Analysis Overview
SHA256
000bd548da4592196272f1849df1262378252e0bfacb03c0239f6febcb5cfb01
Threat Level: Known bad
The file source_prepared.exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates VirtualBox DLL files
Command and Scripting Interpreter: PowerShell
Boot or Logon Autostart Execution: Active Setup
Sets file to hidden
Executes dropped EXE
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Checks whether UAC is enabled
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
System Network Configuration Discovery: Internet Connection Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Checks processor information in registry
NTFS ADS
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of SendNotifyMessage
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-23 00:35
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-23 00:35
Reported
2024-08-23 00:55
Platform
win10-20240404-en
Max time kernel
1141s
Max time network
1133s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Downloads\source_prepared (1).exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Downloads\source_prepared (1).exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\WindowsUpdater\Updater.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\WindowsUpdater\Updater.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Downloads\source_prepared (1).exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Downloads\source_prepared (1).exe | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater = "C:\\Users\\Admin\\WindowsUpdater\\Updater.exe" | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\prefs.json | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_pwa_launcher.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\optimization_guide_internal.dll | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\vulkan-1.dll | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\chrome.exe.sig | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\manifest.fingerprint | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\chrome.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome.dll.sig | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\metadata | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\VisualElements\SmallLogo.png | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\uninstall.cmd | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| File created | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\MEIPreload\manifest.json | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\vk_swiftshader.dll | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\chrome.7z | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_100_percent.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\bn.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\kn.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\ml.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\sw.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\19743d48-3b99-4fea-823b-53a2f25f661d.tmp | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\3197d7eb-6416-4a77-ae58-704faf8ea252.tmp | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\vk_swiftshader.dll | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\chrome.VisualElementsManifest.xml | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\sk.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_wer.dll | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\CHROME.PACKED.7Z | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\127.0.6533.120.manifest | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\ur.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe63ba1e.TMP | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\el.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\VisualElements\SmallLogo.png | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\notification_helper.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\metadata | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\8f1f6d11-5219-427c-895f-75f86eb31f0f.tmp | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\vk_swiftshader_icd.json | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\53abbd34-6990-4cc2-83f0-bc94de9337a9.tmp | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\hr.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\8f1f6d11-5219-427c-895f-75f86eb31f0f.tmp | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\sr.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google7188_867646295\updater.7z | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\_metadata\verified_contents.json | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\pl.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\chrome.exe | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\hu.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\he.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe60b53b.TMP | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\manifest.fingerprint | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files (x86)\Google7188_1817720367\UPDATER.PACKED.7Z | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\prefs.json | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\en-US.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\mr.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google1296_63212074\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688475077430627" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey | \??\c:\windows\system32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\TypeLib\ = "{DD42475D-6D46-496A-924E-BD5630B4CBBA}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0 | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{D4757239-55B2-5C3D-8B06-DDE147267C2D} | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\TypeLib\ = "{8476CE12-AE1F-4198-805C-BA0F9B783F57}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\ = "{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWeb" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{D4757239-55B2-5C3D-8B06-DDE147267C2D} | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\0\win32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4757239-55B2-5C3D-8B06-DDE147267C2D}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWebSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{119413E1-D553-5881-9669-43EB131F5143}\TypeLib\ = "{119413E1-D553-5881-9669-43EB131F5143}" | C:\Program Files (x86)\Google7188_867646295\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\ = "GoogleUpdater TypeLib for ICompleteStatusSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\1.0\0\win64 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\4" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B} | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\ = "IPolicyStatusSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ = "IPolicyStatusValueSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\ = "IUpdaterObserverSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA} | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\1.0\0\win32 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\ = "{463ABECF-410D-407F-8AF5-0DF35A005CC8}" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\ = "{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0 | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ = "ICurrentStateSystem" | C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\WindowsUpdater\Updater.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\WindowsUpdater\Updater.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.0.631578483\971289522" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {232894d1-7982-498e-9cbb-ea2728280d96} 532 "\\.\pipe\gecko-crash-server-pipe.532" 1708 1a758ed7758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.1.949605006\1663464334" -parentBuildID 20221007134813 -prefsHandle 2052 -prefMapHandle 2044 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91d64640-3dbb-4756-bf5c-36d0268c44e1} 532 "\\.\pipe\gecko-crash-server-pipe.532" 2088 1a7589e5358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.2.688969364\368983670" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e6ba41-42a7-4a4f-8531-df2eb34abfb6} 532 "\\.\pipe\gecko-crash-server-pipe.532" 2748 1a75cd76a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.3.1185340759\2063013082" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 26044 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a82c3b6-4ef6-4a83-8a3a-bdeb9d677244} 532 "\\.\pipe\gecko-crash-server-pipe.532" 3440 1a75dcdf458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.4.1985164750\1915936811" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {719ae32d-6a32-4575-9bc9-02fe8f8f35ab} 532 "\\.\pipe\gecko-crash-server-pipe.532" 3664 1a75de68c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.5.1987903975\1391101398" -childID 4 -isForBrowser -prefsHandle 4160 -prefMapHandle 4728 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {734c6071-a570-45dd-811d-cc9955a72038} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4760 1a74e25fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.6.739383315\2056537045" -childID 5 -isForBrowser -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6026e6f-b12c-4393-ac2f-bfaca1d998d6} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4980 1a75f1cc558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.7.376987746\1758729947" -childID 6 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac52ff4-5ff4-4c82-af2e-7f28ed26afcc} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4780 1a75f3fcf58 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsUpdater\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\WindowsUpdater\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\WindowsUpdater\Updater.exe
"Updater.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "source_prepared.exe"
C:\Users\Admin\WindowsUpdater\Updater.exe
"Updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsUpdater\""
