba13a462e7953215a66b1c521d69ea4dc081b419a2386aa1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d3b3d8fb31107f40d750cad9704727e9
SHA1 61c536d4f3e63a3b7271f5c16b40d4013a63566d
SHA256 2c5ce87f1940ac1a62d4374590a3556f4e92675f30e0c850135427d91cae2d8d
SHA512 262eef2f89f1968b00f6eb62d9ada7ae546acb3a6c08a7127125350596f6fac00fa45e93088d731948a07dd6e827fa9b05ddb554943abfb4e9f3b3befa9229fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0d9d59656464a0eb24b4f88d0b1cbb71
SHA1 98a28d60067560f57f3221d70d5b42905e0c8757
SHA256 bf16526111370f591a9fff7af1516b74798949253c937f5491f21970a87a4f61
SHA512 7021dbff0840c99ef17ddd7c57becfad0002b4de1b1dbf350bdb6830e9896f73114c25013cc6c348bd342c869bbf3ca94e5f3fb2d9d7cfb656e5a2275655d99d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a1d218f9ed3f191cc452f5e2c5e1d2fc
SHA1 9fecd55b58c87901b7e1c51574934e47425a69f6
SHA256 c02c9d26001a47c51396f93f565eed4cef9a877af6a3f985e13906ceac21d3b3
SHA512 ed7208f8416827ac2c187d290465c8983f76480ad34f2d872575b23c6f88a86f6b4e9acbb84c9b40c0e0f456f102a6c62568a6bca97119b0d2c90aafc52720c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\22F2BE6046DE71FCC15A701DE0FCDEC5259AE136

MD5 6f91ac3f54eb27b4033e7c823edc75af
SHA1 4d880875ae0069a73e70cb099116d54314777c26
SHA256 71bc38e8213915bde37a41593d29bc8fc51295fc9eef32ab99cb4e4aebffe67c
SHA512 41a89278d581e85bfa9c1a39771526c35f8dade340f536fc20bb29cb4e8852d8e1be5762f3886def7e73bb776ca819a08833643edd2d8e3a10750014bd66ad34

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\92B7809CBCCEC32F8AA6B585CB23104E10E55D53

MD5 e3ff23d09d037403c5bd17b39d42ad0c
SHA1 38c7d33a5a49047e2107102e2122f040541e5e31
SHA256 beafeb6fdbd6a525742ccf85b4a504dacbb6b557c98074841319a1bac0899a8f
SHA512 6dd72f1b3039b88b0c54fcc3f112fa1df15ee23b9d08f71cc389e34794b897357369841ea2d7e4734e78ff1c6d805b66d97194e752b810132b8fd2e138d1ef07

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\97B10BC4D7847C8AE893CE9BC8685F05EBFA5B05

MD5 fc1894a568783dfc8080a4316b939580
SHA1 866d0cf59d44984b53ac740298e6bdfdb7a5f0c0
SHA256 5306abcf6ff5190c8c17c08ae1650d54c334dde2a7d05e8beb187b5c89095847
SHA512 776caa01a3c5c21b784c52e400e6b627f599d1685367abb81fbe229fb7520e76745ece20056b56be17cf6a0cc13ba5db9fec6509377474455743c6b67f03254e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\ACEC66C3DBB7B06AA11E9702EC8A9A4CECDF0263

MD5 07892186ddc9bca02a8cf36a8ff9e096
SHA1 623ac5bb39182e843a31e31636c2988c48ce24b8
SHA256 2e2a06250bf4efb929c2f794bb815e3d2ebb7e6809a803ede3de40ec86132d2f
SHA512 f593a38322f090cdb12bbfcb61aa5dd78c409d9cc19ca89edfa3ced3a281b7a1c5ed73941514dd790ec551eb2136f6776ef462453fd03d47e97fa9423341ded4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\65BA518C415321E62A9EFBE90AD7CBB4D5909AA0

MD5 071dcd818ff496f56d69ff42e103ce10
SHA1 23d203fee21ab0f13587e4e3c6ade54459a645a3
SHA256 ca09344023a13ad39b41adbba83ec30a56b6991882f068139ddade59089d430b
SHA512 792a6ad3668a103eb4ff6f9f7385cfd1c37a5d0150a81808046e26e86ec96a52c83787b46cfd0bbed4153052b8bb437dcc7b489b90e5e3ebe74210dd0b9bc3f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\37A88354141BA1E26972D7257AF417E58C45A7C9

MD5 8a84a92635bd49660c8d7f35e3591320
SHA1 df94830e2c22ce348316018356c50d59081cc123
SHA256 4a8687911a2dceebedf37cafa6e1cf808834cd3caef3b7a4abe0db0eeb6e1633
SHA512 72f0d3ed96016453bf5d505889eb64fbb4192d517d6ffc7faefcfdb51ca01166a5fee105ecb7b5143374e397758284ee3db9ef54a3554518689484dc2bab5cde

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E6B872FF186BB490F2440330691953663544E2C3

MD5 9f8abb1a7f2bab773785a2fe9bca059f
SHA1 dc3732b405f354ccea254d6b68f6c8b0e0f3733b
SHA256 820bc9e8586754519aaf2d51157d7f7e09f9aef35e4c72030a13a53bc58d82e7
SHA512 8a0b175d23edf89a774b181713e1636444cf7bfef1b04baadad29a74016d56e4d08d66112d6242201ccf6d5fff2e0443ab711096d0386458ded551700a5e87cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\374D9518215A16CCDAA89602A8E6239492BCD895

MD5 8736dfab24856dfcd221a8a7c400dec1
SHA1 39b662873224dff6a44aa6d2d1517ef297c16896
SHA256 0bf1641f4a2d2773aaac9ef0a60342ec379a09b26f8f4ee93260b38f3470e3de
SHA512 64533d75a357872c7769eeace17c6eaad29adfc5d8a7e890c7db358ec8ebcb92b9caa694cb3649ae968b82bd89e2d45c41901bfbbbbfc23cf7f70b8a16aca079

