Malware Analysis Report

2024-11-13 16:19

Sample ID 240824-ssrw6awfke
Target EZLinkvertiseBypasser.exe
SHA256 4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4c7575f1dd1fffb58930a6ba3bf1be00db939220483aa671a5441d3421c7469f

Threat Level: Shows suspicious behavior

The file EZLinkvertiseBypasser.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Obfuscated with Agile.Net obfuscator

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 15:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 15:23

Reported

2024-08-24 15:54

Platform

win11-20240802-en

Max time kernel

1507s

Max time network

1790s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EZLinkvertiseBypasser.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\EZLinkvertiseBypasser.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689867890056353" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3724 wrote to memory of 3764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 3764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2492 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2492 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 5700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3724 wrote to memory of 4880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\EZLinkvertiseBypasser.exe

"C:\Users\Admin\AppData\Local\Temp\EZLinkvertiseBypasser.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4944 -ip 4944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 1424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4944 -ip 4944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 1424

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff24b9cc40,0x7fff24b9cc4c,0x7fff24b9cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff24b9cc40,0x7fff24b9cc4c,0x7fff24b9cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1784 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5092,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5104,i,7372201940271546724,1809596594040351553,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1860 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd8e6718-4269-4a62-aa30-ad8dda48d233} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2320 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c088885e-e1fa-44d3-af01-cba0bd04e702} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 3100 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70cb7131-0fbb-4d87-8c95-740f7586c846} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3300 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c2e69d2-dca3-4d29-accd-be2ae75ba154} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4860 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7c49435-9628-4365-8856-faebcee95bdb} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5348 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7422e2-fde5-41a2-a4ec-48c47a34f697} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8779c7-2e61-4145-9fac-7b4d173a4e09} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dd1e49b-8cab-49c9-be29-80d5a807a61a} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -parentBuildID 20240401114208 -prefsHandle 1468 -prefMapHandle 6072 -prefsLen 29064 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8137705-84c6-4bd0-806d-1b4180723862} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6084 -prefMapHandle 6080 -prefsLen 29064 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {260d9889-a7b4-4a45-a3bf-24e9b81b3985} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6488 -childID 6 -isForBrowser -prefsHandle 6456 -prefMapHandle 6480 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e208fe09-ed7c-4030-b271-69b48f97aee6} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 7 -isForBrowser -prefsHandle 5424 -prefMapHandle 5412 -prefsLen 27068 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ccbe9a2-6153-43a8-859c-a8365d3ef9dd} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -childID 8 -isForBrowser -prefsHandle 4788 -prefMapHandle 4800 -prefsLen 27307 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38836745-b64b-4509-8234-309de24a7ef4} 5968 "\\.\pipe\gecko-crash-server-pipe.5968" tab

Network

Country Destination Domain Proto
GB 2.18.66.67:443 tcp
GB 2.18.66.67:443 tcp
US 20.189.173.12:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
GB 2.17.209.133:443 r.bing.com tcp
US 8.8.8.8:53 t-s2-ring.msedge.net udp
US 52.108.9.254:443 wac-ring.msedge.net tcp
US 13.107.234.254:443 t-s2-ring.msedge.net tcp
GB 79.133.176.223:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 223.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
FR 172.217.18.206:443 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
FR 142.250.201.170:443 content-autofill.googleapis.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
FR 142.250.179.68:443 www.google.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 127.0.0.1:51333 tcp
N/A 127.0.0.1:51340 tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 139.54.240.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 glb-db52c2cf8be544.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 216.58.214.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
FR 216.58.214.174:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4944-0-0x00000000748CE000-0x00000000748CF000-memory.dmp

memory/4944-1-0x0000000000E00000-0x00000000015B2000-memory.dmp

memory/4944-2-0x0000000006770000-0x0000000006D16000-memory.dmp

memory/4944-3-0x00000000060E0000-0x0000000006172000-memory.dmp

memory/4944-4-0x00000000748C0000-0x0000000075071000-memory.dmp

memory/4944-5-0x0000000006070000-0x000000000607A000-memory.dmp

memory/4944-6-0x0000000006080000-0x00000000060A0000-memory.dmp

memory/4944-8-0x00000000060D0000-0x00000000060DE000-memory.dmp

memory/4944-7-0x00000000060B0000-0x00000000060D0000-memory.dmp

memory/4944-9-0x0000000008F80000-0x0000000009644000-memory.dmp

memory/4944-10-0x0000000009640000-0x0000000009AF0000-memory.dmp

memory/4944-11-0x0000000006620000-0x0000000006664000-memory.dmp

memory/4944-12-0x0000000009AF0000-0x0000000009C32000-memory.dmp

memory/4944-13-0x000000000B050000-0x000000000B136000-memory.dmp

memory/4944-14-0x00000000748C0000-0x0000000075071000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 75bbfba3c4597dc9b140d9908f9bcb04
SHA1 58aecb6e58ad985e77927c0174aa5543eb0184a2
SHA256 5221e57ee588510b40948ee4ced949d7775caf8ff19db1e5492567cb6ccfce19
SHA512 48f17a2268c02f25540a0038baa1d73733df018e1f5cf709227c9ca80be16dad24563ad7cd8b02b87189fb3df1d0b15d6f7ca8aa66d39a4643bfd91cfc2fe5a4

