Analysis Overview
Threat Level: Known bad
The file http://kkk was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Possible privilege escalation attempt
Downloads MZ/PE file
Disables Task Manager via registry modification
Modifies file permissions
Executes dropped EXE
Checks computer location settings
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Control Panel
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
System policy modification
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Uses Task Scheduler COM API
Checks processor information in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-14 16:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-14 16:00
Reported
2024-08-14 16:30
Platform
win10-20240611-en
Max time kernel
1699s
Max time network
1691s
Command Line
Signatures
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681248583278897" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kkk
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa0b0a9758,0x7ffa0b0a9768,0x7ffa0b0a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2660 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2676 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4016 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2792 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4676 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2204 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4752 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4816 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5556 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6012 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6044 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6080 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5904 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=768 --field-trial-handle=1788,i,8562405792788458696,1891502232112652296,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.0.1526470883\292297501" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1680 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f143c919-f85e-4faa-b5cd-98b3ce6b8a37} 384 "\\.\pipe\gecko-crash-server-pipe.384" 1796 2676390a558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.1.1180692831\838397378" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2128 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d7f7039-8764-46cd-bef2-dae4ed9626d5} 384 "\\.\pipe\gecko-crash-server-pipe.384" 2152 26762237c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.2.897033174\203447680" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ada32601-234b-4307-828d-bbb4a54ea55f} 384 "\\.\pipe\gecko-crash-server-pipe.384" 3008 267666dab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.3.1440121239\1971070242" -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03763d04-eee0-45a3-8c83-b25d8c79021f} 384 "\\.\pipe\gecko-crash-server-pipe.384" 3560 26765094e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.4.859562952\1209972716" -childID 3 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8391c6bf-e9e3-410b-8f93-b134b31363af} 384 "\\.\pipe\gecko-crash-server-pipe.384" 3884 26767c93358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.5.500452048\1873695503" -childID 4 -isForBrowser -prefsHandle 4528 -prefMapHandle 4292 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95a50547-e47a-41c8-a464-ee4d5488ab02} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4936 2676922be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.6.799302330\1745604186" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a9462f-61f1-4ab0-8587-df1323254b44} 384 "\\.\pipe\gecko-crash-server-pipe.384" 5096 2676922d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.7.448635141\1299275193" -childID 6 -isForBrowser -prefsHandle 4936 -prefMapHandle 4992 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa0c8da2-6518-49c2-a602-7c9454f2e15d} 384 "\\.\pipe\gecko-crash-server-pipe.384" 5196 2676922dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.8.194608358\998378763" -childID 7 -isForBrowser -prefsHandle 5112 -prefMapHandle 5160 -prefsLen 26433 -prefMapSize 233414 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ccb070e-cc74-44aa-9219-93d6bef1c96f} 384 "\\.\pipe\gecko-crash-server-pipe.384" 5096 26766ed0958 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kekma.net | udp |
| US | 172.67.214.2:443 | kekma.net | tcp |
| US | 172.67.214.2:443 | kekma.net | tcp |
| US | 172.67.214.2:443 | kekma.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 2.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tube.kekmahub.com | udp |
| US | 104.21.235.69:443 | tube.kekmahub.com | tcp |
| US | 104.21.235.69:443 | tube.kekmahub.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 104.21.235.69:443 | tube.kekmahub.com | udp |
| US | 8.8.8.8:53 | 69.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | udp |
| US | 104.21.235.69:443 | tube.kekmahub.com | udp |
| US | 104.21.235.69:443 | tube.kekmahub.com | tcp |
| US | 8.8.8.8:53 | stun.framasoft.org | udp |
| US | 8.8.8.8:53 | stun.stunprotocol.org | udp |
| US | 8.8.8.8:53 | video.sadmin.io | udp |
| US | 8.8.8.8:53 | stun.stunprotocol.org | udp |
| DE | 178.63.240.148:3478 | stun.framasoft.org | udp |
| DE | 178.63.240.148:3478 | stun.framasoft.org | udp |
| DE | 178.63.240.148:3478 | stun.framasoft.org | udp |
| DE | 178.63.240.148:3478 | stun.framasoft.org | udp |
| DE | 178.63.240.148:3478 | stun.framasoft.org | udp |
| US | 104.21.58.26:443 | video.sadmin.io | tcp |
| US | 8.8.8.8:53 | 148.240.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.58.21.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:3478 | udp | |
| N/A | 127.0.0.1:3478 | udp | |
| N/A | 127.0.0.1:3478 | udp | |
| N/A | 127.0.0.1:3478 | udp | |
| N/A | 127.0.0.1:3478 | udp | |
| US | 104.21.58.26:443 | video.sadmin.io | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | tcp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 172.67.214.2:443 | kekma.net | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.32.3:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:50863 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 18.88.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50869 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | 138.163.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b32bab9dc49cab10d4df942e563aa3a9 |
| SHA1 | 90230abef80c298552f43de6abf13df862f46fd1 |
| SHA256 | d840f28ebfefbf887c739249396397632451d9cb6ba7a01316a1d96acf4f5edd |
| SHA512 | 6f61fb6fa70d9b9d7706261a295773a3215085a1e355e6994f78cc6eba3d63946bfd4843138fe6970a76f310705fe823ef850345e27a6ec1f08114f5396d6f6d |
\??\pipe\crashpad_5112_HKHVFRQLMLJSUSAM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3513a48a7f78ab72dfda23f5bfb2c437 |
| SHA1 | ae1499a5d0cab8eca92a8d0d54668d4c46f3b26e |
| SHA256 | 7eee69b4764da575a0ebea1de9745818d5bf79000a8fb40280a03634cbc0fe98 |
| SHA512 | 512ecad9eb65202f1c6244897bafedb7ba509c2d1c93a8685f3a04cb0b3932ca02447e7fd7e98ffb08e77d64c850c497519ae5644ba9edbc544eb18c8dca148b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af50159355da4306fee1c4aea6080b2d |
| SHA1 | 2900a8b0123f1bc58e8224d87f6067ec39b292b7 |
| SHA256 | cb98a94d8257e8102742f772142bb8f74dbbda6a4e1d337e6a475cefad50c154 |
| SHA512 | 7cb8b5a387ae1c6836358a62823aecf6d3ce64ce0054030afb8214842baaf00999ac7c6e218c4107db86ca86ecdcc7966282260e7007d01879c23884337cdb99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6dd7dd31a3f0ad7c8a357f34dc751994 |