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f796d9a6f10bd72c70b7efb6a6b93104
SHA1 4058a46fa0b1f304f470e4caa859caa75f1f8451
SHA256 4d8e37b4b95a89c73376c28773750a9050161d156256251532e97c2b79c331fa
SHA512 3500f1f5bd59f7c43a62d73f34101a79bfe041a41328a60a9c52dec760b430a4620eb0a22fee1035b443e91caa288d2943b7e0c2242ef2cb57ae00cedbb1161f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e157cac49bc83b6e624dcc8fd1a8b653
SHA1 a65b5606eb619bddeba1b7eb37ced0a7574064e8
SHA256 b7a4877bdd898eff6d0a2dc16be400dc328422876864383594c6d77b1f3d0cbd
SHA512 b013e9cfa500550e8782ccd07f1f4f100c9b74570a0a1fb9033d05fca2f788cf966ffcf5f234fd5eeff029f37f91a16869477c762cfad4d3e4da849385c1dea2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\06AB41E8A7C9880E310CD2B0CBCB938F599AC832

MD5 6cc8cbc40d05f932e0829ff859fad797
SHA1 f56769d42cb70ee3aaa776eeba8ddd8aab4cb1d0
SHA256 8fc5d492fbb2b91190ce292cbb26f456a554945a72e0ffe5274547dfb4938944
SHA512 93cc8598ffa4f54a761cc3b714a637c1b2f292c8bf5e8194fc19d33d0e9daeb8768e453944762ae32621e3b7ecf84872b3794b76fdf43091c9032476b450e981

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5029A95CD4D6789620B28FB5F45A60C4E4C837ED

MD5 28269606d417d09c7a325040c2cfbf77
SHA1 8cc4b07cc064694a1994a15ecc57ec52b1b8a489
SHA256 a1ecc4a3ebb51fc06459a274af2f1c0fc475c68f1f5cedcea23c038d632318fd
SHA512 ac474afea052a477ae09d459c6a981326c145c9bf96e54231984cb3575db08d0e682d041db3edf015ceff820f01cedd859b27b04def22067ee3934ea53c5f5aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 db9aab43ec95455c7c0b90eba65418bb
SHA1 4200b6d8e29decca640573dcb3f67514b4e451cb
SHA256 246b0fb5f8e18b010f2929d571cdad5147cf727656a113655539cdbb26eaabf4
SHA512 d7ff6f8c4dfc249bcac2ef902e527b7043dd1ce88db9621c216d8f7dbba9b93f538b94d245e83a24764ab4051c450d1ac507cba7c5f7ad9a207e05355ccb509b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7ef5c17018924563edcb7f3558062bb4
SHA1 ba45c79b22c079cbdab0957ceb9c93286e6c112c
SHA256 9864b17408f69008ff89405154578c187d9dd8b44451a0c3af8975da8c3f94b9
SHA512 6a61d1275070e54bc14ca6a8f378899ac41ef735bd38d12b47fa8eb3c5970cec26b83f4714ce5bab4ccaa7cba051daa87a3ee4e588b2d838c0eeab2390265e14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\52E1A5F5904D864BC54C4678FE8113AA3A212996

MD5 026da2269031813f7aae36dbde6f2bb8
SHA1 f6460f0c475995c9dacdca7569fe9a23bc8d4e93
SHA256 92cfde9b4872d2e773cd470c02ff6762813e90168c28a3fc86e909d30262392f
SHA512 d244056c91cac700f52c167111cd3b6dddb8212f3a2e61887271bb595c34721e6d27b55ed35595ee6f0cc05347100a556c0d262b83920003c06814d845b630b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E29FDE07AE5BEE729429D4F236AD31EC43F719A0

MD5 7c0de4374a477b055e16b4aa961ea55c
SHA1 450ecbe729cbd19b0e67e3681816647d4513850b
SHA256 b3debb4722652cb0233f8d7478bc7c42e959771c3f3e2c9e650599433b6db46e
SHA512 8b4b5d3091cca77ab6c843851212ec2cb96e13952b7c1963abedda4a42c3bbe79a407fa61d5ce25954c953ac152566dd84f764d0574e9934959f668f1ff7a291

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\462E5FADCC82A134C10A828C114C5F747964CF3D

MD5 dd939feae42e8746f897ebe948159f8a
SHA1 afcc3787b443cad1be5fde03da48e0baf4fe5d2c
SHA256 b090b1885ba769c4b706cbb79afa3464f81758010e5a9120f4bce91bee9a0b0e
SHA512 3c6ca802058eab06c4c5c52b996b99a2cb2e6e4a11406ac360632577d074bf13dda1f6173c66ae4dd84e5066f93ba3c524cf36df17d5e6ef138d1f9e6cb6e7c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\4D3373C611DE638ED6CA0F7AB92AED0C904A3795

MD5 9efedf43f61bf3f7e5e881b7dd631c86
SHA1 5d15af29d568e3f218f6f95ae6bb620be19d6dcc
SHA256 1c1b9520ab7a91159108f4ae719106cc096166a999eb2c64a2d1dfd69b38854d
SHA512 330d67c08f51300958072038d597a1fe6b4ff42861a58c6fc9a897f614b16cbeafc764b5f98c141aca77577f6c4e4f941416d8549e3c30e109aabab54d707d69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\21235C60DB68B39BE5D5AAFD7CFDA8EB241CAC6D

MD5 a06e7c28f83dda9080896bb11c33aa61
SHA1 dfab92844a41d14a11d109260f380c7b6e2b2441
SHA256 0b56ba69808f1b6622d2d8b07a2af0d2fbc20a80a4b5c8357c47e6e5b4b4a0bd
SHA512 fe52626c8d742211bba7622310f13a0c4a07f49a397ffef288db7035ea29ae73548075cb8065c5132380efbfd0d5415253dc38becd2b4bf0b562653f2e1e2bea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

MD5 fbec8a9cd9cf333c6fe645416f55945e
SHA1 bf0b2173aaeafcc4697c8a92560d5a09ae927c0d
SHA256 5047654f57c2f6453296a9443fbc04176064141c3e42ddda0c02ac6b865b87f0
SHA512 60ce7fe0708019c689ecd2cc8f7249cf737c5a2ac31e8047e5c94bf155fa208fb9c8aa19a10bb56599d269c1f9441581dc7c398e42384476b9fd48d44a1dd3ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1ED5B2669A713E9D7B1FF4A88CF44BE077768210

MD5 afd3331ea09cbd6df2d5f735e9cc0ffb
SHA1 e3062407b1cfd2179d3cc5a68fb460fef5c8e030
SHA256 8ab8910a76485160a1e38178c08129f8b64e32e1a22319a339d0b1fcde4fadcf
SHA512 4fcc20a54f4838e60b24ea5b2034dc3f54c457e2b7b57deaa0b928c48c9e2ebf55493d4bf5f811f7f84751c814bb65b5c2968b4df2def0a5af99e3723a0cb3e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\3C026A44496AA80E2E5BEB9B27FD093947043AB1