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.8.132543519\1870066989" -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea57452-913b-402a-855a-b97be2f6a101} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4524 1a761353258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.9.412385652\957477921" -childID 8 -isForBrowser -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7262b05-8084-483f-bfa1-b4e147bc220e} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4792 1a760e48558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.10.613643841\785191185" -childID 9 -isForBrowser -prefsHandle 4868 -prefMapHandle 4792 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47da142c-4758-4619-b4ed-52c3c8d6f8e4} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6104 1a763a0cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.11.1400357633\1028254737" -childID 10 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d8bf4d-7d64-440f-b03f-100c3148f272} 532 "\\.\pipe\gecko-crash-server-pipe.532" 5060 1a763d6b458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.12.1169420161\647524067" -parentBuildID 20221007134813 -prefsHandle 6264 -prefMapHandle 6164 -prefsLen 27486 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90841446-c1e2-44fa-8add-7598a4523d8a} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6268 1a764781358 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.13.921978612\1774444802" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6224 -prefMapHandle 4964 -prefsLen 27486 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5236d6-c1e2-4ce3-a9f1-257e9349f8e2} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6268 1a764780458 utility
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Program Files (x86)\Google7188_867646295\bin\updater.exe
"C:\Program Files (x86)\Google7188_867646295\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={421CC723-AA40-0822-4F00-A7279A6AD2CA}&lang=en-GB&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
C:\Program Files (x86)\Google7188_867646295\bin\updater.exe
"C:\Program Files (x86)\Google7188_867646295\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7e06cc,0x7e06d8,0x7e06e4
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\059cd941-7fbd-474f-84ef-06ee153dd974.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\059cd941-7fbd-474f-84ef-06ee153dd974.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6459e41f8,0x7ff6459e4204,0x7ff6459e4210
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6459e41f8,0x7ff6459e4204,0x7ff6459e4210
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xd4,0xd8,0xa8,0xd0,0xb0,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1620,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=1632 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1740,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2104,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3800,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4380,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4796,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4732,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:8
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Program Files (x86)\Google1296_63212074\bin\updater.exe
"C:\Program Files (x86)\Google1296_63212074\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={421CC723-AA40-0822-4F00-A7279A6AD2CA}&lang=en-GB&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
C:\Program Files (x86)\Google1296_63212074\bin\updater.exe
"C:\Program Files (x86)\Google1296_63212074\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x12506cc,0x12506d8,0x12506e4
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x264,0x268,0x26c,0x240,0xc0,0x13006cc,0x13006d8,0x13006e4
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\60b506ff-9d99-4330-86ce-cb7ab7cb696e.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\60b506ff-9d99-4330-86ce-cb7ab7cb696e.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7f27341f8,0x7ff7f2734204,0x7ff7f2734210
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7f27341f8,0x7ff7f2734204,0x7ff7f2734210
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,6725729469348459328,8253932052898616028,262144 --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1788,i,6725729469348459328,8253932052898616028,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:3
C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable
C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff67c5c41f8,0x7ff67c5c4204,0x7ff67c5c4210
C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer --flag-switches-begin --flag-switches-end
C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff67c5c41f8,0x7ff67c5c4204,0x7ff67c5c4210
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1632,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2092,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2808,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2816,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4472,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4932,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=2892,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4560,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4192,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3244,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4256,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2788,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4264,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4208,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --wake --system
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x13006cc,0x13006d8,0x13006e4
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4772,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5144,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3036,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5184,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3756,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5320,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5632,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Users\Admin\Downloads\source_prepared (1).exe
"C:\Users\Admin\Downloads\source_prepared (1).exe"
C:\Users\Admin\Downloads\source_prepared (1).exe
"C:\Users\Admin\Downloads\source_prepared (1).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\Downloads\source_prepared (1).exe
"C:\Users\Admin\Downloads\source_prepared (1).exe"
C:\Users\Admin\Downloads\source_prepared (1).exe
"C:\Users\Admin\Downloads\source_prepared (1).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 139.54.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:51164 | tcp | |
| N/A | 127.0.0.1:51213 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 100.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:53911 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1---sn-4g5ednds.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | 198.162.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.201.174:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.201.174:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | www.gofile.io | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.gofile.io | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| US | 8.8.8.8:53 | tools.l.google.com | udp |
| US | 8.8.8.8:53 | tools.l.google.com | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| FR | 142.250.178.130:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| FR | 142.250.178.130:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.178.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.201.174:443 | consent.google.com | tcp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gofile.io | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.gofile.io | udp |
| US | 8.8.8.8:53 | www.gofile.io | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| FR | 142.250.75.238:443 | google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| HU | 142.250.180.227:443 | beacons2.gvt2.com | tcp |
| HU | 142.250.180.227:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.180.250.142.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 142.250.178.138:443 | content-autofill.googleapis.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| US | 136.175.10.233:443 | store3.gofile.io | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| HU | 142.250.180.227:443 | beacons2.gvt2.com | udp |
| FR | 142.250.75.238:443 | google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI48162\ucrtbase.dll
| MD5 | a6b4fba258d519da313f7be057435ee4 |
| SHA1 | 0bf414057d0749e9db4da7683eb6d11be174cdd5 |
| SHA256 | aa092722797b9a74e9463516e6c63d4d3c904ac263f4a4ea421b0d4d4875f606 |
| SHA512 | 34f3d006a9bb7835e9d82465874e059a328c8d69abd61c79d6a85a7702df582dabc93126918a0514356fda2810c77acc1d6070ad4418921bd9e8efe34697e4a1 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\python310.dll
| MD5 | fc7bd515b12e537a39dc93a09b3eaad6 |
| SHA1 | 96f5d4b0967372553cb106539c5566bc184f6167 |
| SHA256 | 461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164 |
| SHA512 | a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/2184-1308-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\base_library.zip
| MD5 | ec4cfaea9dd1cc036dd660fe1ec9f43d |
| SHA1 | e7c9c330b8eb231e83c702467e2e9af18e8baa06 |
| SHA256 | cc116525aa92dd218606da9c4efc6bfed5725d805182fbbec22ead527720f1b7 |
| SHA512 | 092200f1b8eb205ca857bcf5fb5d605c9b9266966846cb94e2732030a6b6819dcb77ba5033311bf8f0ff1242ea460965efe15f8a68a648bcc7f12af9105a0f9f |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\python3.DLL
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_ctypes.pyd
| MD5 | 4b90108fabdd64577a84313c765a2946 |
| SHA1 | 245f4628683a3e18bb6f0d1c88aa26fb959ed258 |
| SHA256 | e1b634628839a45ab08913463e07b6b6b7fd502396d768f43b21da2875b506a1 |
| SHA512 | 91fa069d7cf61c57faad6355f6fd46d702576c4342460dadcedfdcbc07cd9d84486734f0561fa5e1e01668b384c3c07dd779b332f77d0bb6fbdbb8c0cb5091bc |
memory/2184-1316-0x00007FFCA6480000-0x00007FFCA64A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libffi-7.dll
| MD5 | d50ebf567149ead9d88933561cb87d09 |
| SHA1 | 171df40e4187ebbfdf9aa1d76a33f769fb8a35ed |
| SHA256 | 6aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af |
| SHA512 | 7bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de |
memory/2184-1318-0x00007FFCA7090000-0x00007FFCA709F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_bz2.pyd
| MD5 | 6250a28b9d0bfefc1254bd78ece7ae9f |
| SHA1 | 4b07c8e18d23c8ae9d92d7b8d39ae20bc447aecd |
| SHA256 | 7d43f7105aa4f856239235c67f61044493ee6f95ddf04533189bf5ea98073f0b |