\??\pipe\crashpad_3724_BSJLMBMFSFYMDEWN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 52cc50c9178dfe678d7a060c3ba768b3
SHA1 702b7998f423be7d4c067d736f74a4edd8bfa901
SHA256 2516d09628a3564e0a3bd6ddf3306006930980556300528f50acfb8a8dc9b7eb
SHA512 2b2696fefdb5aee8ccd4037a5c5e35e7d3f82ac995228ec4ebbc3d51c342c45bf7883dd0a67adcad334e7261efc980c474c1c3fe2a6f287214cf75551096d6b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 71e84aa07ef4daf5f3dd8c8d38ed4659
SHA1 e9c5b32226b2cf5eab629c3197b1452a880de39d
SHA256 007fdcca712a6a011b6454938767aeaa469c5aaddf1fff70484dbff7b6290a5f
SHA512 8bfe1ff9e3a1142f913b2d3b858c30bc72c27cae91c0a3e359ab525f47325028cbd25df8fd3633b9bf0c52cc3ff3ca5dc7077bc5390b569f0a2aabfb0f300daa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20e0e2ede16ac18b340ad7520213906b
SHA1 4df1d44fe56a7222bf9ff9d65d2a06d67d04cb25
SHA256 053437c2a4685a16d126a7dee212ef743424d601dec99fa56d7f3cf9fb7d38b9
SHA512 b6d00cbe7fd63526c9ef159a14e304f6d3e28a2e312a244de1e4d900315d6e0a43b3cf1eea3d94d78699fbafc8cbba08580eaa7faf3ced70851c21053ced2c2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffee8d59a1215570fbf7c1554916e338
SHA1 f1e17ac8e66c1a0ced67f5ee180943a6be7e1432
SHA256 5ca49619885bb106f340207a73cf5fb430b0857930eaa5b9a3d07419de23e5cc
SHA512 5e9ef52e37c5eddd1e570e6f5e8c56a84bb932e7bae4bcdeaa9b9dc8a54d5bca00871bd2bfe02149565ad5cbd1a62af064eead1af610a609cd3f2c267926c1e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f83482624df1a32ee00a3be0452f23a7
SHA1 fcd699ba7516a3e56cff36d5e42a7c3dae78bb02
SHA256 aa0680800fdd92fb981918435bb94f8ee623c30a94e2deafce9c149302fbe00c
SHA512 aecad04ec305aae64525bbb963eb2bdc59b2b2e542e169cbb92018b0cacd490567d22f55a1fb25dba88299f4f01abf2ddb58d235f7576fbd405eb9fd2e50f26d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76f66ba89fe0d246962a84cc3ce3f895
SHA1 98b0825dee8f9e064e64ef87ee3b2a27f9727025
SHA256 5cf3e2325e30dadc1f0b0ce2a03382245bc22f3f445badf46ef716d4df478fa8
SHA512 18ce798dfb6651ef0a184d2733dece87e0a5a2b18d1bad5291faa1fbfab8ca95a02a47b0f59bf00e1317dcbdac72120208d3daf08f1f490150aa1c76d1559ad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cdc2882623f2219dc441e9f520b557f5
SHA1 e04b3cd21354b08053f0686fc5aa1f73f27d16ad
SHA256 80bb0f53618b24e9d62fc69a50979ef9c37360249926a266f39523ece73c1458
SHA512 352d8fca1b51b8e05a42f02a312cd72d5673b6117ed875925cb475b552f680a2f8f7685f2df60a5d08762e6fbe3d01025f90e633ee9e7f01874fd365e6c756f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27442021487f4becd888bc93a415d551
SHA1 e0b2e234882707fc8b484ed623e74272dbebf17c
SHA256 a61c481d3bb764192b387d849cde2d972ad31e1342c0734f635aa0696470657c
SHA512 5070dd55cc56dbd9fddd43d97fe4348b6d74ed98cb0e93e3e3cf01756065eb9f7224933355fe54521a498307178bb0b8c6e5671157fce106748dae47e947a0ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3009985db678cde5fa3fac9b9ae07a6a
SHA1 2183e003a4e9a912f2e9917346eebe0028cdc08b
SHA256 173c5af2c525a451b48b1603e860993deb19bfbca5388318633082f23535be64
SHA512 82595c216b20ce225e9fe8f4b3266bc800d3b86b10bc9c54e780494f0495388c009d58db76e2b8412e0a9ca1dd8ed94d82f15f6151a5791d83ee9490c0bdd3a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1447df9386d410244353b49337eeb93d
SHA1 d46b6b843669c34484be460449e64dcb832ac352
SHA256 185f698197fd3de130113ef5810c43bd486a8127e36c1966a897da75be4131db
SHA512 d1307dd95500659e90699a49d7da02bd2202f6c4349a2866212cd4d9607700c57b416b514f7249a73e96fd73d69f3e1da3c9ca9c72df923cd07f58613d8c2b0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 260d763ba6264b6a3c9f8bb345c541e2
SHA1 2b4e4fb44c48007a11b5b7d417014e2a4e17b47c
SHA256 fb6ef3970664ea95b1f34e1d09d4d9603694628081df08cec95e3d4bf6aeaa7e
SHA512 641c262779abd1255e83467f44efb34fef838fbe4fccd5f9d2945b6afae9dd6e7cb633fe7d8c0c8bf06cc2958434596dfc04e5257ad32d7a60bbe6d292e108b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 76b2ed5397beca24d334d455860e307d
SHA1 635125f8748879de4ea324a59bb9273ce75c78af
SHA256 ee359f8eef19801fbd74f5f4813cf736d22fdc2101653d6866f03513af056190
SHA512 f4ef0bf05bb1fad956544d2d9552ed103817017a5c733ad9c5b02aa7e3f69bd2e1c9ac90ca6918f7fba40cc313fa0e668e1123600d88b1ce757793eeb145073f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3733b4b69fb9de0cc15eeac6d6c43405
SHA1 c606a9b612faddacf0ed966b7faf1a321c79c2a4
SHA256 6a7eadc8a0acfd36663a4200ded97a610ec571dfcae343e532a16c553fde3e0c
SHA512 2a6c7737bece70b63b8f11e0c45817cea1e357a1202c66b0bbe9a91ea5c8f77b519e478627d0b995587e22d879e29de8c38a45c722837ed2f05a410800fffabc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bb501664-26d9-4bcf-ac3b-e2542a67badd.tmp