| SHA1 | 55b25f91d85308316627adf0b7b66fbc9117a02e |
| SHA256 | a5c783bad3ddf13a51ab9a8960add04dc1abeabaf40b678ee4b80d1d81df4622 |
| SHA512 | 8853f21e813107e143cf20db7daee8509de3a58aac2c2e0f43ad42a19c2bf7fad6fbe489daa5737ce18a3bda201f908c8a21f35c8034776940c914864297614a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42df3394aa45fbb95abf76aea06984a2 |
| SHA1 | c9a16dd6d16c359e6525b01fdb3806304cd39b1f |
| SHA256 | d7816ba3b54fa4c2a0100409df783c26a26bdb1c46340f3e6ba39337ad3d1160 |
| SHA512 | 11f06bbb1dec66f456bdd29e8dc6d453cb3e820ad0448fc1bf5171f285ce10d2fccd186a31eed3a38b9a3ed25f7e07061206c64d44438deaae17af537ceeb68b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f8249138b39946712e43bb875025b5a3 |
| SHA1 | 924a6f898e2d6ac832acd06f264eac118ab91624 |
| SHA256 | ca5bd25f5b618cc4d598c05822d0c75a68d68379fb34366e3a8e610ef5a41aa8 |
| SHA512 | 56e7edf1111ee7e0b599b89c80e8e8f5ed6722c93891d3318bd6b15d9204123b981fed33280400373292f63282b1689c7ebc19cdd8c30470f5d959b29b87e515 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37820e54be1b83dba59c618861992dba |
| SHA1 | e177fe7a6e11d1da00276c8558d4911a6dec4455 |
| SHA256 | 903517e3e8166a9518efb5aebc99d103bf5f49fb103bd9028115850b68043a4f |
| SHA512 | b13c38dfdf4c51ef474bdd1b5e61689997f9723e5cb9b689119d88afab49498355a3aa7634fa95589f3e6ce2223e984534de05a53cb72debc9b9779a74c8457b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a875ae7ac0cf6001f0aea0dc78962e8 |
| SHA1 | dee4e924614a4dde1ea4f5b02b9112bdaab59cc4 |
| SHA256 | 1d55ce5557f0d7f9ebc1ba83b7e6617e44b4bfc6747bfe61af3b638c645c7acc |
| SHA512 | 2a93303a1b5050d1a5172c040bd06bcafd615b71f3ed26e767f3c7e730daa85d46d1a1bf6ae74ab577c356fe7a952a39e67bbe6d9d100d2ba523947e1b1135af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt
| MD5 | 7fd0098dcd85ab85716f4a12187612b5 |
| SHA1 | c157021ec00e8693c9e221a4a1fb9fd8a4f7657a |
| SHA256 | 816ffc18c8fd45adb1f7a714e80901b57e572f0d9cd4282d2f65d0421e1d3273 |
| SHA512 | 503a0f1a57fe2e76bfb1955e9fca35bb7c7c5315588147ba56e714e0a35762aa74eba36ad09e065ad6ff21dbbf9f9819299266b81c95d5cf4942d04eefd48a72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\af6ec7e8-8d0e-4e2b-85d3-e1d9ee96c5df\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt
| MD5 | ddb14f60060c028cb19024a846f4e917 |
| SHA1 | f14a89bfd61545c2b5a0f4835edb27374806a947 |
| SHA256 | d48e3070cd529a83ad809008095d3bbc38851604862c31c7ceac87193b05a212 |
| SHA512 | 2232965ede3e18b61badfe0e7ce74df9d273bbd39c186b13b2a9f543f6f5c947860840ff62bd0b22118895492372476723294fc505a42956c7ee8958a6a3f0fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt
| MD5 | 502466ed6ed000d4f808d89fdeb38741 |
| SHA1 | 8764be2740ce94b5513de0d9e4be83602a03228a |
| SHA256 | e8599041415bbda8aaa9bcabfa8e0c4bf1b7cb9e683dd056a8bfa970df79304f |
| SHA512 | 8162881321ccda35e7c1b583852a39b3944b5d97d92bcfb6a103a85aa7d8385279c3f88a0cd3d1cb758a5f142e4b1abe03fbb99839824b2da2b5581578043aa5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt
| MD5 | 554b0e76d013bf7e6e5973a24dfcc1f9 |
| SHA1 | 3a0b5caaabf5702092f660bd469bc4f78ba41b0a |
| SHA256 | 16dd3d412be1c247d72a12ec9afa9da4ef60d59aef81319de01190cc5fc8d482 |
| SHA512 | e99d673c3ca4f7293ccf6d7da6f1f7edbc2896a36798f383caf7985837f4891db47fff88e8a9bc29594bbcb141d6a58606205941c725dd8cedb6d010546a1f09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt~RFe58af08.TMP
| MD5 | 37f1185b262b13a28cf98c969b4cc6ec |
| SHA1 | 39224c503f93a24a8c7f10022f6eab834da06597 |
| SHA256 | ed14cd3df837fd93840cf31cee3208fcbc25ae07335855664aa67401668eae38 |
| SHA512 | 6b826c46cf7127ab7da4f56701bedcb0bd684d1447914cf2ac77efc228978b2580028deb39a7652b54011a41576e4a22be11d153931a7bb81e43b99e9a6e1d63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 133cb9f29dfb1e215d42d875d8524847 |
| SHA1 | 294d8a6171743fb0629654da6ce43f2cc0344c19 |
| SHA256 | 2bd1e0ae8e05ce7b7fa5ebc8890deb41874a68c14d87dae26f08ef2a0a40cf9b |
| SHA512 | 565667e5f00a04fc14bb0f6a0294ebfac362616ddd0c45fb90758fd248811629590f29de49b778af017244ee1dc02cf86295c7c7edad1128fe165ad468fcc306 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b87d.TMP
| MD5 | 8784d355d240ad2dc177cc12c361abcf |
| SHA1 | 512baadf367b5a179e2ccc8964b5885ad7838c77 |
| SHA256 | f7956abeb84e4fb319cb3cd7a4b8b7b6c069e90e95c43a489ef91596c906dc49 |
| SHA512 | 00cca98d57eca2858e752162b49a0c89aa3bee52407035d00800df3bf4c220abb529242d7ac91c1379a4f53b3ee28fa18d1c6c1873243891300b83cc32c93b4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 7926b06d0192534d1376329efe8db908 |
| SHA1 | 8d86bcbffb5a04721ad6944cfbebd279128234fc |
| SHA256 | 4aa47c0be9c557659965cdfbec3a86dfc0e405db0d2ce34f74ac296b9157f1d7 |
| SHA512 | 2580f548f7e0f50e977477fb3c5218a8f6ec76ebc94770339622f4901b6ee600f96bee823ba5932d17d0f8fa2ecdbccc06ba9ba41fcb38af98564d922d5c014f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 143e7084268fb45976268b0e282a32ed |
| SHA1 | 3486e8a5decf14df1a45181bc8de3c6df0148978 |
| SHA256 | 7e14331a95fab9f38e5205693df41f9068dc5be958ec1fa2bd011615e745e292 |
| SHA512 | 4e939d4e65f0904a201e086162a281e4494c54de2ef678fc2f3d8e9cf079a5ce3fc3856339e6da9b9be5cf272d5599f2afaaa5a8a6263eb8fbf9788db9db76ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b8cca012f3e2e19895e7724afd2ca0d9 |
| SHA1 | 3cf9a5b7864dd1deb4889bb277db0df1029048ee |
| SHA256 | c91e542eb18a6720a068e030d73b79c48555fabd8b14d12335612f9d26dbe1f8 |
| SHA512 | 62c5a9b88c446e4e9d84c4238e2a0d886c1f3a0be2d29126182d9ff3e1a4425aca2426a93ab5d266203c98d894fdc2490f7639c19898b2bc433d02bff66b2405 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0eb921f1ec109d397eec349498d2842 |
| SHA1 | 050306bb76de7de85ce00bea3ad84bd2ba635fa0 |
| SHA256 | 0e1cbd9eb8e5a3c5cc344e0360c250c258da9127e5b18f5980b20972ca5be642 |
| SHA512 | ad8820af39df1719a32eaa790c14b02892f3fb1e6207ac68d1bc3ec3aeb0a1e077063c7ba6ac19b277f897bcf054417e0af4b52d08ae12a57cb956a4584f5a19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 63c1e788f176d7190f056c5bb64fb69f |
| SHA1 | eb4c1f70a2accc67276ea05b98946478f72fd303 |
| SHA256 | 002b59122a4c9ddd1e35d36d2c5da0af91ef7ec9cec2ab0a3d842753df0a7c5a |
| SHA512 | cd54eb2c050ba7ceba6417b788b97a3cb3215462d58d1eb507416a0c8001a08d3211b5deaf4336fbb08c8de1487812771b97046b9e4159249e68a81c7793c9ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ff237fe0e89d3402a597f34dacdd973f |
| SHA1 | eace066a267da0182163e95ae352ecfb0b48e5c8 |
| SHA256 | a346b92f150d21219dd873a4c1ea82f81dc381e8890545f65ec8d0b3e4523162 |
| SHA512 | c25918ef6e7da0b6dcf23144e00b287836b75c0aaa3acadca24d9011fe2c6fa8455c50f08318d3b26ab08eff30bde443abee46997d1349641f536d2b55c610b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fc4d.TMP
| MD5 | f7da5d05e4d6609302a71c78600eb65b |
| SHA1 | efcdf62bc3477abd146c54283c38c80d23003144 |
| SHA256 | e86357cde65789d4c18d47e2bd2a4c4bbaf7cc493a70a4ad4a6730e798b113e3 |
| SHA512 | 694ef4d0e743958a7c6ab821fc953d810a9ee1b2152eaf459a2c535417b0d91d331e8e511f31bf56a55e32b7c1a6389f0e183f3e752258edbcfcf1fdacf34008 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 997dd61997cf9f57cd67608e64a5ba70 |
| SHA1 | 21f9407f683345ec6e5a10e48a02e94449ce9ab9 |
| SHA256 | 670843a1f4a3f22e3d3a00088bcad9d7b6e4573a17eaac557da034af15a44472 |
| SHA512 | 17f09e6f42350bb9b3648565229a31212aab278efae6488244ad635ce546327f0999052eb26cfe5ff999e4a4d26c3e3d06e9bd0f786cc91bf47bdd2a1218154b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\532d19bb-97ed-4e81-aaa9-519df7af19ed\index-dir\the-real-index