| SHA512 | 6d0aa5c3f8f5b268b94341dfdd5afbe48f91f9aac143bf59f7f5e8ba6f54205b85ec527c53498ed8860fdff6a8d08e48ec4e1652eeab2d3c89aaaf3a14fcaaa7 |
memory/2184-1324-0x00007FFCA6430000-0x00007FFCA645D000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI48162\_lzma.pyd
| MD5 | 8edbeeccb6f3dbb09389d99d45db5542 |
| SHA1 | f7e7af2851a5bf22de79a24fe594b5c0435fca8a |
| SHA256 | 90701973be6b23703e495f6a145bae251a7bb066d3c5f398ec42694fd06a069f |
| SHA512 | 2a8bf60f2280b9a947578bd7fd49c3ace8e010a3d4b38e370edb511ea0e125df688bbac369d6a3cec9d285a1fa2ad2dac18a0ef30fda46e49a9440418581e501 |
memory/2184-1321-0x00007FFCA6460000-0x00007FFCA6479000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
memory/2184-1371-0x00007FFCA6410000-0x00007FFCA6424000-memory.dmp
memory/2184-1372-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libcrypto-1_1.dll
| MD5 | 86cfc84f8407ab1be6cc64a9702882ef |
| SHA1 | 86f3c502ed64df2a5e10b085103c2ffc9e3a4130 |
| SHA256 | 11b89cc5531b2a6b89fbbb406ebe8fb01f0bf789e672131b0354e10f9e091307 |
| SHA512 | b33f59497127cb1b4c1781693380576187c562563a9e367ce8abc14c97c51053a28af559cdd8bd66181012083e562c8a8771e3d46adeba269a848153a8e9173c |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\crypto_clipper.json
| MD5 | 8bff94a9573315a9d1820d9bb710d97f |
| SHA1 | e69a43d343794524b771d0a07fd4cb263e5464d5 |
| SHA256 | 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7 |
| SHA512 | d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | dd274d651970197e27feab08ce4b028d |
| SHA1 | 6664642754c808c3f90a07bdac130667640292ff |
| SHA256 | 9613e7e0e7abbb4fef8cfb509992382de6b42bf77c13d332f0c63cf607657645 |
| SHA512 | 2e44a4cc4c270879f1fe2f0196273ce8b5ec501a3be367fccf0d2e314aa92ca5b61b38394970a82f3af1c7507d988b23a4888a572fa26fd5d1a41f6b864b3987 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 7c33d39026d00829b6471b6553d58585 |
| SHA1 | d4540ce9ed17ac5d00fc88bdbfd9db024fc2aa27 |
| SHA256 | 51c921caa246c20435d4ad5b0785dcb71879aa075ce7c2edf26a13f834e49f35 |
| SHA512 | 76429a39f3a8e6e47a34bfe3cc1ae2e73386a81c06b851342d09de573c039ca136a78cd5575ac7ffb12ea3454bc33075fb8679e33edd9507bf6ffcefc7aa13e0 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 3635ebce411c68d4a19345c2770392a2 |
| SHA1 | 916f6a4991b8478be93036e6301700685bc91234 |
| SHA256 | eb137321cbaed6ac69d598d0f7292a742b341597abf8b450ef540856916f7233 |
| SHA512 | fec461681a4e827adc2797e09d86a80711fecc95bca64f11519a9af822bd972ff8cd63aea50aa68a3aa23eab4ef5d0c8591f0e8926f802e0cd665607d0659b1e |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | f00c8e79700909c80a951b900cfae3b7 |
| SHA1 | 9d41dadb0fba7ea16af40799991225c8f548aeea |
| SHA256 | 8a3d1982788c532604dbfa17171d71f8ad85880179e0a3e08c92dcf6536e5ed1 |
| SHA512 | 033696e294e251cbbf6c8af6774141a1bf51f2056385610d310676e35f1849588f8280128ad090d94015adbc448136ab58486d554ac177e48598065cf64d6c59 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 5fc379b333e9d064513fd842ba6b01a4 |
| SHA1 | 15196ba491dc9b0701b94323017a8ad9a466b6f4 |
| SHA256 | d16db9232ec6d06603e049ba8881cd15f1636c2a83c4e91a9f9abd8624b321e4 |
| SHA512 | 70a2604cb3e9a4d9a167d0080b2ed7081cad6217fa8569223bca720624fea9cec68604712ac24ab301cddc6d71c01b5b1c581f67ac5e43a1826726471344302f |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 86b8122f87c75cc3dbb3845b16030c64 |
| SHA1 | ae65379a9a2312fc7eb58768860b75d0e83b0cc4 |
| SHA256 | c4d65f157ffd21f673ee6096952a0576b9d151b803199c3f930b82119c148f62 |
| SHA512 | e53a00b8788a865351898f316c307fe18ad2e2dca687b32d7a7f88b816918206e68fb90e4a87eb8cdab76183c975b70398eaba3bad049712eac519bcb2eb14fd |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 3e07d85a5ced75f3fc2ec2d48fd45563 |
| SHA1 | c2594cbbd44a3b3542cab3e94239411b0bb6c233 |
| SHA256 | 42921284fcff8f84543c4da8d7883e968324364541e008b57a10ce8781a4ccec |
| SHA512 | df20e6f1f1ae1d72741a084ff1860b5db8e2535d01e46f5f8436dd3ec20249573ae52ea5f8990e4fa3f7f6d0fcd93ccae7bfa202628bd65dec34338fdb02b601 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 638cdba65a9151ec58fb1a9ecfb8717d |
| SHA1 | 9d7337e84ca1748006603051e06b96796577826d |
| SHA256 | e07229a0a25588694e8dc6c8827c37649701972695ae36322381c4f1e43dffcc |
| SHA512 | f64cbda5387be7041ee05613a32818cbc5347e2c845d58e18ef39b12811ba015193b7c28481e7c86dd08e28dd6b01e8c87a16f66dabdacf30f7108381986a57e |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 9c6c9fe11c6b86bf31b1828331fbc90e |
| SHA1 | fe18fe7e593e578fadb826df7b8e66aa80848963 |
| SHA256 | 3308d7121df05de062333b772d91229ae13f626c5aad4255c025cbe5694bc1d8 |
| SHA512 | 3d84434ce23038b713378a6e02d5f58b5e501bf2b4c3ffdb645a1600f386795b24931ad8dc1edc7dc0b00a69fd99f30567da32cb4c396c3800e29451fda1804c |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 1ce8dc500f8d647e45c5277186022b7a |
| SHA1 | ab146c73f9294c7193a2973f2ed3cc9fcf641630 |
| SHA256 | 396473df7b8645421a1e78358f4e5eefd90c3c64d1472b3bf90765a70847d5eb |
| SHA512 | 32b049156e820d8020325123f2e11c123b70573332e494834a2d648f89bca228d94b4ca5acf91dfdfcdd8444be37877c25881c972122dafb19fc43e5c39d1d04 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fc617cea3a386409177b559099f22557 |
| SHA1 | d5291dbcb7a2458b34c8af9d539df4276a1d99ae |
| SHA256 | 9f6f171a5c1b0b7947fec31937d8b30789ae4fede08e78f6db2227f0fc22eb73 |
| SHA512 | bc3318c0382007895194397c1680cc308916d9ad1450d9e09e8e71f48772dcc890f4189da8c1ac498a75a9e6ac6a0a557f9812394aa4442e195e8039249543c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 712c104617ef0b2adcf6aa3a0117d7df |
| SHA1 | 14a158be1051a01637a5320b561bec004f672fe5 |
| SHA256 | 8289c5306b1dd857e97275611864089986600439cac79babb2466fbc08254cb4 |
| SHA512 | 62a7a0c5460859880f20ca8a80c5f0cc3f7fcbc00b51d1138e6e44dd988c4fdb5eab59eecc9bf74d1ecaccddb5dc0b35e0be709d8e2599a835aff157ef631ace |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | eaf1266b1b58d3228d9c8c6c51e61970 |
| SHA1 | 28742ae8c761883ae391b72e6f78d65ce9fda5af |
| SHA256 | b1e76699a66f81013ca416fb4d52499b060a00c0d30ff108243a42af2c528ac1 |
| SHA512 | 5c73dc91be717164f2d519286c8cc46148204b5554bbf7f61e017f95eb1281bd2e906cf00564d1ae2bf68257ef28c069a4434d65c45e0ba5dc649068bdd31cfb |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | d8ad7429849045db1da31d30b545c6a0 |
| SHA1 | 2d13798b365d06c085ea966d84cd3f127d1c7bc8 |
| SHA256 | a864aad44892a4735aef3ff76f594715291b74e8ab15fa3857f1d6168d4b7e3a |
| SHA512 | 522f7cef3b9bb32814fe35bdef8bf0a816a1db8f427d30039429ce3ba666ddfb8459a777f5dd796bfb816d8f454c5f9aff8cb015b66c87808aa5cd301fc995b0 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 018f9ce13d833d7830ee2d02239c1161 |
| SHA1 | 4a544dc22706b999ceeb9477f027068630281075 |
| SHA256 | 451e761abe2b6031574d02bd7b70a609c62d12757b9c2eebbcd815e66e5f2a4f |
| SHA512 | 7574f777508761e64a68cb19a56703987891d94c30622e9599fa132c72e687d55ce7f2822d2d6722132b80dc34dbed995d085573eddca8705cbd989605caa811 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-util-l1-1-0.dll
| MD5 | 5c938aa1d32aada7336717a3bfe2cbad |
| SHA1 | 50ab7b54cfeefa470ea8d31d14cb18673c1e97a7 |
| SHA256 | edc5f6bb8cd3e74c0b065ebef81f6ea22050c585ffabfac93fa5594b22282b26 |
| SHA512 | ec01969aa1b4d62198765b670f1bb59aa42142f9a8ace1302e0fe49a43651ce96953babe44772d49040863f96fdfcc578fff1320f797351077209b9badc100ec |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | dd86613bbc3da5e41d8bd30803d87c1f |
| SHA1 | 35690b9b0fe48f045568e25221694be041f56d4f |
| SHA256 | 2312923d7e07c1f58f457ac434b89c01ce675ff42d74bb279326d6c573f675ed |
| SHA512 | 6d4a29c99e819368389a9347a719e78125dfbc3166af85425db81f38833b57ba28251472dd42db974876bcf8bc73465d638678b06e3482ceb36c19b943f41ca4 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 72ddeb5483ebf2b74bdf226fd907dfa4 |
| SHA1 | dcfabbeab02e3b2a6658afb422c5526b0588dd4e |
| SHA256 | 3c86ac8dd9c84d94e205f3a3751521ec88a4653b3f42a9fd8c724adabaacb316 |
| SHA512 | 507d63174a38d70aecefb8117f21823040fe363949d0f1bf1253934debe7e0e775615efc8ac149022a074bb6e01314dfb62df550e04ea7b6e6241b7891f5717a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a5c5e0015b39d058dd3ba707ddb2797d |
| SHA1 | 075d66ab5660b22b48129f7bcde7eaf24e6c3e65 |
| SHA256 | 7eb43d2339d07858f4c95ea648234d44722e86262f1971ef5fa4995a1ca2e642 |
| SHA512 | 86c0541e82c622a7d8ab74499d1ad56e76f270dc6bcf7d94cae3a7451b94c030bab172ad04b4f7b489d7f0649def9eea2512f8361d94ac4afa0fde3527656020 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-synch-l1-1-0.dll
| MD5 | dccb8e4632e84e12fdced9489e8db62f |
| SHA1 | 17d50eecc039c225965bcea198f83cca408ba5e0 |
| SHA256 | 7e7fe561d2733b373cf74cb017a30c753c95ed312d3881bfee33e70ebec3abc1 |
| SHA512 | 3661593b912d7b9c9b7b65d8465c492091ca036d634882e4db7dd7ea5e3500edde5997c13ba9d1a6d2695b9ae89eec505f304ad9759c0f73bd717fa9969e4a11 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-string-l1-1-0.dll
| MD5 | 5f6e50a3235783de647ccbd5d20f1ce7 |
| SHA1 | c5af12af034df61e293f3262fbc31ee24c9df02e |
| SHA256 | e54b9dfdda851d3e1afecdf9f88fc30bffc658a533f5dff362ea915dfa193c58 |
| SHA512 | ec9dafbf04606eaf641fb376a12e9e2415c83b7a6a2d348d1f54f8968204cac4b41620da96a6161a651ba782a4204eb7ab9e9540456b45f9445f7e104efbb84c |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 1645c51ed436440b51ec2ab21596a953 |
| SHA1 | 001bef9899617f0b961cc645ed85c30a0606f6bf |
| SHA256 | eb6ead70e58b3d7bd40528a3944ce6389f3140622b1e264e216ee22aefc26689 |
| SHA512 | b50a134f1cc52e6395d702ac25e87de490ac4aa07300a785afbc066dfdd1b28acb112003b1725033075fc97d9ed9878bcdb0f3348795821dca2492f625390d8d |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-profile-l1-1-0.dll
| MD5 | bc5385bc13db467fa89b1ac8ba7fb486 |
| SHA1 | b44bd2eaa8fb086399125c0349a3e2102fc16154 |
| SHA256 | ffd90534607f02b049244fc4acdb8537c4d8a5c87a7d4e3fa0f3b82dad10bb66 |
| SHA512 | 6653c716e1abd56136bce0252ab928b29c0f316973009c357fb458b414a6e652e4c9e74b0b3ca3c4b534c0186a20f2e4f97a8b1e1bba4883b91b21127c6f1e30 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 0f99a725b93375f0ba8795e67e5a4fdf |
| SHA1 | 9825f0ec9cc4ba99471f4587d4bf97f7083d5f93 |
| SHA256 | be77a15dcaf73a7c1be6c62f57e79ef7bbc305e1b7753a4345ba1d88851dba08 |
| SHA512 | f95b6472b78f2bea732c6cc4933c83da7cbbf3eec67544b9faf86c6d6183c23e47afadb23e78420ed2dcec7ddde819e0fcb14345614c5acb3d959fca7c5a7468 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 9d0f94055e51b559e47bc7124e8a9b54 |
| SHA1 | 47d1fa7c3de9ca19e7dad7adee04ab5fb2dcb33c |
| SHA256 | 248e4c840c00327ed84edb13a75f826d0cbd412a288dab6bfa386476589053b3 |