MD5 5aab3eeca84bb6469dfa48597b0c0580
SHA1 7a263ba7adfd801d8b06ae1588e7118b3b42a9f0
SHA256 b75d6d23b6195c359422117f588fad94a28d821262148df70e4d247427fe200a
SHA512 08276a47616e794d50431842764dcbd1fab18e94292a675ec2b87a0f255cc25908c69bd8f09b2fd180f3c54360b2fb66dc7681aacdef82923f32c0e8e7bafa0b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\3395B2B5E6FB401CE6CED6C164BD5D0704A6D326

MD5 e4a334d8c88988aae1a08fb5239d3eb0
SHA1 9b080c3e5ff928d72f22e469acbc1ca4535561f3
SHA256 6d266cf9339090c50d8f033f6582278e298e9646cdd587a75c8573071e9983bd
SHA512 21d1bb4edc4cf530aa0c0ab8064097e97fd7fb605e06c945ce9578529df3dac8b05c78eef01ecf2c15fb03a852f8f9762665b02d4e2350209ac2206fb7ce2d69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\AD0756C4B072676F56A62C29C036B4177B15C936

MD5 e5b75b9112b0504de2bc5923a126214c
SHA1 a29a94d4ad1e41fb3b1db7c947eb0719c53b0a60
SHA256 4fd89cca26159dd0a16bab4d154360dafd446325121b3070aefcc4030bb8f146
SHA512 65bd2ca98f28eb3907534bac3d9390a5d00b83da175e8e834a3d864605dd631b21782c33a96f04533b27e48ce9314364a5d0e76251c1a18b7d840f2dc238a0f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 933c68fd4a48cdad56785702c625ad51
SHA1 ebc22115dca349e725fd36e834b7b947d0091ae1
SHA256 77ec591e0608b5d3dcce69be1af56ebc0d37829f74fe6683083aa7a7751ad06f
SHA512 a1712f7676e497d682533e5980c35d2cd4e6ca90ecfd5a539f40fd8edf49afc813cc036ef1c3b9fef79d598a3de84c86b964c9b1e2ea6d1bfc10a177c81bc805

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\84C08FC6E9F5375571316B643406AF53E6065EC3

MD5 f7f6da9356b93409ebccd8c652041f76
SHA1 28c7f68a7e41ad92cd7977fe8a82b65fa08bf4e6
SHA256 48d45cac7238a17493f04d0f2ec959b02e6d664902cbfeb9f38a41136aeea521
SHA512 187d5965ea5a05c341a3244b15e214818f0288773ea7ad8c4ec5a6a65d358e040e6542bf2378650f3edf3a67bd07d41afae54e4e511203db8256c52c17c1df81

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\17731

MD5 bc6166626f2b0157ac5c50eb81f8fba3
SHA1 c9b5f242a287e42a197e9b01c242f77036ddfe55
SHA256 8335f64660ff57620c36ebbf3a4360886c648d8896b875dd08dd5c18d1315f66
SHA512 d962c80fe5f1d53189643362299765d852a315b5da93459c20f87ce8f084095781293be571234f76c83ad891872c98f0672704685db75dbbc4bb55077c756a99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\01FF7670E282157723F9D688182AC4A7B104BD8C

MD5 14c541c898352a4bfcf7d1583ac49e0d
SHA1 ece9750cf1f1d87a2146ec4de98f57e269e4d51d
SHA256 d286c67eb130e8d26a93b2e7efaeb5e8a23c17ef7182345bb6da1e89e4e33884
SHA512 f6b4085b14d50258220db862ede41d8210164ccb120c67e2efc0d9b81e5e5fe5496b84f0f496e6e0c0951e384a6807e22dd9340c29558406e127e8bc600dd2a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D555FFEB4988E283D529424474B4771BAE3ADF29

MD5 50ce023c7f5d91d657175553783c2f12
SHA1 3baa451e8f727ff3c563b3b709d1801633824420
SHA256 2c9598318046426b8f9b99e68eb2a9ce8e7d0e248ab6d3d2940c1cc6c5a1dddc
SHA512 18ce8c1f78a01388c560c2b54c48a036a7518eea9eb4c682e813adcd52b209624eec0d2884726bde04c7ffed5382316c051e660dbadff047881f269cba557a5d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13037

MD5 22fc49131df9d98808f65e94e84dde01
SHA1 c2ef11d7764fe31ce4cae54b87f90103f2c60b1c
SHA256 1e3a464f04f6a8a93ce0e0579db1072a33342424f09ccb5d568d2363b331756c
SHA512 f33143267c18685cc16d2a96d09804ba0c3a604b4a5de75ca119c6cd394c638b343245e68b17dce1400921acaa5da63730fe6722bd7d7596de79eed3b9a28e51

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\B401A9DBB8ABD9638F6C0E8E90A39BCE66D2B213

MD5 9ac5dc46df8fddcc14757db3626f4a89
SHA1 24b115f80c77afc59812b965fc04481802c0203f
SHA256 df34fd0b5c4f6dac2206789be7a52b01d7e94a1f570ddb8f0442edb19805fb6b
SHA512 8910f2b508f90dc64fad1dbb4cfdbfc6fad79644206fd70e26431d216897eef180fdf4691a1db01408a1cd57ebb0ae9c808a3e84a09c777ddcf38569a150f469

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\30815

MD5 1c61e76091f8af5718587b6546c5d253
SHA1 973fb021eea8ec687e036f32332a2ffb91139cf1
SHA256 25d2ac953184e1842feb22fe13c20cef79bbbaba27fbcf1a7bb7ae1ae04fd1c9
SHA512 6396332b282c4c40c7ccf87bef3ca74e8b94e61da78c863628ad706470f5cd2086020ad0871586a2a9ebbecffabee770bc64041c10d91235fb5e8a9accf02c69