| MD5 | 442ffc9c966aa5f003a774c22c82d7a7 |
| SHA1 | c9dd7485e82788d96c1c54fd73400ff47624f2d9 |
| SHA256 | c1bc506a9a032ebaa3e099a95cab49d9c4d4736815ab326e98ba113cdeb1e09e |
| SHA512 | 9e53c5dcb3f006968bb1313be9297fc4c1bd10c86e6aa1f1153da087590fd88dfc3ad9bdc66f8f2d2d7fb417b152a38bc0ed9b421be640778ced5aaec4e2f5f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\532d19bb-97ed-4e81-aaa9-519df7af19ed\index-dir\the-real-index~RFe5910de.TMP
| MD5 | 22cdb4fa2a82c9ed7ba833861911d072 |
| SHA1 | fc073cc4afb28edd0aac12530cd97ed7c6f547be |
| SHA256 | 8897130c6c67a47ce5baf53eb0315370b93a2efd6c4ef448b278b5d339c8d8fc |
| SHA512 | 69a768a74c4adab1fe58c826b0ab6d9619db210f84f2d6ddffb56e953f4fe533bd44b53ffb4b5749e58105bbe8ee09b2e514729b8abc69b7d3c04bf7ac125e85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\6cc5aef5-6efb-4c49-a436-d4d450e6eaf7\index-dir\the-real-index~RFe591340.TMP
| MD5 | 077d8236aff5c2be3659b24fd3ef8147 |
| SHA1 | b822c0e67bc68d3ca8b7613baa7082e4c0d24ab3 |
| SHA256 | a7dccaff9c039f983e3af2f0056648c4f28c04bd0807614549b05284d1ddca81 |
| SHA512 | aaa018ac02dcf8ca14b8bd32876a2f5d6dbec3cdb4083f943e6f6b3505e3a9e38f3fe2c88df3c6986e11db1f187dafe5e15dad16d9333e270178244f60469b1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\6cc5aef5-6efb-4c49-a436-d4d450e6eaf7\index-dir\the-real-index
| MD5 | ec2decfb68d03cf409c502e2ca6b8155 |
| SHA1 | efff2e521a2dbaf02b9f63d88d43fc4037804cc4 |
| SHA256 | 11398dcf8feb82a63366ec3cef84b7be42acd2b7ea48499654331384ef549e2d |
| SHA512 | 349857a3dd23f4fb8083c6ced719db1fff59e1a73f74b07f3f6d8d2e0d3ca710e179628b9cd8879ec4e129733ad20c5d091fb8e5ebc29a57e5050bc489584368 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt
| MD5 | dd8eb7fe039e17cd2a92cdcb35ca5480 |
| SHA1 | 4b5627e97cdcab0d6a9006b2c8d42e999d60e801 |
| SHA256 | 28d8597fb88481e337be55c9a9bc27935a3fb2a995de951e027d63b67ec05d37 |
| SHA512 | 132f30ce8441d82c5c870edd167ab1d2af0d32933e55ef9d0321232b1c4009912846c76db201ca60ca65f955a0c273d4093d284f8cf06735715378f593fe712f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cf59b475bf0cda1af042453309706dce |
| SHA1 | e2d78f9f1e30c63a036371aec3c51a8977f9849c |
| SHA256 | d798771e3f56fe51b03005d735ac9883a7237815f176b4628bd712d39c6eae6e |
| SHA512 | fe7348c6c88921c64f1d1dda5ec592e6a1d5cb14ac331a6a36af500722ddb56c51d2643035c48b77c3a3836aeeebb87edfb8c00fd6dca273c833f9ada5e4e767 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 3119fd05330a49545efad76c7508ee5d |
| SHA1 | 89c1fd17fe543fe5d92dbd42c41b6b7adfe677ff |
| SHA256 | 8d95689afd7b606a2dd1362c8345533fa5066d03c9613e2914671ca7c6a15a1e |
| SHA512 | a5341ff8fbbb558ba34cfc4ef67cc44f7c6363ff8ee401b93458d971f44a261184afc377760ba8045c9890cfb6041dd50e068ae1cc43de65320d80fbf2ea8368 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bcd4c705161e7c9eb98a34ba28e40803 |
| SHA1 | f30a3aaf932f0575b100313f24b11e398c2f9cb8 |
| SHA256 | 2bdd033961c0183061ecdea196ffb5d023d74d1aaceac8f16528735f409974e7 |
| SHA512 | 1b826ca54df5ec710870507d66eb9b0d0350aaffaeebc5343e3651b7a0144c8502702649fc5e7efc45b988cf9843c6a9e49b8fa21810b34018c1c96b1fd90836 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7979b32f1184966d74ddd8269e8f5162 |
| SHA1 | 011fa72db7a3381fdd453319dde3e234573c26d3 |
| SHA256 | 4d6e1ebf455d81a3e207b0bbbcd262cad6c342e9c288422172f1201136fd164a |
| SHA512 | 0592900efe4178ada3e8d87e1aa6ba9681a0ee44db2feaf4ccf160c4205fbaffe5bd5f35f510fb107c8d34be33e7715e8a04b408b18be99aa754e69b47b6c039 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 05cb3fd1d4426f13c06f940823c69d3d |
| SHA1 | 6a9ab430d85a46acf8713a5fc86add4c4c887f98 |
| SHA256 | 8e40c22fb8b945c1d1c9512d860cd35f75b569340a812a0b2a3b6f54f0abee0e |
| SHA512 | 341e6c52610ec5dfd7d1ea7c20c746e09998a9ce65fe6760a216a8e0d0e0eba5fbbd9f201eff37eb8de619bcf95eb1d54eb59123323ae033186d892e7d199083 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | fdb4ee0671f1f5098a539e6883decc2d |
| SHA1 | 7ae8b971fb9bdb75823b8b89f854e8337a9597dc |
| SHA256 | b0a7bb9609936b20e71ebb71dcc006bc04849b04be8253016b22d2ea15f76524 |
| SHA512 | a042cc69f638e20c6dec838cc248abf9b922f1ac0445dfffeb378dd90d6e5862442d1e70be6ebf62ce8b5534b0d2a807ed477128984abf545ced246148d8e801 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 5df8866ccc7ab9c6baead83f8f42181d |
| SHA1 | 43d744718030ea40340a4cf76b8e12623793cf70 |
| SHA256 | eb6782446b69357b73f2586cdb9f653579aea8348c5446a63f0af3cf367f79ca |
| SHA512 | b28a331cb10ab851cd40f8464deeb4962e5fdcfed0c647a5414f9890d3fb5ac0314e48ccbc30c001dab21f835357be4848625e6d0562027d316923abd0ab265a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3928a1e1959ec5dbdef91c78e656ad4d |
| SHA1 | 9b2976347a0db51dd119ae2e414ac49c95249fb7 |
| SHA256 | d8057128ec9ba8e5fd894406f8c4e35c203290d47644b7578380dd49790e3769 |
| SHA512 | 0d0ad5c6bd288da3c40850900b1945fa6e62d904cec24e8ec1609ee37291e67d4fbd8ec98fa913a77f90cfc0cb0b78c009792077274d3a58759b800ac04518da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8dd5790012514af7bf4f938f8e626ea2 |
| SHA1 | 5ee9b0285d9fffc5a79159005d46c4eef61da831 |
| SHA256 | 2a1d5ed602bad87e1b538feb85deafdbf779b9bfff835ba603c39252ad78717d |
| SHA512 | 686713fde6f2a59ce2165f381dc81e540cf2bc15b7b5e1b2ec760cb520e65970ebd7bf4fbed89b2f3ee9aeb6a595ebc76f4702a0f6a8056bdf1450ddd69cf34c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a851666d2759093be599822e33601b33 |
| SHA1 | 2d0e3271b2124a589f56d9465873e99d0aa9b3c6 |
| SHA256 | 040676c9192b08483cfc852c1ad972386fc5f7a3dcfd7e4e0cc29cec01c3fdce |
| SHA512 | 1cbefadcc79aea607bcd582088f5fe825884de37a804db6fb85013402d80ead1e5bb79d0fb0da8232637d8b99d64d3245a2d1412462b7cb727813282d9bbbb85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf5a2c0859bdb8b5e9abc7d45650f811 |
| SHA1 | 0956dbc21adf4fbfc71101dbd346c1220a8e3ae8 |
| SHA256 | 5e54d0196a23c966127ee034a2417919e0d51570af259e871ecde272766cf6cb |
| SHA512 | 6ab5736aea4a3be472a4548ed5146aa7232475109c44bc12bb0dc89b1c35fe4cd65e300df5d03c233201b5c75e41e658f79a87dcd4d117402109e8817cd57e27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2712cd0cbbe9e2edb2f52f338b6e4c6e |
| SHA1 | 162d9f40c67995bf6bbaa47fd29b24ee317a0586 |
| SHA256 | 5d458ff928e760683d604677f838feff6baec82b15d419f4bf5d863f28e423ec |
| SHA512 | 7b60ae7ea396ec1f881ed55db5bcb2974e9b2747cd3e765e5e9a158b8d9500108b6b60548512585df8c3dc7326fb06f482f4606d20e1b524db3d5e8b5083d68b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 63547e0b74960f8abbef4991854fdbc6 |
| SHA1 | fe85ce9b42e225ad8cca7922aa9eaca35f203389 |
| SHA256 | 43db74e54bb2c84acb67e56b2cc5d525db7de8aa38dfcd1744902864439cf212 |
| SHA512 | 906897702d8b90522a55fc0b043c74abdbe74341b9dc5b079b8b6ba0ca1973dbdc927a20ecb02304697ff66d0fff19c0d1dfe12af4797658e66fd63ce7a04bca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29a2969ea36a6a642b9c01cc842d5cee |
| SHA1 | 38188f8d56aa72c32bc7ad37aad1d94d2694abec |
| SHA256 | 0115e1c2574ef93a1a9653b709cf6c7f4451915a41563ad9f389a133e50319bd |
| SHA512 | 7f73f37a5f14abb65239c3490bb049f8ff8f7662aabf8d5fb5e34365b07adbddc3989486e159657754a6df483798d11eb9fd627e278be3475d4de52cad95b790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bc52b951b77ef358c55c1c30bb5655c2 |
| SHA1 | 5b63706e2c58428b0e1b6e581ee07e1cd8fd3206 |
| SHA256 | 1844f152a2ec6960c8b09fda7da0178a6616faa8769c49a4b50a886c5b10722f |
| SHA512 | 3ee048ed8ef7e8fe4e9ce5778903ad410d8245c63cb2cae5c729eedfedfabb086e7829db199434e53a74995064247277ce96595ee5933aeac33bef9f9306e1de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61f3484f357061276370a27ca440a2bf |