MD5 7b5cc261be79c0aab7e7951aec8cda13
SHA1 7cd7adf87b9094cbf86d2ee3575c486f319f9804
SHA256 94e0ab4975d4790e042e9b59b2247aa6421e3580cafa78cf5bca420ffb0149a6
SHA512 2ec362d5c004dcc29517e9918d6a8c758a0e9bab46e4781b3379d6b4e3b6f0841092b46db23a735463567b81d4a35cbfda8a01a1bd63da4605ea818d48fd605e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c448f710d91106040533d9ac30171042
SHA1 abad44aa663d20a2674f056041218dcf565bb849
SHA256 d38ad52b4ec894fa4bb4d422c89efe698c02e0a589953ae713fb47d3a3743734
SHA512 4ec7bfaf3515e395f0b34d94c5e2b23781390a18bdee4e54b1de1d86d2856b97ffdebe6523968f0565c0cf4ef343039a0b945396ca3de911d1e9aafc91c2cfbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3581896563a4bf629279e904e3734e91
SHA1 8e7b627ad904577929b3145ac2ad3f53ea97455d
SHA256 e0e80be995a177797beed631724c0af60eacf04d062859ce43a7bf3f72aaa9fd
SHA512 148f9a75c2c03754f2c47b660a98a374e506fdcaa5b00ac65b7009091e85f8e257a7d8d61b4004ffb00ca08c5663699c999bdbb6a8b8fdc72cf3a30ed39f6402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 297e509d3b01616835c7542dde7ec3fd
SHA1 a2571be8ef4af154b08bb5fcb199857dab2122a6
SHA256 521f0919c3b692f40de3abe672b8d6459e3a46cd0abe98ff30d33393293a9e42
SHA512 44ef9e64ae0aa94bbbcd0e5431bcb58973f59472c0464ca1c8057eda0eb3361a3eb83ff05563dc0025706dd40611ffa0c27e3add1288bc130544f7837deea55b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c9a9756e82cbb1029d1cf247a575bf0
SHA1 46b249ea53cb189e98fbcda158f7c956cc5dc49a
SHA256 b6287e4dc6ac57eb6c26edebfdc45b9f5351967ea30c60ad6d4240f4580ae2a4
SHA512 57b6701e91c48cce6a4c08b6fb52abfed1c2d7ba5e37ddfeba49b6f7a5086f1ee9f8f381abb8d6e0bef979a01d8b799c0610756b1cf396e42081f747f73729c8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 246e5161d1feeddb1a20ce48189b019b
SHA1 dde0815084b2e8536d72a3791a3b1509f3166fdd
SHA256 9cbd1639b239d79bb966bdafa9c8ee1ef79133156fa976106380dafc23b74c6d
SHA512 8f18a4115d84a07cc1d85bddef4f639de88cde154508c74f98ebbc3fcbe9f66aa98071f487f2b68691271c82d58f3b51a64d0e432bbad4e44e667f850b8f10d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 955ddd4562318e43bc86ca9c683882e7
SHA1 fcabc546414ab24aeb7b00cc26929460adef5b80
SHA256 1a654ec701d1920046c1aed2480a2310f4e58ee969a59d130454bcc60ccd906a
SHA512 ca90b215e4ddbdedb25ed4d07661f5e91035589dc13ab089be2683a507aafb0dc72a30b021c8c96dd9f623388848cfcb156b77c8ed3d5241ff89b17691c4de80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 252b5d28cf02b2959068c13766df65b7
SHA1 86fcf0d6ac0ca240989c525d580d500b5cdc621a
SHA256 8cd4dc4b17d9266e3cbad4937e09586d4165d4088ade3d762d94437fc4a62db9
SHA512 4f83105c593c308278d8273ca93771d784214c15d0f8cd7e1369292ec73469ddb914e26fc960a6c61a59d8201ce5957690536aaff5c3e087727ddfb1dc2eae87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c00d770db1f17e5da566323e3b6c5b4e