| SHA512 | 5e53c1ff3c2dde843507e00be0b66521c3d225d3fb405e8d52928706b2711ae189cf7488eb8b9e0fcd5419f93c0710c488e78ba0680ef47268817204a824827d |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 2a183a87968681d137d86be383c3f68c |
| SHA1 | 6d70085fc5f07d7f13ccd6591ac3c1179d4a2617 |
| SHA256 | 5f6905a9b252c955c217a9d3ccfdd390ace9a2b5d0977447efb3a1ec643684db |
| SHA512 | b2691eb6819785c535eab0798ff1442cbd5f485a9a2182c9a97fd6675a076783fb208979b463cb106ba15cdfb60d68dc0a7889aa6eb8bf5bd746015583e68362 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 301c2db0287d25844f0ed8119748f055 |
| SHA1 | 5eaeff224c0f1dd5e801ea4fe5698233010d38b9 |
| SHA256 | 44aeff16fcc3fa571e490b277c98dfa6352bc633de1ced8ab454a629655a8295 |
| SHA512 | 3abb2fdddde2d08f38a0e22d3d61dfbf0990d7834ce80a55fb5c6fa68ae523bafab8ee7067c087a802f52fe8f506fe04d6b5b77d3b584cd519741524453c6f81 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-memory-l1-1-0.dll
| MD5 | c3fbc0bd499263dbc6761e7e34ca6e3d |
| SHA1 | c6f6fc8f3d34b73d978090973fac912f5171a8cd |
| SHA256 | ea438ac5926d5eb96999440dc890b24974926230c2a4b788c71ac765bdabd72d |
| SHA512 | 656da6d4a9717401ca8e31f5b62352c50a03f9e149cda2268295133c631600f6418758645f0f81fa596ddb3a9927b0759291ae64c9d330026a00b4cc3f6d1ab6 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 09fed91680050e3149c29cf068bc10e5 |
| SHA1 | e9933b81c1d7b717f230ea98bb6bafbc1761ec4a |
| SHA256 | 3c5900c9e7fbada56e86d8973a582771dde6bff79ca80ae05920a33a2cc435df |
| SHA512 | e514590385561731f2ad18afd6bcefac012ea8061a40b6ccfda4e45ff5768617b2e1b06e849e8a640a10ca59039e89ba88cac5d3b7ff088968eb4bc78e212d3a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | cc56472bc6e4f1326a5128879ffe13cc |
| SHA1 | 636a4b3a13f1afff9e4eda1d2e6458e2b99221a7 |
| SHA256 | b4cf594dabb6c5255755a0b26a2ff5a2ac471818580f340f0432dbb758b34185 |
| SHA512 | baa0a6d83245f438548e2c546f89d2fb367d3492bec526324a9efb96accfa67602bc401211fc4574cb71377aaebee2ee9b13b562fcd3cf56fc983ae7faa12613 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 2a3d1be9d329d76a89679f8cb461429f |
| SHA1 | 37716d8bdb2cfa84bedaad804979874ef50b6330 |
| SHA256 | 21c91b58166c8066d5c85c97da82b496b45fa9ed3a1d6b76db85aa695a7cd772 |
| SHA512 | 46230a42e282534fa4898bfc4271e5098856e446c505475e5226a4e5d95685ddc5fc029c20ba7129cb76ac5fb05ea0a449a092a4b546a00c060db0efb737958f |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 51de1d1929921f8465fb92e884d675e0 |
| SHA1 | 977e991fcf396f606ec06260d52e2d6ab39287cc |
| SHA256 | ad09fbff3441c744c6a3c0acec7b0269f764ea7da6aa467911e812f042c6af15 |
| SHA512 | 6c2efb80d1863e6a991fcd385f3276ec4f20215a99c1ce73947adc15c073d58405faebc229f29c4befba544438b8a9f38e5e2816ab708e3cfeee0d08327237d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-handle-l1-1-0.dll
| MD5 | d0f562394866e238d2df761bc4cce7be |
| SHA1 | 613c83d4efbc8306d2f776535fd60660e7f3b457 |
| SHA256 | 6af859139a2873c8c7b681174ef620b13f71f3e879b39edaee66b20ae018ae4f |
| SHA512 | 7a2be6fe33b1fee83ec4072fe9e8ab36545d64fe2211a957d47516d8e71f9ddc6dc13b1aa3db0a3d9cb34c0eab023149a427172999c069b91cad4753eca42085 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l2-1-0.dll
| MD5 | e1d37d21f7875483ae0d187032d5714c |
| SHA1 | 51a945a9e6ccf994781a028cd07ab8ee820f542c |
| SHA256 | 1076a19f2a42a35c8639fb1ce1666d046e0fd259142f7e645e350211d9d6390f |
| SHA512 | 77973d6e5e6ad68b304f50184a95be9d4993338f4f69e07c11275951b2fcfdc02c061182d1a7a394dc18fe77d6d021dd9e8e17cdfbbb8d0c77752c6df1979011 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l1-2-0.dll
| MD5 | b38d5b15f77e6cd93763c76ff1bc79ee |
| SHA1 | cadffe8a06835a7c1aa136a5515302d80d8e7419 |
| SHA256 | aa9e41933f1cf1c3bcc3b65771297b0ef088fac153c7997c0d48e7882714d05f |
| SHA512 | 46eaeb419654efd999146b9cd55ece42939e071f089ccb4698a09f4bb6b881106a3e342901439f867f609c1147ef151832b2919d2a33726643a6e5c4086a5f3a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l1-1-0.dll
| MD5 | 1f22501f6bd7ebed5f96cfd0a5390d7f |
| SHA1 | 092eca4840f9de5e99f01290cc167cc2c07b0fc7 |
| SHA256 | 198dd97c0edc412500e890400ea8d2890a6155766b85278e6e7602366d70a479 |
| SHA512 | a7a998dc379a0505827e1362eb409f1421dae65987387a78901255f1683f69f56a2d28c077f90eded1c9ed19e4c84564ddabeca284a8cc08275619250a9d5da4 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | 49ca161ffc4094bd643adb65a03f6108 |
| SHA1 | 0bc09cde835fbcf1e1056ad2ddc284f65a3c8b57 |
| SHA256 | d04306791507e0284b46b64b69c34ca9c238e270c039caeb0e96cf13b3b2cae2 |
| SHA512 | 0a94f7c308b02feb72e3323e876702587b7dc56d7f786c3bffef2a6325144c59581a2b48fabc064e73e1d058d6b1f64061bddbd55970a330c7c658a24a81863d |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 95305ac137745d11c5805d162f3da695 |
| SHA1 | b80f1683a450834d14455dceffd10048ef0606f4 |
| SHA256 | 35c5aaf1092e406db5cae36cb5a571b82936bfd333d84ccf672f7d8e72a86387 |
| SHA512 | fdbaef161e7d4cf4b905bda7a11a4b9033952d5a94c6bce8322732b16d9dca11634a54f28e1591da88a643fae635fa9c41c4e94bcca83f9ba7cf23730c119c2f |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 451e40fad4a529da75abccdc9723a9a8 |
| SHA1 | e3ef32218a63c91b27ca2a24bc6ea8410677562c |
| SHA256 | c55da85bc6a3c1fca3eab4c0fdb918d35b466b3aa86d2c28233d117bde3d36c5 |
| SHA512 | 50135031cf10ce011a9595688bbb7b193611d253cc6586e9337321b61de8fef5f9cabb3a217113c6e71013ba40b6f7854640dff8749f4f8a0068be4e85a1908e |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 51a1bef712620a98219f7a1308523665 |
| SHA1 | 30f6834d7a30af8c13c993f7ca9eda2f9c92a535 |
| SHA256 | 12ab9012176def0e9ed6c19847a0dbb446b6a2575f534b0f1d9c3e1e2a6fcf72 |
| SHA512 | bcb36b2435536a92a4e7c3bd8c929796ddb317c728ca87ae1e641b093fe2f69fd7671b33d8526c165b598c8b79f78367ed93e3f08fcd6b9f9285caf867049dcd |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-console-l1-1-0.dll
| MD5 | 4db53fe4fa460e376722d1ef935c3420 |
| SHA1 | b17f050e749ca5b896a1bdafd54c6cd88d02ec5b |
| SHA256 | 041d2a89986d9ea14ce9b47083fd641e75bc34ee83b1f9b9e0070d0fa02fb4c6 |
| SHA512 | 091d49696cfad5aa9e60eda148a09e4c1bfd84713eb56a06bb2c052b28e2e8cafa8d0a61a01d39a49e93444afaa85439f29360c52af7c3a0e3b53db1613c0b8d |
memory/2184-1374-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp
memory/2184-1373-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp
memory/2184-1377-0x00007FFCA34B0000-0x00007FFCA3568000-memory.dmp
memory/2184-1376-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp
memory/2184-1375-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp
memory/2184-1380-0x00007FFCA3AF0000-0x00007FFCA3AFB000-memory.dmp
memory/2184-1379-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp
memory/2184-1378-0x00007FFCA6480000-0x00007FFCA64A4000-memory.dmp
memory/2184-1382-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp
memory/2184-1384-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp
memory/2184-1383-0x00007FFCA6430000-0x00007FFCA645D000-memory.dmp
memory/2184-1381-0x00007FFCA6460000-0x00007FFCA6479000-memory.dmp
memory/2184-1385-0x00007FFCA6410000-0x00007FFCA6424000-memory.dmp
memory/2184-1405-0x00007FFCA1690000-0x00007FFCA169C000-memory.dmp
memory/2184-1411-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp
memory/2184-1410-0x00007FFCA34B0000-0x00007FFCA3568000-memory.dmp
memory/2184-1409-0x00007FFCA15A0000-0x00007FFCA15B4000-memory.dmp
memory/2184-1412-0x00007FFCA1090000-0x00007FFCA10A7000-memory.dmp
memory/2184-1414-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp
memory/2184-1413-0x00007FFCA1070000-0x00007FFCA1089000-memory.dmp
memory/2184-1420-0x00007FFCA0D40000-0x00007FFCA0D5E000-memory.dmp
memory/2184-1419-0x00007FFCA1590000-0x00007FFCA159A000-memory.dmp
memory/2184-1421-0x00007FFC92460000-0x00007FFC924BD000-memory.dmp
memory/2184-1418-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp
memory/2184-1417-0x00007FFCA0FD0000-0x00007FFCA0FE1000-memory.dmp
memory/2184-1416-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp
memory/2184-1415-0x00007FFCA0FF0000-0x00007FFCA103D000-memory.dmp
memory/2184-1408-0x00007FFCA15C0000-0x00007FFCA15D0000-memory.dmp
memory/2184-1407-0x00007FFCA15D0000-0x00007FFCA15E5000-memory.dmp
memory/2184-1406-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp
memory/2184-1404-0x00007FFCA1610000-0x00007FFCA161C000-memory.dmp
memory/2184-1403-0x00007FFCA1620000-0x00007FFCA1632000-memory.dmp
memory/2184-1402-0x00007FFCA1640000-0x00007FFCA164D000-memory.dmp
memory/2184-1401-0x00007FFCA1650000-0x00007FFCA165C000-memory.dmp
memory/2184-1400-0x00007FFCA1660000-0x00007FFCA166C000-memory.dmp
memory/2184-1399-0x00007FFCA1670000-0x00007FFCA167B000-memory.dmp
memory/2184-1398-0x00007FFCA1680000-0x00007FFCA168B000-memory.dmp
memory/2184-1397-0x00007FFCA16A0000-0x00007FFCA16AE000-memory.dmp
memory/2184-1396-0x00007FFCA16C0000-0x00007FFCA16CC000-memory.dmp
memory/2184-1395-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp
memory/2184-1394-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp
memory/2184-1393-0x00007FFCA16B0000-0x00007FFCA16BC000-memory.dmp
memory/2184-1392-0x00007FFCA1700000-0x00007FFCA170B000-memory.dmp
memory/2184-1391-0x00007FFCA1710000-0x00007FFCA171C000-memory.dmp
memory/2184-1390-0x00007FFCA1720000-0x00007FFCA172B000-memory.dmp
memory/2184-1389-0x00007FFCA1730000-0x00007FFCA173C000-memory.dmp
memory/2184-1388-0x00007FFCA3370000-0x00007FFCA337B000-memory.dmp
memory/2184-1387-0x00007FFCA3380000-0x00007FFCA338B000-memory.dmp
memory/2184-1426-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp
memory/2184-1427-0x00007FFCA3610000-0x00007FFCA3628000-memory.dmp
memory/2184-1425-0x00007FFC922E0000-0x00007FFC92451000-memory.dmp
memory/2184-1424-0x00007FFCA3630000-0x00007FFCA364F000-memory.dmp
memory/2184-1423-0x00007FFCA3650000-0x00007FFCA367E000-memory.dmp
memory/2184-1422-0x00007FFCA3680000-0x00007FFCA36A9000-memory.dmp
memory/2184-1433-0x00007FFCA3AA0000-0x00007FFCA3AAB000-memory.dmp
memory/2184-1438-0x00007FFCA04D0000-0x00007FFCA04DC000-memory.dmp
memory/2184-1439-0x00007FFCA04C0000-0x00007FFCA04CB000-memory.dmp
memory/2184-1437-0x00007FFCA0FF0000-0x00007FFCA103D000-memory.dmp
memory/2184-1436-0x00007FFCA0D20000-0x00007FFCA0D2B000-memory.dmp
memory/2184-1435-0x00007FFCA0D30000-0x00007FFCA0D3C000-memory.dmp
memory/2184-1447-0x00007FFC92260000-0x00007FFC9226C000-memory.dmp
memory/2184-1452-0x00007FFC92220000-0x00007FFC9222C000-memory.dmp
memory/2184-1451-0x00007FFC922E0000-0x00007FFC92451000-memory.dmp
memory/2184-1450-0x00007FFCA3630000-0x00007FFCA364F000-memory.dmp
memory/2184-1453-0x00007FFC92080000-0x00007FFC920B4000-memory.dmp