| SHA1 | a21d777cb2962b35459142343170fe707219c368 |
| SHA256 | 437a7086914446816b13d72b3242d88fd9e28ca26337f67552491bfc3e864a37 |
| SHA512 | b3f5fdd8de817bfbd3c9738e9cc7b593178cea1c6e44e1c6c0d3fe019bde8161ea7acd29a32947edf3eb4f9d26b2fe62e521e1836525657dddc98db4e0decdc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83b076507bb549fe7b12746128d891a3 |
| SHA1 | f8fc70ec5745d386c1a19fc8a66b00907e70358a |
| SHA256 | d25c5202a9eafcc1615610781c1bd258f8695e904ba4429b2e9a61744b14874a |
| SHA512 | 08561518dc829ddb6b9716faf029798f5aebf532d7279f613bc9498dcc74620a9bda4b284b405c548e7292f1c64675b23e1caa24573ce1805921909d898e8768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bf055216ed462a51beb55d2c499d5d05 |
| SHA1 | f74030d68f765ffc74065903c12f6d005485cbf4 |
| SHA256 | ce2d165ef329f788db87bc539a22a219b66ddbbeab310f6bc77d3bd1b5a4998f |
| SHA512 | 1ef661b56dd1b14dab3e23fdb94b8a6dea4e2beb4ac8c2c136f61a5303aa679da4938e1252da9274cba2e2f888fe288798c79dc1e063e95e6ac65a94494086f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 892442f3e77465b42ef0ae20e74be389 |
| SHA1 | 980647ef22a90e9ff959d5b61621f27e2980ad1d |
| SHA256 | 611360e76fbba095e6663b0134c5a027bb7386efa89216fab4b03a6eeac31507 |
| SHA512 | 2e610bbaa36ec8d1a1d0fdc6d48d8701e10c3515d4114fc335e9d6b2a6eb00463e553f0e7dc8742f841b54be852388f478990141034456d067d85c799ac3a444 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d6bcadb33fef930b5fa2ae0576e4b1b6 |
| SHA1 | 3e40859db862dfa7a9a0d4af9867903bd4325d57 |
| SHA256 | 9042ce50144c2983ccb9bf857fd377eea77fc298f3e9c83780702144f9aadb32 |
| SHA512 | cdd79510b9df7564fc20b0b4e77beadfdf749973fe555e875b1a1f980c98b64e40f9d619b54958e6890f9d307a15cd57b985a2a281bc272cfb72969eff2d9de1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f1e8eb20325ebe96d496ec01054fd27b |
| SHA1 | 41e36213da790967ed9915ead7ba49222208b11c |
| SHA256 | b698a2d0a9b7abf1d1adb600edee1628694abb61159c0d9fc01cb907c668bee5 |
| SHA512 | f42fb259a125edb2c0f027a8b17e3e74e427a8c0bd3ee7f0c564299e688998b75145e0484438f555356ab02a6d2515c1c9f78f44df9d0ccdf0516c819f3cd05d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 0e2f118885944ee6b2055a6ce3e764e0 |
| SHA1 | d58ad50513d53e39799211d3d6dc53b0a349bcec |
| SHA256 | 7c4d5f85eb3fd1e4d712ede40b475fa9465f52a6f2ac9a027ec07ebbdbe29e8e |
| SHA512 | d6d97d7b926bfbfc6191465804e6e845c344348b33a653fa35c4ae63146e4a6b1c0ffddb66041f30eece68dba56e175d1a57566ace720de0af6e795a47c88ba1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 0e746701ede0a07cf547132f345bc0df |
| SHA1 | bdd8fe846fa1a7549e639c19b6195494299e4ffa |
| SHA256 | 205128c8fb52fcc600ec1a112ce134e5bf00e38e94282a53bbbbc594a37fb0f8 |
| SHA512 | 92746dd7d54f1315d61d10a11a038491ec6619573203de1b4d895047c3d72936dafdfddf0e3e72d5f92e87dc42aa623b8767e738b7ccc5ae63b80c29a9bc7b0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\dd77622d-b053-4603-abae-fa9e1abf03e4
| MD5 | 8ca648bf2c2e7a0db5ad1b812520af00 |
| SHA1 | bab99c329a6307eb9792324a67286022d7e875ad |
| SHA256 | d5c87fd15ef15c71527ed30387986751312d74256aea4a087641f5089ffa0c88 |
| SHA512 | 577076d56e2b658b6bf1addfb6347044898e85c9c4e2f9b725445008c30d1429ec1dbeb032a794bc85776ee4c9b1d9b37628f0e886f3df29a81bf4176a1c9911 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\7850bb02-7074-43bb-9772-14dee35d279b
| MD5 | d30b700db575dfdefbafd3e91ec76f91 |
| SHA1 | c3750976c788e18c8030c9b6668852ea343c2d8b |
| SHA256 | 23d14fdb3628f1356c3d825324cd4a08e11875461de71de821db8bc408360af1 |
| SHA512 | 164f9c5296615f5f4b9e2fd7fbdbe18abc7f1960119804099529d0ba8aed2872152435b73c9b8f020358b665ba4d8cfcee23fee29a1a886df5013dd6e8f02609 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e5593aa2834796cf752da3c98b853ff2 |
| SHA1 | d17ffc10ee9a1b3192682e5ef66fc81e082255f6 |
| SHA256 | 78ee18763b53e3633b6ec4ea31e5f5ee1d5d101cd4c6ca0f871f18cf575c26b3 |
| SHA512 | a586fe648b5539d56e29b0aa7760ac8d97df745f761d393b66810d8828828e8751c477c2ea8aa35b1f159a61dbecbd87ed8ea1fd3900aeae17b63c16eecfab3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 39f0bea834d0094083b500e2121e8a82 |
| SHA1 | dfa890b6f83129dd77b5430c73662b2db283cd51 |
| SHA256 | c8c7ade6a58bddee210b2c77a6da3d1aa371eb4532cb7f3eb1e17cf573b4388f |
| SHA512 | 204ac9278a9029132e4b5035787fbf12dd1cd088d10d7b95575c429f290818acb7cc28c5d5bb310f76470ee44763300001dfec1641942129dd25c9d55f8b9ca4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | ba4b6c67fb305d61a9685b684b0871da |
| SHA1 | 3487fd56805f9d96409a0fe1b57acb5ff533de46 |
| SHA256 | 9c66809f71e0b481ed1a44f6deb61961f34c546808fca4d5864261e67ed93d45 |
| SHA512 | d600128727bc4990f75396f4544c1e1155aa5e56df35cb916c36ddff6399d49264136b1515eaf05aca9a24d6ded6ec59a2e0469f84694e9ac8132b264ed3db76 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | e1c384e158264bc43ccdd58f682d4b59 |
| SHA1 | 49c6b2f687fa6e2e15177d38386b2570c71b3a1e |
| SHA256 | 3a5edb2acf7b3dfeaf4359503775720a956eb0c258531b4b85afb8c4a72a918a |
| SHA512 | df47166c3d4ef45cce0c4612dc2c7fe54ed2f6f53a0f3c066ce7b2c5237b7985f9e67598f98995475c964eb0dc3131bb9c6ae024d816c5ac644f2ae9c305e85c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 37a41a1bded86e79d24d20985cd96cd9 |
| SHA1 | cc7d97a11f5d6cc8e06a306e184afaab16e1b576 |
| SHA256 | fa2bb86deb0d208ed5ab39d6cab2cb43201dc78d981403018ad59776a41d639d |
| SHA512 | 28d23d6fbf69eda62448e1a9ef1289854273808b6537f89505cb693c49957b82e2baf671a12706e5dd616b6b915ccf424e6b9bf4938bb2b85d9d3a6de33512b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | ee853fb3c2c33db1d2cb8c0129e66039 |
| SHA1 | c4921a1f655d1ed8bfec180448c91029222b9993 |
| SHA256 | f1c306ad7c33c579103430be1538825752363ec4987781d6a931bb7dde96d51f |
| SHA512 | ec77879c4a4d0d14d53db44d8eb90e2c64a7d9d2b60a453361c5ad7cfb6ffc348e0b5f71ac0122027cc1798b890547ee03db107246f02f384e9ad3f799f821f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b7b31c0210f70eba7538f6cc8b33afa8 |
| SHA1 | 17a805d2bc3dc876177cc50e60ca106e65eed434 |
| SHA256 | 615d378ddff3dd4322ea240728ba2c62bf12c95ceaa08bb63ea3b3feb4bd0e6f |
| SHA512 | 3a03a4d66e292584f7f981c8c3f96cf35cd2c68f31dee76275d25667f73549a289a245d8202c7581a274b3ce77d19c180cd7af65c12cfed7369c2ae879f9e0d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 27ad6cc214b5b438e9cb8d007d06925e |
| SHA1 | 566e131f0ff67489227be169a7d01e1e24767e92 |
| SHA256 | 6fc444aaf1f39366df6805e299efc9765eedb784dfc287787377cf17e621d763 |
| SHA512 | 2526c3980a06fa4b3063c799ec26d8d476789fcd99c4afe58e3413113fbd26146ffec1c1d18617dcaa0896692b94db11fcdf8b6212fe21f772bd188566675b0d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 8ff8a39db8692ebb49331a320bda3a15 |
| SHA1 | 92c2633d0a60f8ab0dff527db5231f5a5cf06f1a |
| SHA256 | a1f78578bed59379f90dd468e34ae56fb715013183d1999b42938bc1102c26cd |
| SHA512 | cd2b750131bc4b71c64a5c880d88981c253db32602725d5cf0746dd2173bbf12b5afce099ecd85e5c7b93311c0f6ea45d86bcbd357c4b02716bc66cc9c605a80 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 610e5a7c587aa76265edef849448f8b5 |
| SHA1 | de625e85098deaebebbca65e8a189cf2e319428c |
| SHA256 | af29933088f6689fd2d6809b9c5d1f1eace8f36febce4512681053d075c2c67b |
| SHA512 | d45bbdbea08f113554ebf72f804929a6e909c7a4f16a0898ae44801626253943d7aa53322769cafbb7c46a270c3c39e72157be8f7baba0d597a3b8f62238e825 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5c8348ec09d4ab74fbc733ec550e2311 |
| SHA1 | ad5cc4a3932f932c52ed0e3a4d9322f062f85a0b |
| SHA256 | 3193811eab9abaa2a891bccb1ea736603601188317c2eb0e57ad4422aec4dfbd |