SHA1 52eb531abafc0c8648b087102ba44ea54cc9a5f6
SHA256 34ca5c3a5c2e3fa9f12261d65296f9e40ad8a6d3c1ceefe1fc39d7a11307680c
SHA512 70958182e8b12b2ae473c9eaca7a899a7607920cd2ed03df68e1e5643e301e7d2e72c464ef98fa53255571fb0bd1c5f1a5e9657854ebc8f88d2aad3a4cfa61b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 504e376f5ad7199756dbeb3c9233c9d4
SHA1 71671b68b98177a5f35a6be47429885a67b65786
SHA256 8d95634dd8c99131923fb469f33102d6002afa69efc5c25ad9a5713c6ce43674
SHA512 aa608d127a97b51486fd51cdb675e79267a7434e143337ed83230a0e1d511e021493c0f4abf9a18b288dddd7f66943366ebc2ee0f7bd80743ba59a2f577fad80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 05d79e1a18cba92375e255dce2cbb16c
SHA1 2be53c68abc2bbdbcbe204c06718956da589478e
SHA256 128fc5df991989c6651c12ce47749727c175af4feb8cca16bad805379ad95658
SHA512 3046d494b0e404eab0fbd1daf68510913973b5fc94784f28dddb1efb7158122c842709772d59b28f389f2bd1f0acf06f3b0022c1db96c588b7f1d592fd617127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c106b11ca373d29857c763c72366816
SHA1 dcb9356381a31720d12e88b050a32ded497c5a22
SHA256 567871ec150b335c20bf7d9f12594971f460418d8a35c349a3aaf39dfa421b3d
SHA512 4d95cde524e9fb9751a11061e1e6c624da9c02ceeaee062272c40c79eb4dab49b7bb79134286db35dc6cc3797afcc0323e5b057b7f6de02a5b4390d90eaac2c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c99a645fe5798ed53bafe98e661e53d6
SHA1 312216613e3e539646d409925d29d706cffee62e
SHA256 ef4568b2aa3dcbcac8257e9819b91fa466aa30c92cca8e3220d09f32f17ee143
SHA512 ce8517503cf7f1f831f86749800c956999841a2037f7af50e83b756b59f524ecc2509e7d37bca42cde1e5b9853fb2cf11ef53caf5d82a00157e74680e28aa2f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99efbdc788000b344e148f7a45b14c25
SHA1 c100a53ba905fe40966ce38e59096aaa7e96cc61
SHA256 a81670d42efe77c6de48a2fa11b74633bb7a6bd3aa584a0e18fbd67b9729ce0b
SHA512 8af71cc6b4687db367670449a9886f27d963606306d14ad1cc8c266bf4b810f2971e581142eb84de4078a3e340c238719924925f5cd10a22cb8008ebdbdf4b04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79ef5d81e2745e2c94106f8f622f6588
SHA1 4b4991ba4a763a9ab6cc03f91354affb0f97515c
SHA256 0b9c9905a7784116e7c27ac0276c096f90285943a59f57ef5c9f85dd8d9aad8f
SHA512 f1561bfd6c7500b390cdd55a6e960a4a49fbc7e5bd55f63700c7614516db922e4b8ef3fa79373e28b15b9eb1bc00d058a906918dfd3b80577326907f58590b44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 8debaee57d969446fcb746310df365e5
SHA1 5f7aebfc835c289a58e0d52020132689384f9c59
SHA256 0560207230b3631a3b92710f283c177d9b4e7857c90870e8edb05bf7fc1dcfd3
SHA512 9842744e270f3c1f3fd99481fd2889dec5a0b9006835f3fdfc7daba7010abc9bcea337d24878fc875f5ed9c4102fb0e6800cab1906c203e53b75323da756384d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\41139538-0edf-4879-8a75-ae47af11c70f