memory/2184-1455-0x00007FFC91FC0000-0x00007FFC9207C000-memory.dmp
memory/2184-1454-0x00007FFCA3610000-0x00007FFCA3628000-memory.dmp
memory/2184-1449-0x00007FFC92230000-0x00007FFC92242000-memory.dmp
memory/2184-1448-0x00007FFC92250000-0x00007FFC9225D000-memory.dmp
memory/2184-1446-0x00007FFC92270000-0x00007FFC9227C000-memory.dmp
memory/2184-1445-0x00007FFC92280000-0x00007FFC9228B000-memory.dmp
memory/2184-1444-0x00007FFC92290000-0x00007FFC9229B000-memory.dmp
memory/2184-1443-0x00007FFC922A0000-0x00007FFC922AC000-memory.dmp
memory/2184-1442-0x00007FFC922B0000-0x00007FFC922BE000-memory.dmp
memory/2184-1441-0x00007FFC922C0000-0x00007FFC922CC000-memory.dmp
memory/2184-1440-0x00007FFC922D0000-0x00007FFC922DC000-memory.dmp
memory/2184-1434-0x00007FFCA0FC0000-0x00007FFCA0FCB000-memory.dmp
memory/2184-1456-0x00007FFC91A00000-0x00007FFC91A2B000-memory.dmp
memory/2184-1432-0x00007FFCA1090000-0x00007FFCA10A7000-memory.dmp
memory/2184-1386-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp
memory/2184-1459-0x00007FFC91720000-0x00007FFC919FF000-memory.dmp
memory/2184-1464-0x00007FFC8F620000-0x00007FFC91713000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ce298636a1ed9482478e2dd1977048eb |
| SHA1 | e8d8236758dee75f25804a51eb9e9f230fc57e9a |
| SHA256 | 59aba11b7bc3a3e076407c18631ec3f00999718d15ced4a04d1e50d2522da71c |
| SHA512 | 181652002668b66f21ee22cbe88e0592717852f155059a7fcfc09ebed1592eeb45f7beae7ca77a0653769407c1a5604979678d6c516b3b108838d87481d0a5a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\43a92ffb-e5a1-4dd2-b7fc-b60beace04ba
| MD5 | 819625ecaab8da2ae0ac442e3a524d33 |
| SHA1 | cafb0bc028bb26ae58dd7bf4300c8b17f0c2db28 |
| SHA256 | 16b30ce288576af8f331591a8a7195bed76fde003171439a29d990c9d68b2b94 |
| SHA512 | 93f5bb4fd6cd0a4209db0079b6ed2e9da582fad9439051c8ad1b990c1b68b98345661b6c134a74a6d55111343a2b661d71ec885c790ba1b82f686e9de17f5517 |
memory/2184-1514-0x00007FFC8F500000-0x00007FFC8F521000-memory.dmp
memory/2184-1513-0x00007FFC8F530000-0x00007FFC8F547000-memory.dmp
memory/2184-1515-0x00007FFC8F4D0000-0x00007FFC8F4F2000-memory.dmp
memory/2184-1521-0x00007FFC8F400000-0x00007FFC8F430000-memory.dmp
memory/2184-1520-0x00007FFC8F3C0000-0x00007FFC8F3F3000-memory.dmp
memory/2184-1519-0x00007FFC8F430000-0x00007FFC8F4CC000-memory.dmp
memory/2184-1524-0x00007FFC8F370000-0x00007FFC8F3B8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3018d1aad8385b734068dbad441e344e |
| SHA1 | 2a3925bc92ec843db64b6db2cd6fe18ccf084a86 |
| SHA256 | f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88 |
| SHA512 | 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
| MD5 | 8d2e23c82427bf89b17d23f422c41c7a |
| SHA1 | 10a90fd488fb55f2ad01d6b7ba35a2e14c20da4e |
| SHA256 | 45e79abb6939f306d9af74ef2d3306280d28ea9dfb5534a8980f03b37e4dcdda |
| SHA512 | edb821a67afcbc3307957fd502c760cc88f44024bbb1605d056b9ef6a4102814bea462272ce05bc8933453ded197c912e80cc320bc7bf833b58a611436c84442 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1erokq1u.iwl.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2184-1664-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp
memory/2184-1659-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp
memory/2184-1663-0x00007FFCA15A0000-0x00007FFCA15B4000-memory.dmp
memory/2184-1662-0x00007FFCA15C0000-0x00007FFCA15D0000-memory.dmp
memory/2184-1661-0x00007FFCA15D0000-0x00007FFCA15E5000-memory.dmp
memory/2184-1660-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp
memory/2184-1651-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp
memory/2184-1658-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp
memory/2184-1657-0x00007FFCA3AF0000-0x00007FFCA3AFB000-memory.dmp
memory/2184-1656-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp
memory/2184-1654-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp
memory/2184-1653-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp
memory/2184-1652-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp
memory/2184-1645-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI47322\cryptography-43.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/6976-4189-0x00007FFCA1080000-0x00007FFCA1094000-memory.dmp
memory/6976-4158-0x00007FFCA6330000-0x00007FFCA635D000-memory.dmp
memory/6976-4190-0x00007FFCA1010000-0x00007FFCA1032000-memory.dmp
memory/6976-4188-0x00007FFCA10A0000-0x00007FFCA10B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e4aa8cf7d48027f7d6bd280707c8a4dc |
| SHA1 | 0c357eff0042d1879b5fd9196f8f1b338f78c6aa |
| SHA256 | e5b493556f1efb3d66e39f9a5c7b896d2f5285bfa7eb70fe41714a7728813540 |
| SHA512 | 0e1ff0566427ff19c5eebacdbbc29f2ff9d1be3b95469672c89bdeef4f0b01ba9561824b952b9a81f84c85a42db5b80769ddfb716222ff9a58b23736729bf227 |
memory/6976-4187-0x00007FFCA1480000-0x00007FFCA1495000-memory.dmp
memory/6976-4186-0x00007FFCA14A0000-0x00007FFCA14AC000-memory.dmp
memory/6976-4185-0x00007FFCA1590000-0x00007FFCA15A2000-memory.dmp
memory/6976-4184-0x00007FFCA15B0000-0x00007FFCA15BD000-memory.dmp
memory/6976-4183-0x00007FFCA15C0000-0x00007FFCA15CC000-memory.dmp
memory/6976-4182-0x00007FFCA15D0000-0x00007FFCA15DC000-memory.dmp
memory/6976-4181-0x00007FFCA15E0000-0x00007FFCA15EB000-memory.dmp
memory/6976-4180-0x00007FFCA1700000-0x00007FFCA170B000-memory.dmp
memory/6976-4178-0x00007FFCA1720000-0x00007FFCA172E000-memory.dmp
memory/6976-4179-0x00007FFCA1710000-0x00007FFCA171C000-memory.dmp
memory/6976-4177-0x00007FFCA1730000-0x00007FFCA173C000-memory.dmp
memory/6976-4168-0x00007FFC923A0000-0x00007FFC924B8000-memory.dmp
memory/6976-4176-0x00007FFCA2D20000-0x00007FFCA2D2C000-memory.dmp
memory/6976-4175-0x00007FFCA2D30000-0x00007FFCA2D3B000-memory.dmp
memory/6976-4174-0x00007FFCA2D40000-0x00007FFCA2D4C000-memory.dmp
memory/6976-4173-0x00007FFCA2D50000-0x00007FFCA2D5B000-memory.dmp
memory/6976-4172-0x00007FFCA3370000-0x00007FFCA337C000-memory.dmp
memory/6976-4171-0x00007FFCA3380000-0x00007FFCA338B000-memory.dmp
memory/6976-4170-0x00007FFCA3AA0000-0x00007FFCA3AAB000-memory.dmp
memory/6976-4169-0x00007FFCA3610000-0x00007FFCA3646000-memory.dmp
memory/6976-4167-0x00007FFCA3650000-0x00007FFCA3676000-memory.dmp
memory/6976-4164-0x00007FFCA1610000-0x00007FFCA16C8000-memory.dmp
memory/6976-4166-0x00007FFCA3AB0000-0x00007FFCA3ABB000-memory.dmp
memory/6976-4165-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp
memory/6976-4160-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp
memory/6976-4163-0x00007FFCA3680000-0x00007FFCA36AE000-memory.dmp
memory/6976-4162-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp
memory/6976-4161-0x00007FFCA3AC0000-0x00007FFCA3AD9000-memory.dmp
memory/6976-4154-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp
memory/6976-4159-0x00007FFCA3AE0000-0x00007FFCA3AF4000-memory.dmp
memory/6976-4157-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp
memory/6976-4156-0x00007FFCA7090000-0x00007FFCA709F000-memory.dmp
memory/6976-4155-0x00007FFCA6410000-0x00007FFCA6434000-memory.dmp
memory/6976-4196-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
| MD5 | db06fa28c421775efdfdb96a0858a7ce |
| SHA1 | 4f1a2b16d6b8be07d27b223dd4e85c24763c6a4d |
| SHA256 | 0cd25074adbb9c236edc63dc47a7d91cc623cef67b686311e73b7f3f580c573f |
| SHA512 | 9d45752e471832c22be1683a0c0f98c5806a849d29127785161e6d87ecd3a1d84b5479b15dc52896dbdd44c677f0f61f0b93ac1bbd80dabb4a52d9a16c19c133 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
| MD5 | edc8d7c88f030f5f644f114c5f8923df |
| SHA1 | f48c40355fe148dbb91366939a2a566fc9da8d0b |
| SHA256 | 824a926386a6f0c5fc1485f00b54335f08016c50f1d1299e7a4b980898c16eef |
| SHA512 | 21f6c8ec4af3ddbb3e4fa6e3c170d21c3755298109cce8087a3527f54fcc4a1d7962da1f73e69144dcbf63b28e35268917e3a39d3d5bb89474a23d0b9850a24c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 80f315645ab8c14ebbe57b93027965eb |
| SHA1 | 198a14a655ec21e7fca1a5a6719461156fb67942 |
| SHA256 | 1b5359803559db16fd662c8a0fb50c96ac0901f44d0cc0f47e604fd118a0f36d |
| SHA512 | 669069792b0d60cc73b859685be9305efb98d2341b850ecc77a541bdaaf5c4a0bff7583c63269cd3a59aa63380f5e2b154594fac821b8a2fcc696e82b54dd2bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 13d8c47f304233e0c9b90cc5b38541e2 |
| SHA1 | 99ac3358f05075e95ace296bd07513a2400eecb0 |
| SHA256 | d580b184e2b27290796f61022cbf6ef67f03ea2c763588d1ee08ebec794c5abb |
| SHA512 | 65b365d4a32e07db1cfc0c81fa348b3b34fa3a028ea1b291534cb1b8dd324ab74b924b7f3db4ca37786e976067c2074711621a876cb3d297f502f985489b035c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 51c9519899922c6f43d6f67c67d9c207 |
| SHA1 | 689bd45e88f99b03308b04673bd17cbe9b973f0e |
| SHA256 | 2f251c917fec282eb78855e5957977beb8f5b570da2b870526ab1ac31edeae7d |
| SHA512 | 64b5882e0ab4f0513e65a3cddd530f96400220111463b9f9ad8e5fc250282c6e9aa60ea6e77d59e048097970856ac63d1401a4e734a47c733ac1910d4a6f25d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C62CC1FBB17E5E86C9B57BD10A7F416AF0EC5E89
| MD5 | ac7ecee6df40ff5bf962217bcd7b28b7 |
| SHA1 | 741204495f31dcd1c96121d5dad4eafab1715e64 |
| SHA256 | c1ab711b186ff88456c70015df664632c484429870a678a1f0089663405cf1c1 |
| SHA512 | 4e8c6648e29a8c33c8033a7f6597da80d202cc6fc38bc85085a30a44478df19de6f389bc11779c7c4db41cb1fe4b92125e216c18ecd1c828bd756e24f2779510 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 09a894394a95eb4deadf26ccdecb1f3f |
| SHA1 | 54990f4c3bf074b7679e68c1762df7aaa6ed4e33 |
| SHA256 | 1a5bb791fa447e7c0aa28112a0dd8d54136a2ee3acabcd1da21ece3a6b5bb825 |
| SHA512 | 837a1316b2ab47c3b0520c60ce10b1e1984b1dbc59dc7f8878877e9f488018efb9ec7caa268a9e96e1260f24a7523eb5cebe945b13a6176b38719c76e9a478f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e868157bb4a9cc281a1a6f0a3a74a0d1 |
| SHA1 | 200698e03776712788ebf2e3250117b81f9d48fd |
| SHA256 | fcd1ad875bb9d6d126189afe3c868cb02026f73d10d6d5961e5a3dea825dcfeb |
| SHA512 | b3dc0cea505644717d8e46a62d859eee2823b53a0f99595b5404dfe043221ddff6807e37d35e77023c3eb758978624cee869afdbb936c3efdf5a1ff50077dbe6 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
| MD5 | 0ede226c38d033e7dde89bc538116716 |
| SHA1 | 9b812c1741eb3180a4c7a3d0e156d858c69bd887 |
| SHA256 | c6022907cbe9bdc96287d336ec5ae46930ae2567fdfd7070bdf8e700bd1a979b |
| SHA512 | 707ea3718e8c23d1d6c6f4dee9e90e8522c1b96220efca3ab8532cea528c6f754801e3c8376ccc68f6a3b335ffeed77c72473459f9b682b969d64410e6b1e80f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7074757aa9be8d1f272eb6821cd045f6 |
| SHA1 | 99d163e346397a6a4f548a07217d205af502fcdd |