| SHA512 | cd357596be84fdd3ab1e7b1771668cd7f680a60dc03fe2ad625b4f2bc8cde5e9fb13414e4adfc5b4a3c0a9203b1812ba94030324098b74423f4e1ffa5aded95d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1d4395159f9796c51f3b6b28ddcde9bd |
| SHA1 | c456d6c8b614de941ba1d65360342b29d786da1c |
| SHA256 | b6ab63e71db11258f3c27661453446f3b100d8d6700c24ab0394c5e54d1f77e2 |
| SHA512 | 84920ced0b943f4f8dbaeae95dedd962fdd820128c6b597c3a8999a5ea75a2adf8e32505b720e5ed6bd4d5d300e700c8a110220b49d7655a2e50427df69a1988 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a3b33360f67c46594f70305257aa3df8 |
| SHA1 | 66c322086373fec941b86444f7d13bd99aa9f7a9 |
| SHA256 | f64e1ad32489e9d20c1072d227b2eb335188d649e8f526251062b0bfb9b363cf |
| SHA512 | d371a124302f70583ce75e6f8257dfe01ff906537aa35093c93987a20cf3577461c2eb67d7372566ab0f6cf632d360738ac7f7ec352f565b6a6e7ff7a57eec32 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c4f1a4c0107a0b14a88cc3c9baa02e72 |
| SHA1 | 50da130d966a51d8865db1b118ce7f929a6291a2 |
| SHA256 | 21f8d0cbc7ea80e41e6e4d0efc388f90442bf3cc378831e655b0a0e0ff05f044 |
| SHA512 | a8331983ebbb202ee267afb511d098af7123f59cc1d5328ec27573401588171d667c5d9a2a9216bf68b3f962b2ffd81f14f277b4996a06409d6cdafdf93b0189 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 5ca4b701fb1829d1d5e87c2ce6570f25 |
| SHA1 | 8a8e0e93fa91196e86cd42021a35b22598311da3 |
| SHA256 | 14922c1224d6fb86923e51aca51b1e93faecdc8d544e328808595c45b5c622a2 |
| SHA512 | 76d29f1084f8af58c0a063880a50675726c066d43503251354aec7b1a64cda07533ddf7afa21b6e821960a179b0eb4ab0788b49966d416a36926d8111528abcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\addonStartup.json.lz4
| MD5 | e2b45da6f709967b624ed1ce63ded446 |
| SHA1 | 7c39882bbc1658670eb385e3354515d793a4b002 |
| SHA256 | 13cd10e7bf30fb494ed8ea9cfc24cfdfba9c211e93d2c95dcf672cfbf478846b |
| SHA512 | c26cd51f07d6f559fbb11769fc8bc28ef520d42ec8445c39e32e53a2ee8cbea5f32752ef50a9e6bfcff3140ff6e75e3b4ffd52897e98c3c4daa86fdcf48cad22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json
| MD5 | c6816a4b3523d3e5ae92f910abba7d82 |
| SHA1 | 779fcbb12a6876e7901b3c61f4c0c19e8de39280 |
| SHA256 | 9b53da138c71b890220079035ee4b30a7c96f9459cab7c3ffb08e82d68aad419 |
| SHA512 | 37e877dd1819f082bee07645a60fe9200835d0d41f513f02524054fecf2ee59b6f2e52c0dfd3cf53b81ae8b386c4d6a004a5ebbd90fbcda8667666c76a446259 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ebb9a9a84b3af60127046246e98a19d0 |
| SHA1 | f5a57d7438e4adae3e63ea18b14630b2b25f5a3f |
| SHA256 | 0f0a7be731014c135369c447ce5ba0ce8a73822418b03921fcf49c4eb3b5805a |
| SHA512 | dc23a60aa000e8fe823ad92410db58426625285f29819271b27153b28e6ba1af1c6b358b4c7f91bf6a0ea1379e6eb496f40f58eca90b669fc6f5b48029d02280 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9e3e9c09fda440c6f777a4b6aa28e1a6 |
| SHA1 | c856f5682c377bcfc8ea6d54cf9071a1415ce059 |
| SHA256 | 98a4e3d09347ee622e27017ad3cb79a1062dfb272865402cf0a2d3f8d6c5cf4b |
| SHA512 | d7c2840d3fa09b5090771a945efee2cd3ffd25efcca636b836b2ff4b1e617224ddb4981ce4084d225a13f0dddc892c6137b2b817965d0f1046f8f27878e2bec8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-08-14_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4
| MD5 | 14e152530b0003973263fd54064ea363 |
| SHA1 | 98a18c46e4980317a1f795bb0f364f02b7524f06 |
| SHA256 | 98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199 |
| SHA512 | 21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 9a75ab8d630f4a1ffabd469e841ff03f |
| SHA1 | 8214c771c03c90ba2300af10404cd96d2e755817 |
| SHA256 | 58128a560193b517e9c698dc55ab565ba3dca273ca1c42e26f824c3d8ce18bb0 |
| SHA512 | c62067238234f24a9d3ef969ad9dcfa22bd949bd3799882a5fec8b6d4e8410fb220f316dbd5ccc82a841bee5676ae0e8c008d39fcee4af855d62f95b98c317a3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-14 16:00
Reported
2024-08-14 16:09
Platform
win10v2004-20240802-en
Max time kernel
504s
Max time network
497s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\windows\WinAttr.gci | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
| File opened for modification | \??\c:\windows\WinAttr.gci | C:\Windows\SysWOW64\cmd.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681248535561352" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{2840A012-96C9-4ED8-822C-0B681B5FF766} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 558490.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 635426.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kkk
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa0b42cc40,0x7ffa0b42cc4c,0x7ffa0b42cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4092,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3260,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3772,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4672,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3316,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3280,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4692,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4384,i,7890890278958915974,5238246759105356943,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f8bc46f8,0x7ff9f8bc4708,0x7ff9f8bc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x338
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\FEEF.tmp\FEF0.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe
"C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe"
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe
"C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe"
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\YOUDIED 13.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\YOUDIED 13.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7327105543555322130,11759650824886418031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
C:\windows\SysWOW64\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe
C:\windows\SysWOW64\icacls.exe
"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65© "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit
C:\Windows\SysWOW64\takeown.exe
takeown /f LogonUI.exe
C:\Windows\SysWOW64\icacls.exe
icacls LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "tobi0a0c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| GB | 92.123.142.91:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 91.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.142.88:443 | r.bing.com | tcp |
| GB | 92.123.142.161:443 | th.bing.com | tcp |
| GB | 92.123.142.88:443 | r.bing.com | tcp |
| GB | 92.123.142.161:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 88.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
Files
\??\pipe\crashpad_3472_PEOUKBGAYFWDCLRT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9d6d58010eae61bc89b742ed10f8e9ef |
| SHA1 | 1a13476d278107fcc98feaeaffe37c5d2f97bc62 |
| SHA256 | 565c98a8e211f9c7e89d0118eb5e8edf27e9bd82782aa758c3b3526bdc132839 |
| SHA512 | 856aa329875d78ee7095ceefaad7fb14c4cac5936fb32b982978e0bb614a4553b339410fc742e779b499f1152ad661996e1d7434aff75f3f2ea57a51d75422a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b1e09d1aa09edebcfb12c90bd9bb2805 |
| SHA1 | 8afb49772ed18c009e6fe1f5bc64f6d8730e1943 |
| SHA256 | 728497c56f0f290e8c7a92e998399f56f0556641bdd69484820ebea0de1befb9 |
| SHA512 | cd7ec1c08d7d268e5426068d8ad0a9ac464b6a8542f07a10415dc4b553623061ae5ee443a00f9afbbaed5f0ac86c8c53183572311268ee9c2b416e3f9201cbe8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a536a397a6d15bafda1142c71b096afe |