MD5 cedb7495461f8b3156c6819be2052a94
SHA1 dcd07fce8985bf067f91940ca943d0e7db4ac2b2
SHA256 210a311508270338776c4b3f8b45907aa298e0739041d2d048f4f9764dea1511
SHA512 116bdd43e1afadc09214c24ff8f009492e37168f52fc6da32b9e2a263341e2b31bc8206d0e7476937091f6aae3a4d760c329464d05d52122c3fb387f5bae88bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

MD5 152748a3e465dac4bcb3b1f9370a1306
SHA1 c9260261d23ad974ecf347c9d83f7188891e33cd
SHA256 6615ec14fd1781b30d5af47568d10da44bd94e1af03dfe0775b922714be22bc7
SHA512 52e0e4173a5961ea8dfb55ed47a067b1b5cb933cd0ab9e2b5b825b6c90d190cc3c490acf0e8ae98328cf99594d2d47dc00338dc3348618db18d9769fdefa5131

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\44fffdb5-3075-4a1b-be4f-f4ec7fc12fae

MD5 b7f635865686d1a3049c590acb57b347
SHA1 962c3e361d8e8027507c46ee91fd8bb271cd61ec
SHA256 1becd6c6e26126a79ed106b3900112b68955014a60a1b1072129c786da049aac
SHA512 60402a85bd158b8c75a03452bb6b39920df47840e7beb95742db8aa7a294eb5941a97ffca493caf0985f5d682d84515119e5adcc7412167a3d14f81ebd4fe5c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\3b12135f-019f-4344-91f5-0fece797425c

MD5 904085e8bcb414260c408baee7a9b6ee
SHA1 9c4b25f614f23e4f666fca2c5a43fb8f7fb4644a
SHA256 6e3cf040bb29b32a0cc812d3a15154e8fe5a8c8d4ebaecd6a01167e36a5d7c04
SHA512 c14f915a0dbbb2910cc4dcd7f12466ef75f017c67154eb5eb25d084c103d22d21d0094fe04dcfe61d5a8cb542c3bd4bb429ace36eeeb02ee4044252a66a91211

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

MD5 980a2161b02bd98020cc5e4d0c68b30b
SHA1 bed8288d71bb57e4e9c7162dedb7aea042fc537a
SHA256 e20739dcde2f47bae8355061822f07d30aee453f4f76ce22d7bac25da3702ebd
SHA512 b9546f49482015196ea2d2fac7c799c8904291298d846c483411b63fb4f1d9d6f9aa891f9a24f4173a1bbcce798809d2f4802da66268651686abf00065bc1662

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json

MD5 aa063ead55606ed92419fa54d4f74cae
SHA1 b05e0abda3e14daec26440811e29b2e2ae20eabf
SHA256 befba59fc24be94986a868200c3d1d210ecc44dc434468b3dcd0082d6ec147a3
SHA512 bfd0c08c7965e805fd3e53d6878fd89ff6b58238a8b1744917e700caa70bf7808e5002df2e6e7aefc98e3ead76ee36952ca473063d1ffb1e71f60b3cbe669b3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

MD5 c75b0e4022c8488b3ebc31f3e603cf37
SHA1 4adc86588b2be24837f27e2ce84533cf87ceccf0
SHA256 b8dde5d4cb47dfb787db6ac30621c828477c4e6907f52502bb173eb052ec0cdf
SHA512 6ab37cb74ef7c3038754221c37b292ade94486e8a7360359d645528101b70e9c7877bc62de906f9c47a08d72b6f6a2c0f06e3870f27a20ebc8fdae5b7464371c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs.js

MD5 ee605ef0272885c68d48ea3bc9cdadf9
SHA1 0e4bcced10f685fcb49b205bf4cdf239f0e94e5f
SHA256 846b05a6bf0539510ba7cceb383c3ad5e14b062688b49cf2c22e14436e90c239
SHA512 b2bb6f3cb40acd844dae4e34b6b6e388b5283b028043b0641601ec30a80362018de0245df5aa0eeb45a3b56f14d4f3b608bc13148bcbbb276ff590dd51f38c21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

MD5 78976573a8c3700c33573316e725100b
SHA1 37cf50e199872d60966847923d41edc24645b05d
SHA256 5a3efa0da7c164204ad1e92b8954fd6c1a4d8798a04e3b291481e5916b7535c9
SHA512 b8985be64618264084dc731926f55febb8a619ba6b4185dd9f407c854323e08ff1b5308fb53eb9e577ab541abc205c3a8ecdd85e76701caae9a4b2230a228962

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\83E3BDEEE2656890431C3484D2DFAC5D44936E89