C:\Users\Admin\Downloads\Monoxide-main.j-almWZn.zip.part

MD5 f9382d06e61df3cd9537978c0cc5bef4
SHA1 46c5cc5ebedbecf6ef71829087a151d4b4398fc8
SHA256 66adb855a6f8361258d2468f4e80cb17fa903eda20db0a1ab7989b26e46f1e10
SHA512 04afea5c05d5ae1157c1bf7324e49d6dbe1233cf356620a189b3941805e7d43c261e2cba116d04f4aab82cab22dc4fe37ee8ecbc24414f835244bf7fee998c3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\jumpListCache\lntPN_nHx39Xg46+FJGSQg==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB7A7.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D370989C45E858EE5839BD60BFF3A8029D9B5C5C

MD5 c50da75d5ef8e841ed841c94a8ee203a
SHA1 a8a1a18133560b32565b65445a140c80eff7417a
SHA256 b838bb9d9bc2a9e5631cd49f0048b4f534f5ecc8cd317d2ce30d0f44d3f45b36
SHA512 40445a2d4afa77c5e194a324e36365837e4470885cb881966741ff000670d471ce1f23aea9fb33687ed5957aaf25bbe4731e660f9d0814e4cc245e1a00653258

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\4DF6BE9EA67021B31C907BABB24653E3BB371958

MD5 1da131dbd504e2c80f7652c6c2be12c3
SHA1 78d3250484fe9946cc01aa1bae75f34b758ecb4f
SHA256 0b2c5c55dcc29408cbcbef22a2eb6257ae2fe126d8efa526e9adf317cb7fc8a9
SHA512 aea01fc165d503e3a57d363d601488363ba4d44dafe0d0ec874acdf176bf8003d794fb85ae00cc139b8abfd63710b05d01b696c87dbd954df32d99a54dc74eca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\8EB6C68B7AC9D72302293CD4F262EBCA6822D782

MD5 388389876335042308fce33f9771a96e
SHA1 efa7708f880cc3e946e0ad69844fe577225359cc
SHA256 4ae8f123806842d3603c356072a7c4253a2f2c86bc052a526f65ca65b5d25d5a
SHA512 bb0755798564efed245e97ecc920fa54b76e577dfcd40d09b083751b4a156a3fdc003a60dec2dfd1769078b420f08cbcef43aff28731eb0a20b1f52e77bbdf35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.google.com\ls\usage

MD5 78ad6cec0d46e0ae35be726651fd93b0
SHA1 8de7dca3acb30ee0557228532fcb09376a400b44
SHA256 385ee46ef727ca1003d9e90d6f57c89de137f50163f845c4f221fefbd686830d
SHA512 5f95ccdbd68317e2efb1d83509d8e3255400a1fea4cb66904828ad14f3ea8f5d2bc942dd52aa681b5352aefe8fb86cf90ee5cf1362d102a4e227be1815b7e062

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80b2f5aa8535f0c32c5ece321c392b04
SHA1 15fbeb6834066caf8d115cce4f4478c08aefdae4
SHA256 437ef04163f33d6649d1c27b59af0454cadb89785880732dbd2a708fa23fa99c
SHA512 ad0e3613500972c85a9cb43d8f79819df883f217884c5563b0a8fe09618bb5b2686f6b458172185d8d547c81134d611b35e20f5579a36b72f9e54f09f35c0765

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9E5E33E0FA029B026E3756ADB0A531D5E6F3CA06

MD5 9d17e6d1873b0311721a0756e8f5c9c2
SHA1 08a007a6f6946bcf5037915cf87f759fd317f3bc
SHA256 fee164cfb22d8b44512465090ad484dff11c11d109db44bb22dbfe3aae3b1767
SHA512 bc950cdf3ca7b24c862a31b0330d64a28f279755682a53bed5dbfc41397aa5bb2bf98d74887f6a372b50ff978f984e3ac64cedadff5daab63133f408ce706ee0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\15B93BC621B274AC627F930BBC2A3DC1A7CF1BB3

MD5 4260f325906920ba0bbcfa5fde36713f
SHA1 6d2b7a96d2e419d2e6457f567a34812c1b08e858
SHA256 f83cbfa9386fcdd715ad48d08ea27d6b239951b7bd49a10f7d64c3bfc89e1cf2
SHA512 69efabc8ae10f7072a75a6681297a2c7678d57e0ace4c6aa976130978d3a17b20752b3ab001ef4f07ddd3752822e1f7e78bb84584773670fb3f3e282eac2d120

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1F94A3B019E2B2B47E2356E16C996C9287E700CD

MD5 4778c6521ce22cabadbde3369c70b7ff
SHA1 9d04c28a6abc1d9cae9c170607b5de3ee68e9e40
SHA256 4af21c4532533caf3f4084b52500e20bcd00f7a13c8e452b7022133b6d9a47c3
SHA512 c6077992b91f90d7822391693f23798081207873fb6e5d1c372c878ab567b461d56782002d06137df1c14ad0b22bf9b7b45f7604cea497a058b68ee1f35de6af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\15AB10B20FAB8CA5A661243300D7092EB3C1C08A

MD5 84646b95602a7f9aa86d981d95c7839a
SHA1 7968a16613a36f45f31af197224c16a90dce49cb
SHA256 518b8a648a3a120b8deb2346aec0a19ce8a5789f35302f40f8929e0c1b0c4704
SHA512 faf387a533ff7d133e9e2390a2d63527b0d7fce5a5c76addef0465c9239b92e5c68b843b455bb0e5d27e238cfe55c1250c023a8aaf66a08b44e5b0d4567c5c24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\429DC8AB78A8473DC45C70CA74453F829ADE8BD6

MD5 40065f30fe0c8d4d867e29965551e379
SHA1 a821ce3ccffc8cb86d594b6fe08b0f32586dfb0e
SHA256 4eee76b3f9590058fc0a7b6dbc8a06a36989ee8cc05bc55a1b91c5b8844c3625
SHA512 9059eb592c9932353792eb7a893098743853d8869b43f820c9465221e1442573701c3f7fe21f4c2b2dc0811a683683038bdac5f27a6ce94157a549127e3a568e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6B17D5D7ADE0D4EA7B18D9AEE5DD2912E25B6B6F

MD5 a0aef123235f5263155819690df8dc14
SHA1 20090b22367ba6c2fcb1a9b1b74065b5fc30d659
SHA256 f1ad43400151b9e0d0f4c83703d0c6d308c429a00e52e08789548e4438e76255
SHA512 6d37cd3f2aeb4633ac94a7beee540a817572b9cd4254fe0f2d185856d8d089507b5f76a8457ebb00448d8db47517bfe176cc2fd94c2242856552af6071c52694