| SHA1 | 353945ca012fadb9438dbfe7e098f742ee1b1306 |
| SHA256 | 2ce37d60bb4dd2aa57d447762a4aa14f11e14a72fb3a2c287d1b01c5e31846a1 |
| SHA512 | 73f922624c544f51aaf60f63ff28b8af1b1af30ea2d0a3d02abd32555a7786d108f4a822a693fa944cbb98f3fffb45a25531242b4433ee3a9f44273d9fac6677 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | befb540735e9ce0a34ab66abc2b4682e |
| SHA1 | 3dbf83136d7e133618fb40ef2eb6cd2342d88a2d |
| SHA256 | 326d93f61eb3a19fb207e5deca49c5d464a0d2d240f05d9b1a4564c6e7f4101b |
| SHA512 | e823e9b3692f708ba1075ffa2ad31e9c626e32c7f14624d50b816d8ac951ec5c051065053aeb8cffebf348da58ddb1b0578c4b532c05039e8ef912b9b4090ff7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f2afe10716560454b263bc4c64ede06a |
| SHA1 | 747855c2f4bbae436bd38abd8dee0163ae046a98 |
| SHA256 | edd78345d0fd77bf9b0216b661c377fbdcddcc727e4090a40f1bc7bed6fb24e5 |
| SHA512 | 1091a028178452ffd4587e1230d148fed514f94daa31cc47b58346d58104db2463e11c33adc74de67421175ffdc229d163987fa2c6c2d2834fc2ff0125e51993 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 869a862c1bf09d3c556d1d54553ea731 |
| SHA1 | 456ca84dbad83b02b91f211c69340497a404fefc |
| SHA256 | f237afc64914170b4e4ef2e885169c46a1b471deeb9a56937b7ee06bde2cc55b |
| SHA512 | 1b11757d96d6c99bae6469162eca24648525c9800bbf0998b1dc8ba573b4d36367adb46dc2749aff05324c9a6a6d6bb469a8d3edcb38859e52a2ca65bb326845 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35a31a6d6050850ee7c2b441029e2e90 |
| SHA1 | 8e07c83914d140fb1b78c3256730726fc7bce36f |
| SHA256 | 956701d7b45ed64dfcdc8de408b694030d90ec806419e27b89879f4eef2eda28 |
| SHA512 | 8e990c1b90f48c00d979f0fe5093fcc06c80f44bb8e15fd7ca472eb45698f4800a69ec2707f5e46329db004e08819ace9504c7b096cc20045d63869c9cc32dce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e367cae529c800c9b6163ce38ddd843 |
| SHA1 | 625861f41849653838ec4d4d2decd727ff11bae2 |
| SHA256 | 7bb0a2768abf546b9ad61266371029d51223918932994ea29aab3887a4202e0c |
| SHA512 | 53e8630e9c6c659d58c128d451dc10b9ed5053c195a67e6a0dceb27887ab51b3a7e51ccaddc11ff067ed0acaa821cb4ffefff0404fb906692548e7b1e5e017c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 498270e0485fec80bdf80988ebfc38b0 |
| SHA1 | 1f49607d157251c130e3736af52c948ec5dbec90 |
| SHA256 | eab64f7d9cdbc3244a1125c6a3c41c66f811498143ec9c7058ee93aadf0df6d7 |
| SHA512 | cf5db5929996311b40ecd2125944f719bde4a3d40baee0c5175c207c8e0eb4b3752e00ffa14e393d6b5d8e31d1f9a087a296cbfabe75e8d08f1c138d15b00c0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 17ff40097c0395c6ec3c41e440b81b41 |
| SHA1 | bf368a465ee876d5908eb413e5482373f80d7f3f |
| SHA256 | 34c72b534a5c0bbc3632aa8a130f660599903583514bb7cf2680e27314f2898f |
| SHA512 | 43c201af9787e3c50d744261f8681af75cd330de48c358262d5a68d34d32dce41591f29ba9289a11fac4bf27eb1a234fbee003980ac9e4a0d62277d6c901ad5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5633732bc7da59d53e7531b7a0c9c8e |
| SHA1 | 04ec76d7edd44b09c065f79030319623454554f8 |
| SHA256 | d04aaf4da9aae7a5bb4a951b3ecac16d087a2ad5b494d5dc8b81727c5117b0f3 |
| SHA512 | 291b8cb33e6fbb3de218eec0b18969f8b2035618cbaade2fa0c30d93abb0fd37d4ab8b92464b9bb77ddbdf2aecd4a21024b83bb2d97a5a724e2bff1cabaa1a99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b966ccefc917a3ec811ccf92e66d3c16 |
| SHA1 | 67df25897e3618ad7f2121cee09acd45a30ee6e6 |
| SHA256 | 025f194d23aa8890ee15e4e45ff9a570afc66a1bbc1c77faf56c0cf278a2c269 |
| SHA512 | 0e0c8d66312c81607f37fbf822c7d64d14fcb4c193c5d3cd8c9fbb7de360c3ec5dd8cf5e4524fbdf96a4e96e7a65dd9e6f3835d05704d02414371f7c323d3258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3afdd05012b8aa1ea0bdfa8f714c2034 |
| SHA1 | 26bd21ef1f12c1a3a529fc729de79bba3adeb6d6 |
| SHA256 | b07c08193eb3713d40483f5704e1cca5af880d8719783589b2d512776a235e0e |
| SHA512 | 0f99bc2bd7581d74eb963cc4f903aa5262c825927f1522fc6f42b07389ad48dc78d30c42e9f0534fdfaca8a93527f6ab62e4e6d941bf9ec839d436513d7f0577 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 742b146ef594038a820da280cb929841 |
| SHA1 | 26aba22d9674860080d5d546e78cb3e9cef94db1 |
| SHA256 | 7b7f6d50253a01d6a0b9d4f506b8985b306ed79281be28645031d5936d9afcbd |
| SHA512 | 738a9b0cc37779d68d92c46e326e4f225de4086e585224b1f142e9d404b38279534a8d39617809f302b0759d50601b7ffc08ce0e2c82bf51728b4ee3dbf55967 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f47c8c4cebc36ef97502bb1c84e588ac |
| SHA1 | e0f0ec293f495088095a33dd1e8429241a796258 |
| SHA256 | 55ed722880eccaa4869347a5d632bf694fc53412ed6bf6fba25911ba22a15ae0 |
| SHA512 | b73f0bb2852ae25da76d9f7cfee2485c87d081b2233f2a959be1c8339ec5fd20a829228848e373edc17b059e7c530351a160e2292fe85fda51cae1dfb2bf802d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0919bda127ff0e44ccaa8a92e21db57b |
| SHA1 | 36548a0e51f665cc14359059711eb71d748a82bc |
| SHA256 | f3d10af1a311d5955ba89eea9cc0d6aa0f5c6f61f42d66954e24057805ee2499 |
| SHA512 | cbc0fd583df07440c648aeafbfcab10734065b69d1352c8d9bf9668230f17404eb4577bcefde2497ebeaed18f90fcdef9700a1728c199af233c2dc8e984f94b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\524dc3c4-026c-45f1-a1aa-75179fd3257e.tmp
| MD5 | b883f12180319a66d3b86f600c24c5e6 |
| SHA1 | d11039bbccb43d06715460599fc847931df33a14 |
| SHA256 | e4384accf67780a8e34b481bb52dd6e5bd83a8249daabc314ffab3d3aa506139 |
| SHA512 | 2868c0de934a015dd2ba958771cb74863949caaed1f6e793753b9481f27ac994808731b30caa6ce871ea472d49663a0dda45032e58e344bad908ec183acaa9ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf103dd38673c4ad6169b4793860e6f7 |
| SHA1 | 0cb7d4cad8db983ee0639c712fa9bb945a0db648 |
| SHA256 | d977651a13ce33e39a3bc5306d781e294b27bf357fc3a424c2fcf9b4728e2497 |
| SHA512 | 8e3dde48a3343900980f8e3508b3be8d4a010b1b268ee34c058c6c33ce9b8ef199b9490058ec957dbd967b9e0a9b7c2905d8a9efbf7764132a10292612e60e32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4111bf71-889d-4240-8060-12ed9d2a9f5c.tmp
| MD5 | 141427e5050d30d4beb1339782b77060 |
| SHA1 | f2ca0066eac324553f11d4eb6ef1741a80658104 |
| SHA256 | 66a34039bcc204e66ab66399308a83793d3fd7a8409555d39bb1793eef8eb115 |
| SHA512 | e6d6352f0f440235338512639e853b5f4e04b684e183a38752d25265e37371f3614b27e96ea581903ca1115c7afd31dae35d5d877f73c62b363737d3e9da3058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3d22ee6ca0faccc2660cb6f28e9e14a |
| SHA1 | a984d55661273b8ba099348d874040c825e9b254 |
| SHA256 | 1a50f9e03ab7508ab0b35d241b6998674df9dc3d3637eb536b8f738ebae82dfa |
| SHA512 | 770f44801deadad8e30047277ab7f3cb64a859a4741df9dfa3807249757de0c4a4c1734d50557bfbcb57ec8fb89915b7a8f94cc0fadc02d28e852c25da6b20ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4761ebc79419df260fc021a9b2be537c |
| SHA1 | 8c628fb513e6d3cae97902d5de1ad90548612d3f |
| SHA256 | 10ac51b55bfe44459b55a8afb0d437f5d16f2b3ba133fd073df207a6cbdd6881 |
| SHA512 | 83774814279ca2cd53f56271aab8cf0a6c658543419dc42390a0cfe83770f4f8e2c0a361427148a92c6f46791f3b3a9095f5255cbb420641ee4c94efde25cef5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8317a598725efb8c641af86e62e510e |
| SHA1 | 24adce38a7da3590b9ba6b63e11cb85a8028c382 |
| SHA256 | d900bd6f8c4c94a590a6e529fcb38251bcdfb488e2cb9a90e4bfe3ff7d06a91b |
| SHA512 | 758d6483e3a87f070942a608ec7a8be9318cc52703ffec6a83a4ab0cfe0142f71a2af257ad0777f3f9688a3c04e1fb3340cc3769cf9865bb32402d7326012cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bb90b.TMP
| MD5 | 56f4115b138b1fdc0db373dc4655314f |
| SHA1 | 1d8465254dd1bd4362532aecb42aef00d5e85761 |
| SHA256 | 70fca7d6d3f654eed1d3f0acb799feae0bb42faf416855ff31eb77e020cd3b93 |