MD5 2d5a32f2b52a1c06b185bdfd3e34cee8
SHA1 4cc8273b4918cc03638f543c0bf63b6d20fcfed1
SHA256 e02c9335476d7b3077a8b85c1e9dd6e7a550c570f1e104cebadebe05bfe3b220
SHA512 3f82ebe80fd155292d59706f42f92b156395aa814afd9f3329c11c5b2211a9e280530dc99edf8d1d26e1118d15950c3b1818fb98b4073ee39fdc2f0ad29f6a9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

MD5 9e7eee6aab0b3c09bd6f385789b7adf8
SHA1 69c91f8b80e37255009ad6f94566b0910279b558
SHA256 524436f241f45c5f0127fd01b20168fcbeb4cec656ef5aacfa50393a7a4af74b
SHA512 91129f1fbc81456e9a193e090ee057df489b92f63542b6c277e9033dec7be876cf6bf99450c17ea7a9484f7b0f1be9e62aeeb79b587ec9b84b945669c077d670

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

MD5 7e428dac5c00d0076e50ae3532f3146d
SHA1 f5c22aecc83366ca04a22484f5717fc7a2e79609
SHA256 073aed7bb2a05fae5fad6d2dc9750d84a3d55d78a39ca4c1a7a3151c28230585
SHA512 9c91ae9c0ed1cb59254349ffc1b26cb7a83853e2f075502e85aa8a0becd33bd9073b6fff34eb5fef12b5f9b650e35f3bfb04274a684cf38db38f621aee307f14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\A95F29A9219FEC69F50AF18906444691A39C0078

MD5 4ea613b5fa4e7838ee45fdc69d4bc2bd
SHA1 30c3f20d2a0f8fd501b58e03504a74713d45fa89
SHA256 aabc7a963ce50f5801c64bf957f0e4776e4391552b614e79263234885e1b2d43
SHA512 64a8d072612a476df790c68d923de28dd87463084a750a8f312e006128250329a80dd258f780383e64531d31b7a53da84a7a81a2eb7e1e04f5214ab557ad09de

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

MD5 d5466d9b14b265fd16cd62795d6badca
SHA1 54d68bff2ef5bceed554ef13f102f1696db700c5
SHA256 0bc302c0f15fe6abab6f45a895a4430eed9ecfe4d6857758eea010727755fb0a
SHA512 71bdf7de6a79d0fd47cd536b2b87032594a44222c72adf8191eddbebb29654243410b0881fc8e66576a4d215d55d3d05ebb5c5ea351876613d9e5c162871d10a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\doomed\12128

MD5 d94141f9d06c88ff83e7ebfb14cdc9e5
SHA1 186a017b62f0a03deb4c7eeae0385d6c339f185d
SHA256 a54a23891d167eea0c3f33ec86a0821c6c9d7d28bf18420f2a03fe9f2123492e
SHA512 ea846abb970529b5b4bad7a2835abf7755cbe80be2d9bf4ecac78d46ca6ecdd7938412d4e1d570c6cafb093514cae44cd547360b8b3cd13d58ab013e9aa48352

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\doomed\5496

MD5 20762fd7af7e1bb7366f61b914aa8e0e
SHA1 f0da833ff2a20d4bf93a0acb2c504db78f081d72
SHA256 64cf20456cfab502abdb32a004fd837d927b52220141e1dee774661bfe89b18f
SHA512 f91a999665d0e0ba9c1103299ab5180d78221df67a4083b280de590bd75f3046f628d3302b7d3594568485a7c6bc6d6cec3845c765586e346d1e7aeca92a52e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

MD5 59ecab264dc162da93444ff4b7ab1f4a
SHA1 7ab03bd705750094116427b49a99296baf952d09
SHA256 e359815ff0a8b0d5695f2d8040d20a7c23a19632a0a1af63248e4700270fde1f
SHA512 f1316e3f85375254380c5e0e909022989468def60d30ceaa0ef31d736874be45a66bff33ce1f41a6590bf36ffccbe80b79e91db874e67fba11292834aacdc0c2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

MD5 7ddddfd62219cb7e26d10101d2ca74c9
SHA1 a45c70cc29a1c152e5fa2023f02f07082a2dd6e9
SHA256 7816a1884755457d779173bc7993686fac18b8312b5225147cf65872657cf8b2
SHA512 52588e4163c4671c301dc5134594fb9bb605e27ec00de737e136e8de36be644d6a5dce9d7239e41c346d076a0e0238b3f5e45a5cd4405b273f4aa5b4ec074171

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\3499E0CDB4968FF402067428EA75B46BFF8FE5DE

MD5 4b2aba19ccce60e61d4fb1d11534804d
SHA1 6932bc5b2d9c634d9d539e07d6d91b86476005e3
SHA256 e1945c0b85b1212ed4a71ced061fc4ba48a3b7899e46fa62129e2929be5a8529
SHA512 959a1f8a55c2bc78f9fe35b5068516c9ff069dbbcad0728f52a1ee9f8a23753eeb95d9e655c83c5bd0a419f0b963d9b4e27f48028c1cae88573d6e94e5003175