| SHA256 | 6741e7ef511c6e641657a75b862d84713262763abbc082e3d50cd561fbcd92ae |
| SHA512 | a1db09714ec97d9aadba56a34d7f9ba58c507e9c15a941585384c9c25e53ebec70c140171f18913a49e473a8628cd2c81dc79e220be8211818f819a5ce6ae781 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 86bab10dc9cf3e584e4ca6d59277ec16 |
| SHA1 | ad8592563e634b41fff2ee7a251c15d2645aa82e |
| SHA256 | b102ad22ea2331c61399039dc0fc653061a7136349a400ac7ab592843636a533 |
| SHA512 | 424565eadc09765acfeeb8fa7d7f7e5e890472d3cf282a7f956e5cdb7fa99dbe42c14781cec38d8dc73ce3e2d3fe497798473eb55d3017a2fb7c135f4bc95286 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\12043
| MD5 | c6c741d3aa957af01f55abb3858604c7 |
| SHA1 | 67470672b77e244e59c05238e670861c04948d11 |
| SHA256 | aa7cafdfab29c29d81d626e2af1fabd2f98bc416979e11da65e4ea329e27d818 |
| SHA512 | b47e242a1a56bc7a8cbdb07ed54f5e15cba836008b3f8db27dacfd381649dbd5fcecc7add371795b49697e2a0aa046e3dc7b6fa8e33dc185da54ca73bedd504d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 131f9935f494bad7f01834ea4c5df557 |
| SHA1 | 141cbc02b4776a170dc9e4bb2437148c69c59ed2 |
| SHA256 | 8a944f4a5127bd8e0236357652b975cfc8589f0fcce6da447f023a89c6b0fac9 |
| SHA512 | fbfc08e083875a436aa710477be83b533f08422a5263409ef7af82d9c2638ab86f6f02b827d1011432ae3cefd6d50929584007869f7e963adc7888edd5e3a77d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 776284d71b729ab0f2d96416c17298f5 |
| SHA1 | fc30e3554c9cb27a2069d1ebb4c0d5c025664521 |
| SHA256 | 10cf34bdc30f9e6307670dcce048c4fee7721f7b3e9a14bcc86379c838d5b28b |
| SHA512 | 26a01f889d9de0b0fa43d8717051ff9ecc6edc63c61a16a4846275fed9c45f1885ca5accf52a50cf3d4c96294147cf2a7eff98e07f6149fee31fd4c6fbb22b5a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\32352
| MD5 | 0c10aeb7460c0b34f3f1ca97c11486eb |
| SHA1 | 09efd0163d28a4248af98c676374cea75c9ff6ba |
| SHA256 | f8f5a31455bb40b79af3be2756547c863cdda1ed66a68dc12e3d11ac3480baa3 |
| SHA512 | 13f0df4e777587b6838eaf199ad0bf2efa501a60de8a787c54a3631541f5a8f416178f3478839c0435ce42b5f53b95d21764a44eec9c53fed48106ab615d9fef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1202
| MD5 | a4a2fdee6f17497f6dcd196fe5b27979 |
| SHA1 | ae248b4e82d266d4a2de5fa0380e0020afcc76a2 |
| SHA256 | 818c7e5b6175fe3a7e2bb82fd544e1dda5270b9b5c34e15436eedbe5d7d21b6c |
| SHA512 | fe0941579bc613e2993c9721774bfdf0b4b726a1a41a8ff7ac1c09f1f20b60e843ce941f5cac8c2d40de67156385a4c13946e24f13cc20100c62cedcc6d7848f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a2fd670bcb603e32202dd91b728fc4ce |
| SHA1 | f7da6f0d9f88eedcc3f328129223c9a831487c1f |
| SHA256 | 265f3019a6b3075c58833abbd81d786e5771525ad36a1e1947f8d5b6a6bd5a68 |
| SHA512 | 40f48aab5950cb7424539d627180f1d7d7eda0d96235fb7202b3208a516a2ecdac44fabe58b0ac3bfc11e1eb55251c9cce0e114d87ba6f94853a54a0199c8063 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9770436d695b992f2b9b54bda60e10d4 |
| SHA1 | ff3652ec50b52f68be0988f09722993e1ef41718 |
| SHA256 | 1c803a51917678730123d0ee46e9805d2b792770dbe00f605540f5678f3cbbe8 |
| SHA512 | 1880bf6d707cd5158da4d96caa794859f210dda293eee00332be1b130d6063974d7ae9bfce4557ff6295f20077a225b947b4f3b29bb3916f40dedf349ca6a4b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0d2b7c80c0a319315e5d75fe0cb2a6ed |
| SHA1 | 433b18fcfc09a57eb0483d12249d58c99fc7f0ec |
| SHA256 | 47c23355d71d786ec6286faa3aedd64aed40a1024cb75c6bc3a2b528f2577e98 |
| SHA512 | 1f56c8d861ac7aae11d4bac2040595beb9f9e3c38e29af5f95741fd9ce0fd01432aea98c71b58dfc4abcb42135c0aa3c1abbb90ae1b8981c136c462aa72ab82a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a30116d898352432b5a4ca9aa85b0daa |
| SHA1 | 8a21b99f16efcb04730b1dd53872dd776816896b |
| SHA256 | 9d9491f71cda30420ccaa1051c175fcf07b24a3bcd78dc4f827c6112910abe94 |
| SHA512 | 9260f6f60caa1210dfc9466549dd73b5203d9e47f8a92e6768fda30129c44bd1bac89a962c2533f22012b5ab395fdaaec3802f850d000e4479a7eda16b8e703a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\2773
| MD5 | 301e9edd19cce283abdbea19a08d9fc4 |
| SHA1 | 9673213b0e11a13adf4d83f48da03d5d46de044d |
| SHA256 | a79e5ad7c6a9f08bd5de8d13ac5788025845b0f9da4f3175917b54f7fa4798f6 |
| SHA512 | f188b5d8db4a6283b5c0dbb8c06e6c67c0fd92de68368b6ecd970259c8067c05bd7f46a73e62511c4fb83833699ed392cb546216dfaede8dde2aa057bd9ea840 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9b08e546a3e82dc3e6682576631c6141 |
| SHA1 | b15d3efb1984e77a02238f0fc4550d86f834782a |
| SHA256 | 30e2bb6fbe30d21ab944c3688b10656b7c34f8a0323b29b98a8a012f6654e0d5 |
| SHA512 | 84565b0c5a4d47c58c573315678ccbd12b5e8c534f8c308a27f906b14e4fdabceaf98b1b91e11bb349ce4591cdc977b2a57c109076b57159b60473fd46fb39d1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | e80483de9ed19fe16dcdba6802e6db34 |
| SHA1 | 741d9d4c30dd8b20874cc33b73576de55b8ee723 |
| SHA256 | fd1cd9add89b288c6e9ba197c2038c44d5430b74a2092197ff2ea0086c5df03c |
| SHA512 | dd8a6ead2483a24f43bca8f2807f59270977445879bb339cd01a9bfd57c38007a715db763b42465c11479808e46fb3abb480a47fbf20b8f612466c9a12977c38 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9820A04C9F7400106751A4218255253EC1E427B5
| MD5 | d331062da0e03f0ccdd7a9236a2772c5 |
| SHA1 | 68be193e9c90bb2ada2a58dfaee075eb9ecaee1a |
| SHA256 | 6f3284a9f6e2842f40d0736c8969d37a1b3af864a789b7c18dfc279b01ddfd4d |
| SHA512 | f7e4c61580a367a3ae13edac720cd6dfa3dca8da208a718538981df1aa1cdf23e40e46d0f3df8baabfc793fb8c2c07b5664456dfb138e5b5fce5f010cb74d3ce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0535CBB72AA412E5E545B805A22C9F04D42E7EA2
| MD5 | 1edf7f2772612a6c5c7c9a550c86d653 |
| SHA1 | c650a53d0dcf8cdd9acc13ede829298b8a66a365 |
| SHA256 | 7a2331b34e794441002c24cc8d413ab799a71a4dd46713f054f309f49167e65c |
| SHA512 | ac3c10713e3f1ebf574dea58aab51b81fef8ae8ebedcf9a99864550fbeab2bf1072012a4e206fd662649ea93c426cf17251d147fae3aab1fd90c1c21ee075ba8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\DE589E092797E960D49C246AC23629B8A53A2F1C
| MD5 | c6eed2da656c0f4b769a489a2292bbb4 |
| SHA1 | d70ccac9d3d85b7020c5d756aba87f9b2f650c40 |
| SHA256 | d5c29a955a75ddf762101e09212b747cdc12d3702f14119fa67825e055adc612 |
| SHA512 | fe801e6329b431a324a227248ab74296453f543c23b97f5912c81c3b2d6ac186759eab53d4e64afb49356faf1b67aae76f779694b9d4956d864f93602990b226 |
C:\Users\Admin\Downloads\ChromeSetup.D7zo1LHs.exe.part
| MD5 | ab9d202008f32247d31d272ea93471c1 |
| SHA1 | ac1935ca1e4c09f7f20642d1be44ab65c1585d72 |
| SHA256 | 0887d438f6095fcba68cc6299230bf87de1a8e14a163b1c4c91e60f218fc23c7 |
| SHA512 | 9bc4d513a15e7bd2a20bc27a304051fdbd94c7c04685196cbcc815d1094def6222f8e6c9055e06a54173c2a01c8b6fcb3a08aa6505dcff8a28048b4441e850da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3b3f35c27943a5219e5c6f6dc8714a6a |
| SHA1 | c3121d443b27bbd83164f901774a97fb1270db8c |
| SHA256 | 0a5dab9afde5c2fa70d47d78407cacba508a1adf037a6126e6e1f68c58017717 |
| SHA512 | 39227f0e1f3e04ff4a98078f3b9cfe63d69c2ef49057cf9a35023dfacdd6302cce3b23d3a9838ead03a18b0ff9dedc314d2b520ef9f456df89e57e6ad297a928 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 7e1015bd1b7c60c1b1fb4bf1c6195592 |
| SHA1 | 9d26769830527f83c852b39f38a944438f8a222b |
| SHA256 | 2d98d5302e4d55f173afb53cf343f60def02d803f45db863f1e7466306d76fca |
| SHA512 | 5677595fbdd2e918fcb8914ba5a4d1ea49d329a4293f3a2d8b2cfbc8e28050f37e73dfd8403a68c7c0a7dcf99481b4d0529eb72ce4caabb3b979ef5a18dc013b |
C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat
| MD5 | 45c30ce59a7276a68be3c493ce37df71 |
| SHA1 | 5c943faac062fef354a2f4977b69428f102c0c1e |
| SHA256 | 36935c5788cd295c5724f567fae3e3fbe295222b95ab546b349e7984489e2a55 |
| SHA512 | e74a6baafdc05e405498e30d12139f3187b7d74271c0f2ba0780ff2da0be950c192c7e8775aef647e012a7a11e8ad3f4c4e6fceaa6952ab114bac14cc2cf117f |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | c1923e4e37f77527879217984b072499 |
| SHA1 | fb1289b593178eb780c183bb54e1b52a1af3dfb5 |
| SHA256 | f2e37e22a0dc93302afdc10d5d76d8f511822b33a897fc035573462135002d9c |
| SHA512 | e876538a289e30f6ae14697d65d781d3725ac90d3a67d527f6a5e7ac94c915a6d04d109c0571d4aae51e7852d747d7150699016be84b3e261312fbe603f45750 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ef35cc7e9f171cf71ec6fef36b068a86 |
| SHA1 | 70bd44f25a6bfedc2ed81340827c51c2f8824f35 |
| SHA256 | b8f2043656ca83617076fce1907b5dbc94058b3368d16de7688b1beedab50a5b |
| SHA512 | 16df016daeb98466128751d5a62d8e48cb2f7af226d75a787b6fb76ceb1f90242080ad035d656a707819d740dc147fa7d549ba106b66c498107b17a022483747 |
C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe
| MD5 | 5aa8ebc484fabcfaba8d10170d0b4b59 |
| SHA1 | 522c14c36b2a515426b0a97c97d9a11b20605fcb |
| SHA256 | fcdf6ee87d81342d7949eb27d5716de504b0b0c7feb9ade2e24a4f83f2fc4165 |
| SHA512 | fd6f029b11908bf19532b4991cdd02a398d1be1bdbcc4b59adba2ae72a3cf3430b52a94be0b6487844b8b74b094aa91d1f514116ea14ae585ca65382f95c702d |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 1f7b3718d6d2850737a1db1f61a26f39 |
| SHA1 | f396f79bf1693eb4aa1aa59da7820cdbfcc91f6c |
| SHA256 | 38d27379d70a80ab5b8f1eefd21ce53fb959dd7de25db6a5ac5580a64c7a16e7 |
| SHA512 | af7fbd1ae460812f32fcb2cf180d9f4a7df71156fc54b95ee4e71fee6d3d203e3308dbfd2184dbedfc1403dcde8e91626337c0075b28e0533d972aea1a3f2fe0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b7623468a9cc2d803048c8a496902db8 |
| SHA1 | 0ffd9edcb3d5b9255e83e2891aa788a600e370ce |
| SHA256 | 0ea69abd79b4600af402796314f6801068e9507a2959e710dce4f7b7f9945f6a |
| SHA512 | b1a42197fed48333d71904a34bd285b95128aca41f69addd8088c65705a66b183c3616ea29422cc5b95d65ac68f7e17e75309b9e7394d927282be4d429e701ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 283604bd21336d9ba3c26a935c13f7a4 |
| SHA1 | c10e062ba71df430e410338d3649fdaa79abcc35 |
| SHA256 | a4427559cc865b7fc112fa2dd0936f323a763768c37321cd9fa72e6a526e3940 |
| SHA512 | e40852a485acb10c8dd23716cb756b0993b32565aa3652a8bbcbcecc852a26247d44282974f2355b26acf6a7d4895ea35b0f3bf31d02b54d453f61bb69d00b79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | 505a174e740b3c0e7065c45a78b5cf42 |
| SHA1 | 38911944f14a8b5717245c8e6bd1d48e58c7df12 |
| SHA256 | 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d |
| SHA512 | 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Program Files (x86)\Google1296_1078768204\UPDATER.PACKED.7Z
| MD5 | 966d844579bca7fb789de9d3289774b5 |
| SHA1 | e250f99c09726efa928302ea75aba6b3c825b9a8 |
| SHA256 | 90d55dfa83d4a7fdcb0b53149ceb0c2361e5a41bea5074649e3d5a109b6a6031 |