| SHA512 | 7c37e58fa57a91519fba764c59f92c7651ee56f158dbb782511b892540d889dca9e5692dce95f4b0b9a0fcbe5cd85eba1fe617ee0bd8654bfd5dc61da0bb096b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b71ba1c38d096d8f111d4f7b65088692 |
| SHA1 | fa4d1e4de6d78456fea6275fd566f8f5438702b7 |
| SHA256 | 3bd1d2df208268870bf1e71aa8d545e40e3e040db962335fe8b87981211966b2 |
| SHA512 | dcede9de98f82d628b51d7c123581bdce6c6bd099b90668f27c455651549c4780dacd458b3a33ec7975196310a79112c28334bd4fb7dee67887e6beba707e55d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 8f5a2b3154aba26acf5440fd3034326c |
| SHA1 | b4d508ee783dc1f1a2cf9147cc1e5729470e773b |
| SHA256 | fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac |
| SHA512 | 01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\9a60b377-cf52-43ea-9e7a-71c0ac620024\1
| MD5 | f5ab85ea7eb77f497d765e8df3c968da |
| SHA1 | d088d8a8029d7ffb2f942a1872ff8582b74c8469 |
| SHA256 | 7a0f8bbd0d34af175dc5806378b62f17567131c45b46be75535a4282718c6d8a |
| SHA512 | 82c1c9d8f0e39904671274bcd9fb14e15477649cef6a1aba623669d83b84ea454009d997444802aafa1a732bc6d3dba2b6cd0f82c70547c3bdd733421030c216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8f57e5c5236fafea9177887345cf7da |
| SHA1 | e77d3d9d79e2e1aca48e94b2ccafa68c61d8a0c6 |
| SHA256 | 781029994be26bd63a3b4ad033fd49b72c921436293ada86375991e4b6377e6b |
| SHA512 | 86f33419b6f0dd9e638b151dda49d30022a25733467a943dcaa9c85713fd0941113686a65c28dbbe0b326c74177f6f3ab68c6d988c2f7f6b09225209b81bf472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5f0e8d06a32af4a756875e76b5a0c1c |
| SHA1 | fde80a6a0ad4e39911493cd8bcdcd38aa97d18c3 |
| SHA256 | 14e5d7e187ee825d95347aca9333c272cd052fead2e2e37458f5c8a55ac8e527 |
| SHA512 | eb7f8337dda7922dc41a880cb803615dfd6950e5e0d326b2e30340aae86ea6c101e4e17fd03906afe107ba9c7074fd358a6bc32802cb93f91a71fbe07754b811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db20c5a1d00560096250c9b5f446cf4f |
| SHA1 | f8669c9456f891c82a967105bff67091e00b52ef |
| SHA256 | 2a6319d3493693fd8e0aba4accc8814e43df714d04062bfc947abfc975f72152 |
| SHA512 | c5db7ef29fead861024a468ae934ace80f559757b7d11b76e6e18569df925da393a28bc11b186dd2b7d8f2adf559f53c67c6c30f3b7a5e0d3a511609a77a0667 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e8da8ae42ba2cac03b02b45f1a40f58a |
| SHA1 | 29ce7081808d1947bd2d3eb5a65f20491ad7e755 |
| SHA256 | ad5e47d189e9d07799c28a3bfb8d0a93a97b818d6a3670a6ef2996b10c90dfcf |
| SHA512 | 08ca7d2de4adcf84c201e685601a66668ecc4f2cc2ff39de56f5a6a3bc46f3bbbb613179674610a5cdc290dc7519733bf739336394d24f3c139e4381d5bb6571 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 622b5a6632c37bd0395082afacc0973d |
| SHA1 | 5e4759865b3f50d52927393512e27bce852d1196 |
| SHA256 | 56758b834a7acadcda2780082e7b9095d663569d10e096838af850aa8eea1061 |
| SHA512 | 85027e9b5925b6e96251e9f28317cde11225fb250e4dc5ee4f40c77c4110426226c34a222941bbb15dfd53cc0faa57e969bc44cbbbb3e85521c9933c9821cd06 |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\FEEF.tmp\FEF0.vbs
| MD5 | a0679dce64fcf875f4208b823d4b85c0 |
| SHA1 | 85abe3673db82bfe5b2c207dc98648e32afffea0 |
| SHA256 | 85a07013575a6a890c7b1d26adaa52f17616c4cca673617aa1fc0992aa29dda1 |
| SHA512 | 1e2740a09acc5b0d679acfd740feb3556638f1b6029078668bbb7e067b356fcecf23c5b317b02888822cc180c0eb5cb7e2caf63d92a74515ebc5a1031d80f3a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f5ece09517c9fd89ce57fa42cdd46a7 |
| SHA1 | f1fc052891fc37a13f58541450a8cdd00230234e |
| SHA256 | 2ca42ff1996486ea4a42cb308d6b28d10554b31065c1e8ffd7eb7c59fc783aeb |
| SHA512 | 28ffc518df260fc7a4ff15905371163e6229536f25709e2beeaba002e6ab6bab80eb20ddf1005e902e7aa8dc067b0b653730102e2780097bfa024e62642c8890 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e66ac71aaff376dd1dd01de9b5326d11 |
| SHA1 | 1d08063e85217c2976f1cc2628b3e7a2c3e38c03 |
| SHA256 | c548dde063582e8cc99f54605c58662dfe877df5cb89d7ebc40e7e0a5eb24c33 |
| SHA512 | 3d53214a609999d11f87f32c45f699ac8fcd70fb2bcde640dcb6e38258ae008a968adf3ff08365443daec8c5af03849c6fae2432086b2ad793e0d35c333614ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0c9b13ac33892f3fdd5e467eba819b5 |
| SHA1 | 4442f8d1d00ddc27f5d7e12dbcdadfdf0ce31c15 |
| SHA256 | 08c022650eea557a9a26ed0fe813cce690be2fd7ff7cefca57c4767d82589d06 |
| SHA512 | 3b63a36c9bdbdbb2e5c554eac87e7e88b3f4730ef077cc7b96591d1e5538f4d9a91a76f1142b9e70bb620defa29f97f74b30ca7895a82029fe69872826078869 |
C:\Users\Admin\Desktop\YOUDIED 5.txt
| MD5 | 05d30a59150a996af1258cdc6f388684 |
| SHA1 | c773b24888976c889284365dd0b584f003141f38 |
| SHA256 | c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9 |
| SHA512 | 2144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mbr.exe
| MD5 | 74be3afd732dc010c8266326cc32127b |
| SHA1 | a91802c200f10c09ff9a0679c274bbe55ecb7b41 |
| SHA256 | 03fe34795ad0f91fc8eb8c9ebe8094541e4fb4d7095095f8b48f345c2a6d0f0c |
| SHA512 | 68fa03d640680e37614feccb56f4d41180724cb7c08ba25f9bea3830a44c03d635664d8e0255ab2d05d3613498f4a4dd4398b7971a2cb1c9ae3be93f944946e5 |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\tools.cmd
| MD5 | 288bebe9f904e6fabe4de67bd7897445 |
| SHA1 | 0587ce2d936600a9eb142c6197fe12a0c3e8472f |
| SHA256 | cf965fcc5a7ca4d9245c706c88b4d5013fb84be27b0ec262facccfadf14bdca2 |
| SHA512 | 7db8e7c1318bcab7cef2c02484a82f347a630443a644b546a5cc339a5a848d1a3e915255f9c357de6ee26817a55d1091d80e2a8e97f66afa5686b3d11ee56c3c |
memory/2472-946-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bg.bmp
| MD5 | a605dbeda4f89c1569dd46221c5e85b5 |
| SHA1 | 5f28ce1e1788a083552b9ac760e57d278467a1f9 |
| SHA256 | 77897f44096311ddb6d569c2a595eca3967c645f24c274318a51e5346816eb8e |
| SHA512 | e4afa652f0133d51480f1d249c828600d02f024aa2cccfb58a0830a9d0c6ee56906736e6d87554ed25c4e69252536cb7379b60b2867b647966269c965b538610 |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\gdifuncs.exe
| MD5 | c47c6a5111193af2c9337634b773d2d3 |
| SHA1 | 036604921b67bbad60c7823482e5e6cb268ded14 |
| SHA256 | 7c4f20624dd062a6c71d845d05c6328d5a903ca96398e2902506591b231ed585 |
| SHA512 | 56698b7b2edc0f94d0f7172c853cbe67ac682d132df768659ebca0c169091acb36ffd0a6874c26e2fb35117061c91c9eca4312532ba778312e3d63cc77ce1262 |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\mainbgtheme.wav
| MD5 | 1b185a156cfc1ddeff939bf62672516b |
| SHA1 | fd8b803400036f42c8d20ae491e2f1f040a1aed5 |
| SHA256 | e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36 |
| SHA512 | 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbf79be742cbaa202e5b398e555a82de |
| SHA1 | 35e1b88916a1db0b4d8217471623e5f2b9fd8a98 |
| SHA256 | dc56ab691f56e5ebc844bf851444aa43ce5313f3b70b4d2eeb06fbd4861fdc6a |
| SHA512 | e914f32e2d12d7708ef136510e7bcb7f97351416cc716a4800f2270260e90a2b91e22d59d9c0d2f9bbb411e19093c6e7eb5ad09ee00fb7881a304966e48b433f |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\jeffpopup.exe
| MD5 | 4151b988c9d5c550ccb6c3b49bf551d4 |
| SHA1 | 10ff979be4a5bbacaf208bdbb8236b940208eed1 |
| SHA256 | 5ec45cc1a109f556d0cd44ba48d3bf11af556ee66dd8b78c94d3ef0e93735e8e |
| SHA512 | c73947b534741c29340550066cd1a6b7cbb4387f3be8303f2d1d0cb21c6f430e0415c27daabc82d32570f421934db78dc840403de18aef09d5a4f0cbe4350e4d |
C:\Users\Admin\AppData\Local\Temp\FEEE.tmp\bobcreep.exe
| MD5 | 219cd85d93a4ed65a481f353a3de5376 |
| SHA1 | a38ab77caf5417765d5595b2fcd859c6354bf079 |
| SHA256 | 00c9fdc8b877c7fb8365709155ab28cb3dac282ae7ec9fc9d47a78b408e0d13f |
| SHA512 | 367644e3bc3310207b5863b09688269c38a55540b8c87e71d66771c954d37d561ed09f3ee11b36c4c8f4a48b618b2e8debae3d93ff684d15305f93a3ade6b3d9 |