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\49AF65C60E9467DC868F8EFFBC6F0E1FE2D6093D

MD5 21f3a73a16e907957c965ea9921e7464
SHA1 2aec3fb95af978094f79c78ca15bdf7d4b423f6a
SHA256 bea7bf13dfe33a4e9cee7135b85441cd0ff2c209bf0a606ef6c1fe7ba5ea8fad
SHA512 63cdee92627a82431ab0beaadc0bac5ac9b4ce759f9ca689b60aaca770b0f114c6fd1ee67c0f3c989b4504048538cb9dae6b7414981cc7f811344bdb7459895d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\AC6959268E349C7B5497A3867D6DCDC4D543431E

MD5 8be2f34fe2391bd5f409bad310daa067
SHA1 a8f27ffe379f1cdaf5af701294f30bdf9f6258fa
SHA256 51922e4d4192ca8563ebeee256f2c4851b09c531c1c47323b9f9271d97c24b59
SHA512 7d2f28b77d535f00da283b006e1711b3ac9fa581855cfd03b71a6585fa8b886b66816ba44858a561a1daec501320b711e707bcb3fa3528271630986f3108540a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

MD5 12d00a5fcb84f5b96797b96081f183ab
SHA1 bd906eef1357e482111d947b10e6d29d3a885bd9
SHA256 1f3c66d32b849b7afaf84f8ae48ed4b496e96c8e47e074924addfb1f56bf8872
SHA512 4808bfe358b0c69b6bb5095850292bbafc1dc01ce54e04db6cf867dc8811ba808a16bc493f34f3bb6ea77359cb2ff97864a318337158e1e2ecfdbda94b6951e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

MD5 d4f785e5ec3c6ae1c037bafa178c2604
SHA1 02f5e9759259e43b7f1629aaf2a73831e94cf204
SHA256 4b08e54059a1a25adbf981922768ad20656fa3d971bb90b9b3a6b3dafe09301e
SHA512 f144b4a39d44877c978ffa8c91461e3bc120484613bad462125803ddaea0d58dbbe7c73cd5bfd2b42b9f81738704c7aa9892429bb9131e16aeab9e7e1814121d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

MD5 4f077393420c6e4841fa9e06857ac794
SHA1 6e46fb50ebabf38a84b2d06bfec4624f57444a38
SHA256 2b4ad3abe7bd02ca53d66de6466f60ffc9cba8b3060ca255fc0905e7d45291c0
SHA512 03237fe7466af2dc28f52493a47e7c9da518606f2e55f8182be632b8cd30c8bb5a5ed147f6452a5d09fb507252c4b6f872cd06e2bfcebd33f8976a8e8374db06

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

MD5 359c4417b49ec82539244280ed2379e7
SHA1 9bc4d2799706bc7fc1a7e72c77ac742f7bde70f6
SHA256 226d4b360b23da2fa10ab29eb8337032ab0f9ea55ee61acb2eb13901d1208eb4
SHA512 da941bf8837a2d90e16ef29fda80a7f487d9b27b41757d8955009b1df3c1ce420697a1c68f4d93efb63782397e76d3de06d94bb10803ed31fe5f1dc12451ea75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\C88FE6FE8ED0018995E76FB6B4CAEB37655B5835

MD5 04a441df0c5097e95e0a5c7052cfb837
SHA1 c5fdca16f2c5e6920da3380a6159eda7194a91db
SHA256 a9af2b96fc39546884090eb283a19d462ef794ed4dd695107b1d8cadb6918fae
SHA512 5c82292f28c69a655f6edf5a4be129f3fb20a77d5869bc40c47618903dea2bc4bc9ee74d8107e7524830851d11958ca718c4dc9b24ce1da96af32e12ed71c069

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 d93800575fed6c8af0713428be2eb712
SHA1 24aed0bdde516ada98aec6907c2e438f22f10146
SHA256 fdd37ae9841090ca4a3df65e116071ba1e8e9e54175c75c42e92d50aa0c66ee8
SHA512 e9f81bb99f6ca7b029f0204fa5b2336b96d92dc018f91a38e23b8e8f0c5f8010f896daa8a9ce6023df5bbd7f1bee2e0ccecbc82874953aba28da69eaae78e17d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\6973955F832C3780D91B32513BB9D0AB49A2165F

MD5 fa6170cb850e806353c1989667e575ce
SHA1 c03b20edf688b939a95e1567b06a4af2295a632a
SHA256 7b15659d0c1938d8cf351cb17bc008b01ef20166248e4917e57b75fef2d1ccd3
SHA512 1e448f6fe7732e5a9e28f90f2deefb5977c60880f71aa5343b92328ff4d4aba35b0e4509b3968ab6745799a45558fefa65a531a0d83fec58fe076073501a0991