| SHA512 | 05cd96b18a9711917e4d8e2a1938ce68ad3ef1bab7a5e5ef3ded1090f7809b58c6b829120e0ee7498e378a9be05c1ac9f6c67713e9aa6f58edd6be8264140cdd |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 8cc185bb65ede15b1462e84e327efeaa |
| SHA1 | 73d1eeb6e16ff02e2283b8df627136d4c9d98c61 |
| SHA256 | 96a0f1df55e3ce143377c9915cf529d6ab8b9b6ef7d3cbad179895b30f947faa |
| SHA512 | d2027917264b45352db99676f3fccd83efec8d593a8fc1df2dce076a60fdddc8ed834a37cf5c11afe6bef3867138813ef5c627714c956092f1c60fc8500b19c1 |
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\SETUP.EX_
| MD5 | 427a22fb95863124359729460e226105 |
| SHA1 | e6fd00c0b2baddd938be8693a2eb57c5f9f13340 |
| SHA256 | 95bb349fa4e1049bd61d820a30118f7e914a934ea54c152538bdaa2446f49019 |
| SHA512 | 777e57a7598d53a5dffb2e620ace2678964684b63291375d31864d07f2490e01af1db0fdfda28835ae4b5b40e1577dc766aea04557c52ffa45299b342471e55e |
C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\chrome.VisualElementsManifest.xml
| MD5 | 9ed9104ca957d79d5defba46daa09340 |
| SHA1 | 60b4e7de9f60fd1f1de45693c5972cd938755993 |
| SHA256 | 4a4be0d75e252dd5c71e775817623623dac79dd8bf72c50de978a045bca17680 |
| SHA512 | 8664e939bde0b9759b5fc57f7487ad5418c7334516d65de164a6ec67b9b6c4539b53d028fb8718f73743d5db455fe110dd0fdc436ef8e3e153af4401a83bb96b |
C:\Program Files\Crashpad\settings.dat
| MD5 | 2092acda14eb142eb6e4ca599ede8f70 |
| SHA1 | d3a24c268f37f8edec0a19b2a884bb012926e653 |
| SHA256 | f6bf3bcb3a571fb334bdf485427938eb02843b9755680551a8517f9631b4611d |
| SHA512 | 91141f067708f2441fa8803338022028aa545735dab313180962f8623c8e2ce0e0e13301761f245bdfd023b7f4c61b36312f45b9a7b68f97b28d25f197101298 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 34ccc6ec1e905d52a67c5c21253291e6 |
| SHA1 | 215e7be4f18896e1833ad4ae117f28c30a3ccfd7 |
| SHA256 | 3224c82bad539c4c1ca5f0f5adabfcfb81cd7908820e3fec8e603b0c1a3f4c70 |
| SHA512 | ebf834c287f4a7ff3011590d9229da2a6a3ae394bf1379e44bf44ff8cbb987dbb48c330a2deca8ef12287171278a064764c3495b84601fca2cf6a7298d5be683 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | a3bd8f0ef58940a10852afcda300b554 |
| SHA1 | 7e45aad1fcd5e7cc44d030c31b8804315d6e7e5a |
| SHA256 | 18e87c0c68f6c558515fb9b25c20897b32ca3bcdf76fc1c9e6dd752699e65363 |
| SHA512 | 5582266d6ae47f1fe0e5be383463f1d1f3f40515468f0708b42dacdc86e9ff6d2ad52977e316354a425dc3fbba549e1b39d6c97d3e521e673454e55b5e9552b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | c86640aaa33658aa24db5a9e946108b5 |
| SHA1 | 42a8819c961a6db7e165a84bab0781ef72e71d81 |
| SHA256 | bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717 |
| SHA512 | 5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3acecc029dc30b480eab21d7158befb8 |
| SHA1 | 5d545e6ffd38eea9b82938ec63bc71caac2d5f67 |
| SHA256 | 7d0d45fe468b177ede00201839a5a8bf235efcc985024ccab34b6e79e525b60d |
| SHA512 | 615fbb35546ee62b52926a181ae98629943a319f077b2c77954f9e5517f10127b3f29a6c9db1071efcccbe0b41c0574d634bfd2dc4fde4b4cc5db083e066540f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | adc7815c29435cda60dbd0635272bca3 |
| SHA1 | f4fc15570c66aa144da327d547e9ab03307cfbc3 |
| SHA256 | df39568e62b91abb1464cc592bef570dfaa296bfb80125df9d5b08c4e6efadbc |
| SHA512 | 77dfa795ba0e0b4ed420376121883221209e3d1b89ffe1476c3982c10a8bc37450428af0a1e1f23a0c253620bed935274da84fdf7a83bcfc8f0dbe0f76cbd688 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\e37df3a2-558a-4bcf-ae2b-8c49c8da33ae.tmp
| MD5 | d7bdecbddac6262e516e22a4d6f24f0b |
| SHA1 | 1a633ee43641fa78fbe959d13fa18654fd4a90be |
| SHA256 | db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9 |
| SHA512 | 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2507dd1a4109bb2d8cb2e12ac2ee3207 |
| SHA1 | 22f594c35f88ea0b840c90d84f8bb3994804aa9c |
| SHA256 | ac57eedcd3374818759648d74107a5bc39104302bff928695d9c6684e2f9727d |
| SHA512 | 1e049c8d460045b63ed2efef1eaed6297aeb221c60bb03f60199ac354f3c589ac5ae095059d46ee5ad289b8a46f0c96edf298fe5f41bbf5fa022eb8598ce7996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20d8723f-0ea6-4794-a67e-a7a442590d38.tmp
| MD5 | 3433ccf3e03fc35b634cd0627833b0ad |
| SHA1 | 789a43382e88905d6eb739ada3a8ba8c479ede02 |
| SHA256 | f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d |
| SHA512 | 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a5c2e03336b593595aec93c5eee90cc |
| SHA1 | 10e47a8b7fe15f7dbf165cbc62e624fd4257884c |
| SHA256 | 8f7779cfd673aa153e3e9ba245a85689550cf4913cd6974f1b34a448eacf3ab6 |
| SHA512 | 18637a3b293651e2b43cf75d2e20b64c290b13abb1ef4cc6a041332517fbb0d5af4a5f0a6edc4f101602505477ffd6c40fd5180b6dc05663491bef0b87bf43ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9c9227b72be73a7e3d81fd19be6e240b |
| SHA1 | 1e84606af7d12b51706108fc492b0beeb270834e |
| SHA256 | aa06a5d8cb7da12658e482daa228b49652c9afb8ed649db27e6a17209c27df5a |
| SHA512 | 5b28ec15c3787e6541c4235c71152855c930dc7c7915a30c644ab86afc2e3f064fd9214b90c554b7db45a95d4962f80e2235d8629465663dc2aff4da7853bc07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 81884f9522f40bb65a60dc0e1c0f0f8a |
| SHA1 | d84d13538e693517cd9fd3c0a537be2847032468 |
| SHA256 | 94de3e9fc5ec6abefdd30f4ea718c79a20c2aefac1f0e7b777dbd99c783f0e3c |
| SHA512 | 390a601bb2f4827f763eb772a9bce7f4e6fb2a05546caef57017adf064bd83e30dee6a368070eeb46234bbf49ced4478b95be3a79d1007828c8f7e56587d929b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | df898e9ba107d0aa4adcd35f75332717 |
| SHA1 | 2bb23752602bc661e5b512c15c7bb6f19f93c800 |
| SHA256 | 63977bce3f73dbad859bfa25cb9f5835eff170a5253c391214f1ee25de474c17 |
| SHA512 | bc427dad883d95a636a0e8b146951e82f128bdaabb8dcf8fe9bf24d365b99b2dd09bb9dffe0314ba050da14b3b7008ccf152076437b53ad42fa5f7d5381c2116 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3997b95f7c75b323017d5c891c1e615 |
| SHA1 | a023a58402bf75f0dcb4171690607592df5145d1 |
| SHA256 | 1fcc6d3bae396947b4f5d324b6dc93d9a646f9ebbe8656e0891906759afaf7ec |
| SHA512 | 7f4ddef5d749573f9d4871f5c3a70376c832dc7f830e857ff5723033451fa72e7aead521e22386df7572fd20532c7dc1cd520480e728aa15c1b0a84cc72f7aa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 2257803a7e34c3abd90ec6d41fd76a5a |
| SHA1 | f7a32e6635d8513f74bd225f55d867ea56ae4803 |
| SHA256 | af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174 |
| SHA512 | e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d383375c92212fd8ddeda4a3710f2fd5 |
| SHA1 | c47aee73b2c8ea5aba07d23a511525356f30167d |
| SHA256 | 0e3867176f6c328baf4b2ea7a33efdd7cd56a3e03fecd990ef542c224d0283f6 |
| SHA512 | dde41aec462a06d83a8f4f167e4338a4e6e843f31de919a5d8d979ebae0bd491514d0d7d7b92b4f0f3af64bff25d5795be4151fbbf6734382f205d1dc5cc9212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57e34259ff88102472ecb60f7e5f566d |
| SHA1 | fc295ae9de359a0c59b685319918a6633f65d12f |
| SHA256 | 60386de37404047ba3fd533ea5feb079de5805a0c00cc44bcb93eb5c75705f4f |
| SHA512 | 209f7a384127391c45b51ff3185f4440c3d99f2675f46341686dd46e9ba1e0c5ea8a43307b8b2f7607584e74d6400d9883bb6db0f6f2c6235059384210fe14dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f4772e2caf33b5b48f9bc72064c2cd69 |
| SHA1 | 8aa5b817f061a711aa4f372db3ad613060f34337 |
| SHA256 | b213d13c9dccfc9e8cb3f48f838802750cc962117a4b177c582d7006e431d688 |
| SHA512 | 30dea2fea2067ff4ea242a47988e6b96c3d460f00118a46fe2c32a5a9f4f51597bd83cb9f1f55655da54cc541aac204e50f2de8224a7733a5db6e77d0633f23c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe614eac.TMP
| MD5 | 7dbfff9b5c30cf50d267c2803f4e8ce5 |
| SHA1 | 904876986e3878b05c0420a64f0cf571242db3e4 |
| SHA256 | 6ad685f109b69506313eb71294a5e41952545d6e89419935d8989db530c97c97 |
| SHA512 | 27e0065414c0b6d5b01f247eeaa9dc80df2131f349d10ea27a1a575b9dd807c407773629209395c34fa294831f3bffd5ec1b345b2a8ae0d1fca3f836358169ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa36e0383c76bd6f17b8875449e221e1 |
| SHA1 | f99c9290eb34c4d0b4c4a82f4da3a1c047a0e69a |
| SHA256 | 2dbb56d0528501e9f6daf0a3756e5b7f2a986c17cf1828aa0df6e76f1d81ac72 |
| SHA512 | 72c69a3439aee198595c1d7c109ccf8fb9b3ffbb54fbda0ee2be6b86b5e4074a3227fc6534f5ce245f0bf0f2872aa9d310b9a5fc2ae8aaa772b78f00fd5ed1ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 756dfb5087aa5864a54ad41fde14d545 |
| SHA1 | 27a9552948a246a0699e657d22a959f843223a18 |
| SHA256 | 0023f4267519494bb2df0934f5f606f9f145531a6b9ebab97d443e3edaedfc46 |
| SHA512 | 9b902a2b5f562937100a3870eea70d801ddb1f3cf5e2297559c6163e60eea75f15f7d4470f125969bef4256a209fd9c06036eef34ab4a97d4ce1707c703b7d14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4bc84c5ee8c64521fea3e34be5afcdcd |
| SHA1 | b29ca3877b3f8b51d14d96b174cd4376d84b033e |
| SHA256 | c57e0ec6ef0a4206aeb9768a68c7bea82859fe0931a67cfdd7c46c3911b6c295 |
| SHA512 | 72baa16d946b72c6050827550694d4a7b29d1b78fb8d67098570b6268f900dba4cebc514cbda9345f21274eb84dd079428186de11187c687af9a4ebc2260348e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b70ac81661b1973953f7886bb92b4ed0 |
| SHA1 | cfb9464ebaa9876e834583afec7494531c0f3986 |
| SHA256 | d3c1c6c6f45aacaa4b4430dfa4246fbafae06aae3e49ef4d339ba733f2cf3e84 |
| SHA512 | c45598a0eaada12f318b36fa4e4123a878b1862b2bc6ffa69773b9ebe7f2ce95c2c0c534250bfa4080193c1e7786023ece64246eaa200c4be46f162cadb9965b |
C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\crl-set
| MD5 | 5c89b20564ffc49b9b2e275b99ed084d |
| SHA1 | 7f3c1d1f3d84eb7347846316d81601a582f4b803 |
| SHA256 | bde55ce9ee32cd827e08415ffdfdfe8c87b1e68c914ad5aa242d2360ade11c66 |
| SHA512 | c985b3737f4a35a9a26b946bc8309be90b08a0e7b979d3d5ca7a322defeda3ad202be5f44169299be99c3c34733fe82c38df4d3673bcae1ba4460cf586961734 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\manifest.json
| MD5 | 76b7226ff4e1205df14e60bd388f9c1d |
| SHA1 | 0f053d9e479a8af0c77b0d9437747d122244dbc3 |
| SHA256 | 417a5dd6b49bb065530921626ee70545c6fa1671b2c0dafe14b8d1be6cda771b |
| SHA512 | 1fb56a033fcc21967555c0ef10f7a0dc1fa8d6ef48516832ca22db569e6488a5174e46c3fb3940823668bced411d560e6b41c9b094cd7655ccbaacdea0468927 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6a8b0bd2a39de434df63c637b9e323d6 |
| SHA1 | 76297e6aca3b34ae66a52037ee945868eec8b6ef |
| SHA256 | e97bf5370709003ce74637a8d54922c9a0cbf4fb1206a986bee9d058b1016b86 |
| SHA512 | 1a7e47547b5f301562bcc6e38db515cddbca71fc15c1f2e83ea2392bb9b377ea92cec3c876c4fb169716c1d720be1608133e73aa5c23d15578fada92f2d8c392 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9e29abdec388180b0f11af9f9745463 |
| SHA1 | 9bf770d335d37e302c18db7cdd6e743f296458a4 |
| SHA256 | 5c6ccd00b388b4eddbde1d9fdab5094efe1faf0fb45b018875c0f320af84abd6 |