memory/4716-976-0x0000000000620000-0x0000000000B22000-memory.dmp
memory/4716-977-0x0000000005A00000-0x0000000005FA4000-memory.dmp
memory/4716-978-0x0000000005530000-0x00000000055C2000-memory.dmp
memory/4716-979-0x00000000059D0000-0x00000000059DA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20a08bbd1196056c68b64908ddd8fa6a |
| SHA1 | 0fcbe02c3fb18326705f2257103ae71a1ac53051 |
| SHA256 | 6446bfa81c6692616b3089c7c61c84f2be9fab8ef4e0f2c73eed25b396335abd |
| SHA512 | f9d0fb6a2cc78de9e958ab5408471afc06e3dc0df05dae3ffad09d951eee9822113e7359968d861c9ceaf3b7f2198e7fd1881426b2f96c05c3e8146dbe654e44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c7fcfc38182f3962adc4cf4b62f79f8 |
| SHA1 | 4fd6f2212af66ff8452f32f45f0377ba9aa55ea7 |
| SHA256 | cdcb5c88dd1dd0d1ba2407d49ef58b4c873e37ecc58ff6998c8d8454a97b3d6e |
| SHA512 | 0c2a34547b422c441e866724697c78f4f959c5f5695d558e558a17967660654871df2d9009e79a311e98bde9393564a328a0bad64dee9e9bf288d3c24dbaa525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 125f6ac962876e93d35861bd1ac80cf5 |
| SHA1 | 67ce34a796bc71eaee3fd276c8e7276d4cc73c3d |
| SHA256 | 99a2ea1d01386447ef1809e5b88383e1794c49b01f30915066466e8b907b1d93 |
| SHA512 | 28a514081cdfdbe00812c63584432fa3111f9a6621828ce8398d0fbe75043d44ee706f05f64b7b98909aa169b2714606c4353694cb596d0bc018cbc222398ef1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9e7275c8fe56f6f3295614e2fa71d41 |
| SHA1 | 7b2f9ccae91fb22ed43e7282b5af537f48ee14f8 |
| SHA256 | d77aca077334bdb2d1cb69ceecf869e3dfe31e634feda618186bbc12b55d3e8a |
| SHA512 | 95740b6a28c65c3aee7a6d6e3bd340618db4adb041c20028f4fc06aaf9b4cc8211389687547a497edbbbd70665267a293c6daf165b2a85d608578eebae7e7325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6bc3f16fed24e00fc18c316b6495796 |
| SHA1 | a91a395ac7025ebcc3e4d88901051babedeeea97 |
| SHA256 | 9163925c67b76d3ebe2e6660f8a460d5941f0641efa455e29c5371260c9890f4 |
| SHA512 | 1ca43312cc080d0d97b201eed88404365bd77fab85832df8b6643d1aea26478f985bc601e291a4080a74fba103d88127202414d72778e88a1f120d319fa235c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f1bc68c02fedbe2bbf9f3cf3e17a4f4 |
| SHA1 | ba699f94ac6a84961edc88634c1966e8972dce69 |
| SHA256 | 47e0aa8873bf72d8c64f4a63cf3279c7749dc23f62a9dcaddf9a8f67f41be89e |
| SHA512 | 355e49bb0b1833b723cf9a62bc4caeb280be4c9d44146fdb028cdff5ac61523d7e08adeec554bdfc5a18aa043fc877db88b008bb7474b5359c15941161141410 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fbde86da0b92f59ef2a244c8aafcf30 |
| SHA1 | eb4def120d1128552066c14aeb5950d510e60fb8 |
| SHA256 | 6e399aab28a247babf1dd126b6a24cd5029f27eca59bf054d392dd8e5ef3c23c |
| SHA512 | df9687e7e975eb7d15e94de100bab5e0f74a4d39b7113735f4b05db540438722e6bdb4f4ceaddcfbb2cf0fd86190a74c32d151889a4341445c99a2003ff6a3e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6a102b8d100f9acdea58c24e68c60db |
| SHA1 | 783c7a8faa887b39c8ce3fcc5d751e879cffbe15 |
| SHA256 | d240ba1a8ef3e37c6e1fa32c27f1a7a006f8f28a939bd9b1c5395644d8905573 |
| SHA512 | 3bed8abf82a0227a888e63d8fde9c6e9cc9670d4cf64104006f5bb07fc2c58edeaaddea923b8592f2cbdc08045de56209238178d479d91ba8ed5f9849ee47070 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e116bd79aadb37fc627bba42859977ea |
| SHA1 | 072687358ffce87276edddf7e7c9a1b02ef122f1 |
| SHA256 | c37920033e8b455db71c145487afc1947c01b3674edb1aed4bdc8e6d0b8d9a8a |
| SHA512 | d5224266ec4166b926bb2eef3c74a14d97fa2d1e6b62db88c24dea431da2697f59463ff5b26dc466b332ae6970622f08262dd58b684d1ab2a7fecd3823bff177 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45ea7965f3718663e97d40c1106b84f7 |
| SHA1 | 1cba504bcfb8525a69081812b33ee6f20b432e8d |
| SHA256 | 216389e26a9f39ea5a46db33ea42d1d102483b516a97c910867b1775f6b36455 |
| SHA512 | dd3b65e871af8444d6b834d8943bd2b8209eb333026e816d164d845dd7ad637237b31b90813c86914cafe40d5426b3a1347f9715d57a6ccb40b23e3b69e7053a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a53a31d946c4fa4221b59dac5733ab97 |
| SHA1 | c80bb3b722426f25b3bbb3335c3f8381eb2a143f |
| SHA256 | 4323768f0929170ff14b48c0ac02d419b4979dd3b32a9954d97bae5ce5d4bbf4 |
| SHA512 | 3d648093962c5ba5167d3733acf592c30cb0bc3670c8ae0faaad2ad9e5ea438056ae5ea2c54869f4478c9409926e491771f16bfd8cfbd9e8ccd8a949901367d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82dea13010def9bf91982920a37527d5 |
| SHA1 | b7aa5d59fabfc0d68efbce1f6eb5e9ee7e501194 |
| SHA256 | 28c4c8415500605ccb8f74cfc61a4b1231ce8cdfd09fcd498132b08df5499bde |
| SHA512 | b2083eb6b22300274ae29165b94a6b323f8c44572392418a6a2b211cbc4aaeb56eceded1bc7be67bb023298933b4906a40bb68a9b703e56f5cca0e15c4a120da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46a4d666e03700d7425c04fb30b3174b |
| SHA1 | 4b461326dac2cc3ac4dd89f6cfb62593fb551c1e |
| SHA256 | 35db8b5bd3a13c62d55f4f4b75e5aeb1084c3b83cb5cf17269efb89fe556825b |
| SHA512 | 7e2302427916356e7c364de5604f0aa3ced1832e2357bc9e0dfcf74b1d06d7179dc2a77fd064981c3c220917f644bd42b69c4c69e5f49ad35129869d2433d536 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f28b7bf5204956b9af07a3827238dc92 |
| SHA1 | d890bf4a0eb5252aa2ffe3332311fccf7f1d277e |
| SHA256 | 9873e353d270499fd47ee721fde19123f8a6ef754a4ec6e1c7bd80aa545336ff |
| SHA512 | 7a10d56950ef4ece776773c9dbed3319e372f26e424ecc073532f763f4b2c51d483de8d6168d66ad6179e926547e6ff3f01b4f82312946ae0fdc49202dc8b060 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26964265ccba865663227601d7744170 |
| SHA1 | 7fe0a256837b6b20232e147a0114477f257a017b |
| SHA256 | 15c4e2b28fd35c564f9ef8f6f62948b237d14fbb61b8acde9ce30d6b9a8eb857 |
| SHA512 | 82d73899c07e6843df678ee569a2b34403de731c55d3ed469d0afeadb0f13c6e8ff7031e07462594b54cc922d3f531e28b41e78b99f5d8a5200f74c4c5035814 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 58fb9b8c6846259893553cc77b059d9f |
| SHA1 | 0097794092ffb648f9cb47bc04998f9185500bbb |
| SHA256 | d36e2cebf9ffdabc38194e6089eada027631a67fe6538964f61a4ac72302a317 |
| SHA512 | d9ab7701e82cdbe05499d2587aa97c406870cbf3f777c6ee64b0bd54af260d45076d0843e85fd4bfddd11f0f99ee5b042418f45837e8a7b33c814abab179d8e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fe64cdd575340dacee1ef51ebc10fc87 |
| SHA1 | 7550862288acbb85f74ad74099847208c105f051 |
| SHA256 | 4a2e4de78b4d227a64c583ad03330b2e5df034f068713ae0c2d95266eade02c4 |
| SHA512 | 3ac6c40afd72f26fd9f79a03aff2b0881b6ad216b746cf023a3f4b377c27b54750625e6273ff7e0b5371e0bbb2ad8d155f9391fd284f4aa39b8d043f2109cd0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a91ac8cda739d676221f55826d996949 |
| SHA1 | af91040e027ef50f2b27edeec6ee094782168dc7 |
| SHA256 | 44227a1ac08282c4d719e336914a88e66ee81548471ce81e96eb6034cc7b9c1e |
| SHA512 | 789615f21e0eff3d66a0e2b193c5f769e509249bcab824c617259478bc61d1323af0e76d573454ead7db04e158bf456337df506b1b9fb47018632c5c71b2c31e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d28fb287a0636cec30af957a8248920 |
| SHA1 | 3db8376b0967f351323b8fd98d0e04bd96fa7f1a |
| SHA256 | acec44b996f2f5b595c9c5187ec240afb7fd14517dcebe1107e614f6b273a996 |
| SHA512 | 40be3d22d988edddaaf71a80b0228b49c42f404456b937419c3c114de6e5252a8fcff1de8d4e1226ed84db09a7887b58847e0a450b409c810d2fa4b0ddf97374 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b734f054256aa9c6b8033646ee65efc5 |
| SHA1 | 761919b599f6b1d4a8e76e9e1621e56f7ae6aa4b |
| SHA256 | 04bc3277ae0a746142aad8b54c3a99d9c831b977cfd2030e094843c03422dacc |
| SHA512 | 58b1c2ae29b564607801ab659ff8c8d72fd613b1103e5a66baefb3d9260b8225b30ac3cf19c9f4d05536664ada541f55cc2ca4a534c18406dc2c3257f5773dcb |