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1535AFA3EEDE315556C4878E601670C2BC153DDE

MD5 d5b9a7f573c49726185bb63b8cf96b5f
SHA1 162bcd633e19d6707efa24f4b4eb2070add1550d
SHA256 edf1eecc13ea5c8d982f64a4424c660c8dcaf1eee3852f2e697cb2926f8d45e7
SHA512 1f1cc424e9e3a2e55cfe5de10182b9dc16fff11ef0d521e5bcf46b85cf5fae85de559f9b1fe15aac27a1602d36f3df63593890ee485f6d1cdbb867ac9475ca0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\8107661E821032A9B67FC2BF2B10824A0EC8E0CE

MD5 4a6d221d4893456b15a6303ef369fd4d
SHA1 e5ac1bfc0988acbae8fb9bf0e1bd09683556ad2c
SHA256 2e65402806760c8d01a616ce5a9df92cde2971dbaae959645c9d2403f05bf3b3
SHA512 0a9bf3f213bd90bb8af2347d9bfdcd68bb925f5ddbd41441c6fcdf27b5bde44284bc8420454a9d1a09e6fd9178118ce32ccc02b3fb0f8b0ad9a9612b6ab730f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\30C85AA25154BB8A0FDD9750B0A52C4359905942

MD5 4694c26f022b223dcd02f70afa801ac5
SHA1 d0cf88c8018ad01b0f93182d773997a15290e084
SHA256 e80a4aad90cb86519d3aa2c0197d2139de00226bdb8bc52e30031292f1aa9e76
SHA512 1caa286839547f0809e2dfd1bf4c94eaf86df9c1daee624f33ab7dcd5e14519dd7d6efad6933ec07cd75ade4dbc22c51321eb98f522c83533632fb03b183bddc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\CB6E5C76A12459DA5E98C1D32CDA1620CDC135A0

MD5 91376295d0db2130b55b29f053237126
SHA1 4edce89b2f657383264940ea0f0803d028c66419
SHA256 3d2b2ed16ae81cfb3ecc9db6eb7de8c2580d0f927674b07106e14db2bbf29d3c
SHA512 92ffda0b04b6805d6f89d0236f6449f5c933da290e36abb1a222a11fcfd06d883ff4392b5bec330378d06191b150163360466c2cda6e8d262f056ac46240c3ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1E6BF9D29D8CA67E03D57DC855B1226ABA7A58D4

MD5 87fc4833fbefdbd883b14c47d685bc7a
SHA1 f8dcc8f539f5eca879dcb2bcdf44d5d7bfdf429b
SHA256 ab17693e6dcb849dd1017fdec81b9ef9b93dbddf3c22ce874c0154acfa50525b
SHA512 102e86180265485672e4ba5deaab82a375196bbf838b2d4e01086f716cc959d4609508a2a969fdf91bfa29462ad934b39fad07727be6720ff1366baf5ec4cc0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\4E40360E9E0A9B7093B2CBE976EB074AD6A1A2EF

MD5 7df63129e4be6a51d37da9b7b670031f
SHA1 9c4574ffa21031c02c2bd7ac7d54979b8f4d912d
SHA256 3800187b5ecde2ec898d85228e031cc54eb4b2e10fef6d4aa77d2247de1e7c1a
SHA512 b3a6db76de920b3b37ab540015d0149a7f98512bf9296e340956baac5cd537fe43fff72c4ee0d159dc09e188dd703f5d8ce64d76785fbb4949ba87990dca3e9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\40A48D6FB1C16FBE729C2E2DB9B8B9E79A67D5B7

MD5 0eecda7b58217e2e0d1dd31ff6dc30bb
SHA1 0ae095cd4d1172048835df516da96ee3d64caca7
SHA256 aa14adb97af676c341728f750d06eb19b9707c20434f36af8b02d1c1be3ee0e2
SHA512 0980217ca787dc61ae4b55726cfcd165a785d5752ffe117a45820be5eaa9670e9594df773b7b28e878ac5bb5b49d55a77ce0c936dff0117ad23e0d42d150ccf2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\A7CF3ED5C01DEE0C144A5D0CA5CF0BA94AA917AA

MD5 ffce8b13ab3c77fc83a91b391905c9c6
SHA1 6501e3283e05912afb118d40c640451b59833cd4
SHA256 ab1896727375d1fb53d6229e2c66f90f52faaf4e87b8d3337daa86bcae6090b1
SHA512 5d087ecb612757e3306b222385a80919a14e1f569e04b0cfd9bb34d16759f5e106493b33572e67c4eeb21184d24736ca004dc9cefdc5b6f723f68565e817aaf4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\AB16811DE46B2D265276A15A24BED28684A3B7A4

MD5 fc062e5cf9da326e70462f73b5352101
SHA1 e5782311ede83c31b5152b55bb6f4d5bf6510c6c
SHA256 6e398b07a622f5865ff7b17a39646f8e3c14c8ea66b3725a1be2c7ef940edd6e
SHA512 c314c2105484033b2fc10178f84d1987133f74efc6bb20df20346989495bee272b5dbe28b0d471822c94434d6c7fd1a1cee5a0b9b79fff95402afc394f796d8e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\0FB803544750BD4675E5B1262FADD3FF7AD93D38

MD5 4ecc32e25e9c244243d1bd0b9c40ae36
SHA1 008ebe145faedf5e9805cec5dac3167a71c94fa7
SHA256 b7eb8063806a9c99c99336dbf18c016450dc0a7c5e121b73d243cd1f36bf5676
SHA512 7b5ed8e6e09f21da47bae4fa524b5795dbd78cd3bf8d6a7310792ec97d96ea2e14df047151b8d77400acfccfd004696761afa180f2ffa8d44f76b9b03985747b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\A18AB3FBE5FC5E1A527BA36FF698DF26A7C382BB

MD5 b1d53a75e44960393c45178f7d699584
SHA1 4a04425814ca3565d48a3cb86dca7bfd50a46505
SHA256 78d9925ccb488da5efd4df67d4dff3dea48a137c1ce35d6442494af46cef3b0c
SHA512 1ec4e67781ec299965c1f3b9fd602e2dc2278751dfcfc1df75679594f1a93a04e7b8ce0df42ce48fe50e151c0ec7cadf17d2745f781580e93e8080b2c37f6087

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E37F0C9F306DC48775447C1CB63D24537A2B4D38