| SHA512 | d338a4e81fe5bebfc03185f30f9b9c2d98cfc1614c85774521cf93493b301029f28ad910ffc9c49e48cd7649d64bbcbe37bdbf1a00d8e8fb0e32715d52cf4a71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ced08be5f81101b319456c621f217c00 |
| SHA1 | fd428ba2b1e9711abc0f995fbb34d0b7c14e08ae |
| SHA256 | e0345ec1dff95c30a4590850d7864eec58c9f15377d311f01427b02d40fc57e7 |
| SHA512 | f2af05a78f35fe35c2d1a7aa80dec8832a7a131aa9f5746cb9fc489c56e60ee166967389e293f11f3b1f3b8de64f6f834ff2d8ae1e7f6fa276f8df64eaaf1c84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c0ae33f64eeebfbd63e8a17e4003ece |
| SHA1 | 444ccaaef62f3a56e7ab52792143cb5f5ed5b487 |
| SHA256 | 8c78d871ab4b710e37f7a5a59c81560d7a3d4d0fec352a42c544dc6e762a7543 |
| SHA512 | d590db260e174678dca60db1106630138ef7f8589231be0cafd6bdffea22ef11005da3ea221f36595f8f11badb19501274d73cc0c94a28364956ea687cf710ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5dae04810f872f4d74a61da95d3e160 |
| SHA1 | ca2478809c4f702dfa22e63dd0aed123c3e76aa6 |
| SHA256 | 73bfc157a0e16c862acbce927cef020295300e486431e40394d6fddc3d5e8f61 |
| SHA512 | be04c5088577ee616e71fa8188a62106ee4bbe753df58dcf429b006d1b68ca359921393e0f23d759dab52771dae421407d27922e0927788a89fdca5f43e5a2b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89b067f17e78f62431dc45372e321b95 |
| SHA1 | 1ed505f81ede86a277d7836e7b94da5f1e28b9c0 |
| SHA256 | e123576820f6eb76da194700cac8fcc31984a2fb8afaa32093e681255e1476cf |
| SHA512 | 5b1c4ef4c34cc44d6c7f40da41c718cc412c797bcf26c9997832ef7ccd5777b91e7d261411948473a1b1bf036768bfbcaea1f06784975e5e48379540ccfbb70c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0152cf7e1c8a98e155841d621d4ff95d |
| SHA1 | 8bfb7f5610f9e3e94d7366908948db303221ead5 |
| SHA256 | 3383f5ca3787e3d7c0a60de92f6841eb9747a636139212ea7534b9f62fe13f2d |
| SHA512 | 8d30171195395fe1d4aaf9a2c2df7a5703f4f192e6dcf6541f2b13f98d468b7a2b64c1df92fbaf3e5e1c88df40f3a65abea27c0f1fa6946b25fd7e7ceb8b1269 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 964ecfeb4c78d4a3c897c472641e9e2c |
| SHA1 | c26f13eb5e3b9775eaba2f30fc0ba8c85e75b195 |
| SHA256 | cb4a39ecda4c57bb1f9f8880dfec08f1d8ab2f28bb0deaa6df5f4e9c389be6c3 |
| SHA512 | 1e4939a90cd69317b840da9bba3ef047efc5c9aa8985f142a47ee6b5f2ec22b1cdfff8f6c388b5d6ad8cb096ed161cb4045aa94cd69b4671c21259ab19804620 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75d88a69ad89e2873ecd599f5e2daa31 |
| SHA1 | 173566bde2309557e31efccbdb12a49cf89baf51 |
| SHA256 | 2d9307e90c1acef52d9a556ccc483c92ec78739286cacded24451e5ccad568a7 |
| SHA512 | 0bc8a44b69ed716da8b2e809fe55bbf0764e232f13a362c94a858d5f7d10acdd6a20d2d49ace44cb2409b499f5163253449efb40500b20564d42f12a1beb8082 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | a2e8d9fc4e68453c022e45b673ab278b |
| SHA1 | f16041e604caad6a90ee7adf75dd314a763caf44 |
| SHA256 | d7e0ae5c23ef6c4ce34159796fbb64f9079dc72e2eee801259a32933be2ff58b |
| SHA512 | 4da1b3ee6b65d985a7f0807f8376e6d9cf963cb15f1e1fb096620db247db0f71b7f81adf0617547e72232387c4ea40f487c04ac6d979e37f1e880cd54ffc755e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31f664d9cb3c9bd0d888103d03798989 |
| SHA1 | 30e97babbc19658208b0be1507b5b484baa1287c |
| SHA256 | 0569aeb55ddb614861c5b9a1242d0bc6f630da312b959ffa94cb55f8ab8f7128 |
| SHA512 | 60a1c36f75d27a34b74c097cb67627b4325836022d589b18ee6974bb5d9cf8be122d5395e63d9ff9ec8c667637b0dbd05af6abc433615247b5ac90fcb50c009b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb56362eb9097b527c3c5dacc470e470 |
| SHA1 | 7a3add11e8e1e9d3fec3c48f1f78a451e9a8d91e |
| SHA256 | d2c20d10130ec6a7dbda525e4e61cc420e87f47943d0d8bdeb0d8ca3d21460cd |
| SHA512 | 1c147d510c67f533d35be1275e30bc6f9617d23525b9175dafccccb5b7309552d41f927ae0c5975f6da372fd8facbcc48a243c717ff5b9de48f00e6080df2e4a |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | f22a975893716f0bdcde2a974f647029 |
| SHA1 | 6592834bba27d29448c9c138c144ead944fd0d36 |
| SHA256 | ddb4d5d544e97e7361fce31bb8b6b11477e00bed2d105bebd97f30e5826fd244 |
| SHA512 | 6156c0a956ba8d00ca01e1663a902c3520325473a94371df0e429e9ae4628e266767cd65c8d14ce9f91d7ebd264a1134cd0288374df375c2e2fe938a93ebce17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5394535f0bfd85132bd1684f5798d3ec |
| SHA1 | b7da1059fcaf98f1864d50fd86286e0e61b05dff |
| SHA256 | 47a178e74e08a9be89f0c6a2f1c06484175b3e4123fc948422d9c82ded1b6300 |
| SHA512 | e52992c2bad1b498d78a985af12967896f82156c5c0eeda80f4c94a4c0a7453949bc4c12c61d34cff58850b1bf7e2a260708fe1276c7cdf478e9199cb2e56c3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 16e30a1f34c4c82e3c40786dc2c84449 |
| SHA1 | 7544252abc5b358679b18d6755f3b802d5d23574 |
| SHA256 | 2f429755d404da5f3dc7e69058d96453917ab11d91ad808651794bfb356ee294 |
| SHA512 | 5bdcc99f804e1f1137ad3286092440e4924b9ef9927050492965e41035b501a4cc0c59fc031ea8c76cd92d0d84a6b3a6b96efdc1e3d1c05bd66e4b2e9acf624c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cdfac2dcb777ea5de23dd9149962d58a |
| SHA1 | 80e7354d77b3a40471b129d449522303846749f5 |
| SHA256 | 20cfaee00162fa0516c959451c3bb554705c04be274f7f03a05d2d4f2b09cac3 |
| SHA512 | dfdc3ff43bc1dbe8dceb08e23955138dfc5cd31857e5a36b7d35afde7695668ebb8a19836acf654107a19f985a76ff5343933d5deff5654d506259dcb25c3721 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | d33c4fca79f7eb05abd63704be43dea4 |
| SHA1 | bf01aab260f23c754be003faab30a4698d8c65fb |
| SHA256 | c941ef334ededc3c14815fe942bab2706aaa2172f6254cc39fc41a790208b5c4 |
| SHA512 | 433b59d8751a76cbc72f25bdba8394dac0a575a9484aed2a4181c4eb55cc30455473be75f424cfd33cb7d5c03d93d99722c50ecbf3be1f9eef6d99c963e0663c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49288a332862038d724fc679fbcaa4f4 |
| SHA1 | a02e421c44b7f2313c41496826ad32bbe4d3bc58 |
| SHA256 | 05c4f8d899ab532941d269371d6cd195ed0f8095bb87d7f281f40fbd99dfda7a |
| SHA512 | 2cf68ea93d149e52424c385f52bb8c8f8b11918d68c3f366ba8cc146b45cb9520f5ac8adeaa221b2c83253dcb31f87e7445a60ef455c17ed3a8966e36e8c16e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a20d74ce-a2a3-4cc9-9a7b-4cbdbf71d590.tmp
| MD5 | c819456b786dd60a4da4e71f36d72ad2 |
| SHA1 | 5c67fc43d354fda7b8b6d29858e6fdca05303b2b |
| SHA256 | 9904e4d0bc40097f7f34f8fdbb1ef5faa88c7ab34d87112b8c43f3416f2e647c |
| SHA512 | 8ea926c2c6a994e9cfdc26640ed0d3494975058885f7d4515854b1b5cdaf60fffaa49cfe293c866f6a0de7265007339363a096c071c38efd479226c82a4a3aa5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9643879d34f3b736c39c65b8d651030c |
| SHA1 | 57fc51ca9a0f802be77387e3b01c8ac4867362b4 |
| SHA256 | 176d968ce9b0ee68f06ac4a82a76dc1e5871b70ed7a37982da211d2165a051ed |
| SHA512 | a224980b11fee5f2f47903ae98dc947fc6741236718b463882354c50c77084310c774ee5b95aed44cbe1f82fa06b59b03125c843f32b854a401defb86105aed8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec8e7eefcbae1a72b9b54f14c4835f56 |
| SHA1 | 6716cc1d9eecbda4a5508bb533deb5a080c3514a |
| SHA256 | 30df361721a6f6b16e26a0a382c7c1165083f073eaf886638d56148827c40512 |
| SHA512 | 1ae32da83dab311474b2bfa0d41f62be50888ab029ae2b32c1376d9c36b25f5999cf9024f4de4d8ac02f0b7c04b89939f2877c9cb674fd44beba289c5d45c783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cfef54ca42e6aafcda4e6a31a505d78d |
| SHA1 | 8591cbcd4f0af9064a9d4ced7c4ff6970965b31f |
| SHA256 | 39cbee3301be073928f30de7fdefeeaca81adc942078dbdd4ddcc9968a680d7c |
| SHA512 | e657f4be4d4d261df7ab4cea77237c2425cd802ce82454038f8ea016ad5d9296f261d39f1ce9b8c4ddb9b2d01574e6e290081ac88ffb503ece4acf7900ccc022 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_image.dll
| MD5 | 25e2a737dcda9b99666da75e945227ea |
| SHA1 | d38e086a6a0bacbce095db79411c50739f3acea4 |
| SHA256 | 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c |
| SHA512 | 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2.dll
| MD5 | ec3c1d17b379968a4890be9eaab73548 |
| SHA1 | 7dbc6acee3b9860b46c0290a9b94a344d1927578 |
| SHA256 | aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f |
| SHA512 | 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_ttf.dll
| MD5 | eb0ce62f775f8bd6209bde245a8d0b93 |
| SHA1 | 5a5d039e0c2a9d763bb65082e09f64c8f3696a71 |
| SHA256 | 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a |
| SHA512 | 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_mixer.dll
| MD5 | b7b45f61e3bb00ccd4ca92b2a003e3a3 |
| SHA1 | 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc |
| SHA256 | 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095 |
| SHA512 | d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\_tcl_data\encoding\euc-cn.enc
| MD5 | c5aa0d11439e0f7682dae39445f5dab4 |
| SHA1 | 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c |
| SHA256 | 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00 |
| SHA512 | eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\libopus-0.dll
| MD5 | 3fb9d9e8daa2326aad43a5fc5ddab689 |
| SHA1 | 55523c665414233863356d14452146a760747165 |
| SHA256 | fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491 |
| SHA512 | f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\libpng16-16.dll
| MD5 | 55009dd953f500022c102cfb3f6a8a6c |
| SHA1 | 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb |
| SHA256 | 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2 |
| SHA512 | 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI54602\pygame\zlib1.dll
| MD5 | ee06185c239216ad4c70f74e7c011aa6 |
| SHA1 | 40e66b92ff38c9b1216511d5b1119fe9da6c2703 |
| SHA256 | 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466 |
| SHA512 | baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7bb39b89ffee9b607985b002c4b6b393 |
| SHA1 | 68352f6fcc28edc20581e3cb5c4617891d2be5bb |
| SHA256 | 0972351fcc3624daf654a52ba8aea7c13cb305a57320f86e96fc3a99dfc1375f |
| SHA512 | 2411c33c6b6e3f1876423a3fe0c0efd378293aee9d843ffaeac975cb777e6d557bfc1cb707f5c613f10761027594f8031bd96d4b1d91c51fab96d13e844dab6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 422d3b60235816156e0b48d3cc8136e1 |
| SHA1 | 79108cd456fc6fcc38a67d8570d46544d0ce4973 |
| SHA256 | 351c563b0edc0cb9332d48baaa9223d196aea5e41be0d7952a7f91d127417bc3 |
| SHA512 | 1b5a356d79a14d732c43c4bfd004a445d51d8a9015702476a1b3a95d3042b1bf46e3e818f44e50aa8315496084a5bad087670482f6ceb977a9ea75740171ac4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt
| MD5 | 3899cd46c939abe03226209960bbfbcb |
| SHA1 | 4f7ea0626d22b87057d6aea6ff9045289b31da58 |
| SHA256 | 3e7e06440c99ed527fcb7f6df05b2c6e0ddb8d02e6305f851c0984693d792ada |
| SHA512 | f12ff2bbd624edbca50167873f3dcc90139eb6fb6f7dd48f4a732e3542a4ad650a157d462841747f72eaae15cdbb49752ec65c46d27901dc0bb75cc21b3a3d7c |