MD5 6026ce7c3662f77ec1f2fa9159f30c4e
SHA1 280e2119ae1b4074518b859f29ed43c7ab7e7edc
SHA256 4318415773aa09ac6083ed19b85a3d9e4fb6bf44d69eae6f9156aad44b3fbb23
SHA512 a35e903ce81cd80b7b747ee920b629cef55788b517e50cc6710b515a9f7cdbe8c1ac2bef65a61c8e1483d0b9f9017f23ccaa3d646d12e55a9a972d4f4acd1aae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\766CC6AFAB2F9FB60830DA066D3AF6F6EEE1AD3D

MD5 58400ab8bb76c18a7788847522008a7e
SHA1 5b553b14117f8c18cbb110fb47ad37a2c64dca9c
SHA256 67d556361b3e9ede1ee11253e9a4f6b454edcec880f714c540687e6b0fffd61d
SHA512 c8ec42b26a2706ef78ce1c60d31b47282ddc6b2d0962b55088a191d457974612a3235291c9803900a4b7bf530e5dc88e96b263a17e163e56a8e14096fbf04288

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\028C0894AD87F10A73B973631F70818724BAD700

MD5 2ae3966b0ade0b84bbca18e8595f48b0
SHA1 23ed930c34e71565811145bbc28b908efec14e7d
SHA256 0619fe28889990537cc27cb7dfe04c641a93ec16f3cd196f10a7e85c058224e2
SHA512 75ee43de60fbf6f0e6821a97aff9f23edfb0436483b7cb61f872f423661deb97f97651f33352f4e6699e90f68d4621c45f80272048e57802ef648b61e31e4553

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\0DE2403E40606B9197622D9499699DCABEF1EE41

MD5 782beb5a774a1729479afc19fcdb7d5d
SHA1 7fb46a5831decb217feacb5c6366c9d1defce388
SHA256 ee07d3cfd16509626294b7ea118ba2a54de4cef8c7a96449105a85a1bf6d8a56
SHA512 67b27d50bc204497214d1ad60389a211bc8930a846bf547f297b3ae224d44f0a0cb89215d46b816f77a694ea3276b0781dd4fa20d51b44538e071d1fdf921644

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9C96235CAD726D63F60DE1389F02007E7CBA3632

MD5 b0d8b76e2f4e33da8b66fe3dbef310fa
SHA1 69ad70a6d7ae91e91c7815d26d3b8e6d8604f886
SHA256 e76a984d5b99737529f4fec48fc26a42c0877d13aa91426e9b628722ac371a0a
SHA512 4a936e938c6ae319fd245bbf6014e07462e4bec8056fabcde147752bf1734c9de62c37e352e1fc4c9922bb563dd788ac8e58cfed659ab4565a25a177810bd0ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6018DCCE8EFCE22F8F648A32D28EA223F80C84C9

MD5 5df5f7318db2618ac5bcdc18a4cc6c67
SHA1 e83a994904d83ddaec2e765ba66e33837a725ac1
SHA256 2099913688f2593b4ea15806e31dae40650ccfdfd4dc07ee3297ff953e26e8ad
SHA512 7cf74f73b71d063924875016c0fadaeac9a7b7163986dcb050bfbde7eb94ec1d76ac2bef88b5819bd33b5a512a7fbfd1f3b87f9f1c214add426dfc35b3d3ed27

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\FFF3544547FC343205CC3E77C1CBC1E5D83178EE

MD5 28fe171e66915b79c20e8a9f31a98e23
SHA1 f81d3cb2cf52a295f09eb584fbdd457597645f76
SHA256 e0bdd4079aa5040d1c938a2c0522cb8f0eaf18be5cc6590e46ffa961bf26301a
SHA512 03e5187d0a4238f8ccf70b45407f796f60eed04d4090511518feb393d52e4fafed13f0d8be2891053d35eff59de951715c83e3c61120fe33da5db0a3c136466e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\B6ECA212CACE9464F18FC0D5AB00D0179F230CDD

MD5 0541c729ffa92c068fc474b742b959a2
SHA1 5e853c664dd4365770617125789a6becf2ba599a
SHA256 096fd2c4ec412d8de61faddd1f3ba7dcfeb6a02f053e7f379019fd7600241f6d
SHA512 a70d19d3d67a6250bf633dacd1cd62769a1aaaad915841b60f6e1d3e6e31abaafe319eff6809848c96736a8ba56ed4925b1bb2f446dbc8f363ad7311990f39cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E8535C54EA490955935B6A86F395C0943D6D437D

MD5 4dc92416675f28743cb6049a22e7de6f
SHA1 ffae73c26830e3887240d89c1574b518cec256e1
SHA256 ef5f9526860d346be97cc91d807abb12a0232c13e3bbfb9d60af5bb8b4cbb715
SHA512 8efcc71e8043c0c820442942a342bbc26b6e52ed758a2dcfe8efb401277fb8d68add8666ba00c38f8f370c2a6d989108f9203d945e82543c298d7c806f7ff73a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\EBB585C4454C746DFCF1D7DDBF2D1C44B5150A02

MD5 c5b104ed320c62248db5d6e25c95fd02
SHA1 9cede5f0eae6d9c333df8f24688354804904f06c
SHA256 6ea63e89859e545f6eaf0dbf8aa08c064a08326233007166fcf5763e27c38f23
SHA512 c2efad371a05ca36f05f1f7c3606f91561c5d19aff2248b32acdf245e52a467c0ef9de3733d7ae42d876cedd7cd0aba1a2db0c913a9a9d2b330f7df152cd6bb4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\256BAEE9702E5F10CF1E95315C026FB0758B3948

MD5 a00fa76d9e5968c199dbfc78f347712e
SHA1 449f23423e1cbc6d2cfa534c07e29a01b8e5d3c8
SHA256 4cf57517fc8909bbd6d4db6f52dc66da7bf3af9a1db038a1118a65676c7058f5
SHA512 d20069037bb012eb6d52f13c515481fd6a4bcdeb4e0ab031605be438954d2ef29d4c49d1160e369f7cc44edb1c3d5bbc4e8ed588b76806a356327a0dcde46183

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\B8C8DDD2A07579E58FAE2BE95019A6D79E31F546

MD5 79906f53df3a237c30d1971bc7b06723
SHA1 75ec3207f08141efe46ec33385dbd3ef2348afdf
SHA256 5455b1e9bf303b789ff888427614f9df5cf66abd6e7f20b6cf811d4cb15c0abf
SHA512 c35ed16c3a4731f34455ce3559d95f1d0923233e34a632595c85566cc1c2d79992af406787d34d34959178406f4c1c0f05037d13e18e4dacf91464f425c765ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\DCFB1237A2E8F3073D4357A0BAA1AB6C738461D4

MD5 b0e366d8bb81494d70257f4c555f20e0
SHA1 dd9070ce1937ed126ab49988872991a8750e18d6
SHA256 6def0d0f70710637b450ac6e7bd109b9a6974ddd1461aa0410f03928c910ba9e
SHA512 e5daf4a49c9578f63eac6d516562630303a6d4750322ad641a91593fd06910f3ed0261f86c9099870617f655180373e6be44a6c065a020844c7bf45f9e149a8b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E17BA016257CE59D87A31FCC310FC91590650A91

MD5 0e55f859295fc8c3eea118965fda2d48
SHA1 df14dd090e72a40f7f0f69ee5459339a4f34623d
SHA256 dfa49b5f90e4201477e5ea41dd4cc67c83c5c36c48d9252ad5a8741ce0692b95
SHA512 8c3620acf5e884b3b2a5ec584e56fbb1f1ab70435d93aa8155adce63a9bf710fe4e0438315f199da58994804d9d2afdd9e9d56d044c3b08c8a25b040392d56b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1DF0087941CE871B3B335ACABA874BB0C9A69A2D

MD5 65d19a18beda429a13b370e484fa8632
SHA1 d7d175ff9fc455863ea7865e1c25a06821776f55
SHA256 4708e0e7d99e3396d395defdc46fcf39e12c4839d4ccbae8dae81256bcf9a227
SHA512 d9d136ef8bc9837d5909c9afbd2e830dcf0d1747cf3a3f7e95f93a18b1620a22227006359d4813aabf68e4d91ac23bb1447b2880b31f2d20e1bfaaf4dd708d98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F042D0F0CB1D03F626670DE9F0BE80F1C09C7CB5

MD5 da02674c4ee8a97d0282ec708690cea3
SHA1 1459444c1b7c421094936377de38997d32837675
SHA256 2ef05994ba33b40a9646ab8cbe9381edc83c7bc78c96a111bcbe04fa6639129f
SHA512 1942d286c2f294c01a76452702c17d22d92af576981612a736135bc0bb5dcbffb0824263b9b39a9ee2cdd8d981647ea8bec907044e0c3c5b962330b379059be7

C:\Users\Admin\Downloads\Monoxide-sound.rd7PCM5t.exe.part

MD5 dfd563d229f9f203217d66df57ba3084
SHA1 fbe45679a8d15b26ac6d7f648bddffab0455eeed
SHA256 6b0b3288c0797e1199661330e30bce99ea22e9d1175258f2cace9063943565bb
SHA512 e247cea03190278cbcd006cc40ab074e6af0f1cfc116627736df5d656e59bcb4838f87c226fdc6cf298f03ac615a434d08707b17b9b5c1106722cafb7d9572db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4c90482e448d70e1a95fb43eee653f56
SHA1 00d466ff9eaa3918062c97d4f554ca0bd9b4a90d
SHA256 f3955c4ab4516ebdcc040f09827396eda39db333393c46127128c3543af04f7d
SHA512 63fb4abbfad17df3ee7e19144dc241de922892da057fae8af55dd606702081f6ca94e95337f1599c55c81a6da5563d4ca8db47a042502f29b6a058ac668b7a0a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

MD5 74aa9d8827d162c30444d14348208990
SHA1 a9930ff20a7fcd0f515bb5aeb4d4d22ebba4d3d8
SHA256 541f7e7a779d98066f8afe8614fc975e7dbd40ea79a865fa1c7caddde155b7ea
SHA512 91025d5fb45c245bafef359eb1d90d10ab46fad323404257ca6194f30e5c6672f7fc9a663651c288aed75b55ea1c2b2b09db8a33e71d875cb2fe380afc99eaeb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 6ddcff0ebabc2deb32c02c3767b8273d
SHA1 166a02fcd335cedc73b8234e8463c05551f5b5e2
SHA256 037708867306f6bafe0a358460a17859ef77674ce367ac27fa54a6ef933deb42
SHA512 fb43fea90a8c0e4b4d0ff682a3966d944f7b607d6edd1a9faf6c4e0521fb0b1f4d8f254b79e9146fcc72016a801782ef54361345aa4c41ff237e662d3d1e82ed

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\0DA8E3CCBEFD3FB45A22D2C49FC763AE23AA30DB

MD5 cc1a460674e80f09433a9db05493f009
SHA1 e58d4da9e118f65127144d305381f5218b41990e
SHA256 b277faea898e673412834728a7af3dbc3153c91155776d745ebbf7a395bbb51e
SHA512 eb3b8c86b2ed5c0b462d7605a2767406cd9ecd22853ef4a2e9418fe8142ebd9760b9d3fc97e5f21895aee22cd360d91af6409d23cec126688032646120d37cb4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\02584B187A27C6802B68966C15342FABF97B4AF4

MD5 69a5d0e1c4ae8508367a6793c57f9215
SHA1 392b9ccf0f701fe41fcad195486ce9d07477abb4
SHA256 779970426c854c3aae472335c49552591145b7c61a40827261b10ca2397dc1e5
SHA512 e85fa826dc6d273bd0f697b442a80f9d822f12e6f5df55d473f3d87699545fa0051adc68eab9baf1cc7a84d032e943a76cc644e1ddb4312c7e313af8e5d74215

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 93fc9571383013311fc851b2312a9e51
SHA1 80642752edb4706cdd55a6123471858ed7449fe3
SHA256 f8262041bfed8dae0818e90003b32ba29972b1cfa6ae942a9c4c679338c8e78a
SHA512 20b2a310d9eccdac5296ce645365c1605d8a52ce0c7615332e8457e038ba1f932106aed6906b8ce18edd7b2972b2ebf215ae7197d0bca80ee144b45125590a4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\14E1D0BA74D75DFB1835A67C997D59D9DA823B50

MD5 157dd3ff76461f51a2740f3e64a5f64c
SHA1 d78e91c71a30d349d36a720369ae0342c97b8b5e
SHA256 4fb8a7c3cbc472db50da47f45efdc28ed2847bcb7db1a3196dfb617c16159655
SHA512 449ff3108034e667ad067223689ea1f8906ec82312c9b0d01b5c98a624c3e355e20257f79d57519c8060700ff8e968c4a730fe7e002ff4f26419dade8a884f82

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D0BA3DA8FE6698E2529CC5FBCFCB7F4BA5AB11DB

MD5 139beca467ad73d9c380e83cfb398622
SHA1 2a6f90d7a89a1f5824bd507e73f0a3d0ed7285c2
SHA256 fa9e598d3bd7a807de8009253476d174fe9bd6d630929cf5b8d032a790aaebc6
SHA512 7fed7847bd60c7f9c8c2ba4a934628b5a1180d242ff72eff0a1388d10e92af1c2b06e401a91652795e0c2ded49a27c10b5da6a0459ba6a3850189f0a7392df4c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F92B11F130848521408BE0EB604F2CBF26C6B78A

MD5 4de01dc41c2469bbeb04a43bb3314d7f
SHA1 c057c80eedc59a00616c1f5f7d71438ae184520e
SHA256 0888a184cee22a638433a0aa27010887332da142a5e59bff3f4daa101eed1768
SHA512 023de718551742c863f3cd8281b3357945b6fc8768b1a63e763a67021fad859ed8ecd2eb51c697bd69205e4ff6ff58d4d5bd69bbbf8f652f6c9687714837897f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\BDDEBC3E2943A23B7E98CA3F97E19716F05C2E76

MD5 47db51ffe5166b13e37782ee53378e13
SHA1 06346fbabd8d097663644be8a01c73c873eeda92
SHA256 d55a1b7dd140ac8b6faaf4377ec74a8b23568dc2365929b6379e5b1bb71323e1
SHA512 9b4fb2225da2ac39e0053acc8a85f615b30fd452d5979ab64d3bd9e64aa33eb2552735c756a0b255d82169658509fa3671a60a4eccdeabcd725f59f877532554

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\421ADE2214C262FC432DA98913BD859B1F6B1A28

MD5 b4398d614c101d40129c0944009aca6b
SHA1 f6be9721d85e73d1c2eff0c828c6905f4759037b
SHA256 0e803641f6748f2242e67457ab040c93dbf1dcdff5c66d0d505b4e3c71e6eee6
SHA512 3ee1c7c4015c4ce8a59407615bd99e92780abeeacb18e5743baf2d1fc88b359f41b4f5b4505c7c9fea6f7c76b8776aa8548c84d742a60d6b0b6d57b826f1aeb0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\184505F771F8FC88E322B852AF2DA414907D6069

MD5 dbb7891912480c9db7b28428cc82e986
SHA1 e32e7d2c2927aa87a49e5ee36de540935b744dfd
SHA256 d7324d149ea2b6b262f6f04badbbcbb2e71652b2fe68f45a7cbdc2c77b909b9b
SHA512 cd1ae919879e0f4c65c04cb974bc858bdbe4a0516e6fbcced4ca06d6a6dc58b1799ebfc4d67d4a173e7ac46b558b5bb176849e9cee81bf985da09143cb466f98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\393658A36E9CEAF10F361DD014E478227FAAD344

MD5 9032dd53371981baf76034ba6fce9dd5
SHA1 3b0aac5124788f48dd1de489ecfffb89a158171c
SHA256 237232a33e39d64b4be105b15d749dba6518a19d0f897fd3f214059bea13f5b8
SHA512 0cd99258e432bf7ce9cf51d50ab3779d35b70fe125e82f093e70be7c69acf10cc4943b97e2e5bdde2389f75079895115182fb17b297bc04921d7adb50866524a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\822735A87F8901E4C9F5C6EE1BC74CE0828FE53C

MD5 dcd07e31264c6e8c7392b291e1eac598
SHA1 7cada173c6614387fa38a31714888d08d00865cc
SHA256 467d411ddec0a24f0a408c35986aeda8fb1eeeb3174b9d31a28a72caad716140
SHA512 5bf408c05de040682a65733fdc58633ff36841d4ecbfec6fd52177c40369cf081252cd51a1e52df242b83ae60296c07abe532c38481a3cd30e9db5e53e03b521

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\59307E9612BD647A1C400A1F153A5D6066CF3E02

MD5 1f5201a6c4e995ec68e6be1e1a9f9c39
SHA1 a04c29dfec1bfd26538b86aaabb551897a8c89e0
SHA256 ce5de4c35038235fe079212fb626968e394c7ec3b6be75fe072c70ce118a430d
SHA512 b51706cb96e71eabdda97e3734f6ee97adb51296639a6d70ba84622ea4ed81a8918630fdc3f50704b2a437fc8584e920981d7865d647ae0f912df0901bedb5cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\8E4423088DC9B2FD8DA3941746F13CBFDD8E0558

MD5 38430a8178511442c4dacb47f27902c7
SHA1 6bb11776bd2be24f04e486de1dcbdcc54f9742fa
SHA256 420864048ca1dc479bd725844d58454d13b4012a980dbe7e462f2fb144818b30
SHA512 b3b9901117a2b67b5e201c815b316e55b0defdcc983a6d8c610c22226dc077b480b6fb6b405eb7fedc34d255c64db7323e2b04179087da1224ba1fd76c16a4b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f993cdb7dcf388224e5868f268477fb
SHA1 756f0b67bfb6febc2f551b7c824bc64bccb2de0e
SHA256 773b8f32a191599ec95cbfc04e84e723c632068c6b3f7a148ebd47c640f548c6
SHA512 d8133f0fd9408c7c70d1696b7016d3a72d92e15adceeb19f42fdac3ae31d03dd2f2b54a4269fcf760ece51b109f97849909e7343d2b15c4a2a9573b07ce9e3e2

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2f94a9fc895387f8c782876031cba1f1
SHA1 baf6f818aaf762c367ff8d06fae5d0a21646aea7
SHA256 2f4f005301b1219c367ded90867540c018ee04310ee0cf2f41550ca6a25f4fe1
SHA512 67423908d411827996c6bd958a348464651719459a61276466df0d393cd6d13f1d0321d83cfb1e4b388f84bc59d0362f41a37b832ada475810ec567a63df4963

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\jumpListCache\Cs18aPbH79mzSjCWIA3iRw==.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1FB3GVSZ\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563