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\087F96B189611952C6B30E20692EACCCD08B35EE

MD5 c7bc26239ef8240719aab1114f90c70b
SHA1 970ff5878541049c5ed3ccdfe2250895f1da1524
SHA256 42bb785000dcf5777476df2a3bc28a14edcd3000f3fda14ef305d50d17e4f3b4
SHA512 168671f984e21d2f103cddbe74a4a3cfceb24dc32a2299c80969a9638b23641117248fff767edf5c30004aebca0835dec08b5ea2935318dbbb888747ccf56f5d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

MD5 d0ae9279b55df7248a5f39f649d74a8a
SHA1 982b137a8c0800fd039b025df7b6ddf3d0781522
SHA256 ebe4d3d98117b34b7bccbb24cf18762a37a57041f9da94526b6e6aec5e057347
SHA512 15aa4b82f9d4869307863cfbcf158df5dc15ab6d0176cb4c2f776d45abfca2f1bd38483f9b5a51f1e38004e9410ebd9ac18e91b9df0b514bbaf532f46554ca67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

MD5 a0b2ed6cd4ff96e01069f1766bf9b08e
SHA1 fc7cfb6ad35f4bcce69cb84997414b41c1a189fd
SHA256 916494153a17a4572c47bd10dcf11b2eeed0e8e018c6f62001939045ba256064
SHA512 068bfe3770e2c06ae16182821a2470c6acc486bd18d156c5654a252bf4188cc3ce093decbfb8e5d62b295b344cd7ec381f68a82be2a0b04ddf64ff9bd36cf549

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

MD5 0145d8c5bb9d59fe533930f0a873ac8e
SHA1 76cf4860cc5adae7acdf2c5a7cf08146c6841897
SHA256 3ef61605932024ab3a2b123f50d8e81b2bb8a7219bc022db9a4e61c341bbaeef
SHA512 c3d87dd9d9d347d31b1289e769ed4e9dbbefd66beb595df8f2211f762cddc0182d9e215261fdacecddcd5ca9d0b804791d42a2f7e68304a929ee045850ff2440

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

MD5 d72b84127d002dd5a2c63dfdad7552ad
SHA1 fdb9b26988806a808b6ba0a1e8fbe12e5d37632f
SHA256 50b6491efa8e8c596efa9bee1653695e13884998c312d5c58c3ddcae5dff3339
SHA512 26a123c9fec63689cfddc73c2f8fdedc6ea961cbb848e23f2d408838172d3713c8bd4942c1d2c062efc8a008c44e7c53adb7f79550f253948c9cf71344adc52a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\jumpListCache\qlLsf4CKgXOotcn4x75LR1dACEYPS3Yc7nesWdJsL08=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Q7H9G2JWZ5XFK7LVVHT2.temp

MD5 9a7600a5c56289e3dea651d6793887a9
SHA1 d805906ce694198410c0b2c432bfb33b02f25b38
SHA256 eb09469bfa0f9d43de6a798f213515c10c50e2bf1c40e5271678706783c9dcae
SHA512 93afd803c632e36c1821b23cfa3897fb015e85a4234c1a277f7c9c2611dece9c19decce2f491859afa6ab9a8e2949de32452704d566b42403a01156d4fdad7a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

MD5 13bf7fbae790acfa206abd46e9edd205
SHA1 d31c07b6acbda97488dec36aca3694a85bc940d3
SHA256 f66856dc9a94d3b3bacad4c0abcb8560a34183307d8700dc74a296884fe818d5
SHA512 0adbd76108caaed54726fead15a855719e05144f28bf95cf4ad2227b8ed36318f281bcba65cc16ab755a3aab1d2c461bb07c40df685cc6d28815892a3a1cd22e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 f10f4292328e12f5d91b71156ba55485
SHA1 4cc40b3bfb1e1bba76e85b3853be0e2fff7f6f97
SHA256 6bf2743670e94a1356243c4346bf7bcae40d65d4ddeee52fab831289ad2ac859
SHA512 6d44e8be73aa7ba95b9f0cb7f2aae419e9cf8d54146e3e471f02976ba647c2e0540b5cd8606df12ff197eea78dcfe42e4824e0eb978e80c0b6def2c46ea9f636

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

MD5 5653f024bd1a7d5a8b873b43d00a9882
SHA1 be2ba9b99b08392aef1318480fba2f5544a49ca5
SHA256 4114bfc4e70f8e77a3e07de774ac1fc11d4bd142157f4ee111543dac8f3c427e
SHA512 8db0d8ae1d323ff0d735f8fc22f9d7f7cab0df74574d3bdcf08cffd2b785c148eebc58fc21fc18875e397692bbe8afc72337f938ca8dbb39895625e7dd561f83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\bookmarkbackups\bookmarks-2024-08-24_11_ACaLimBSxuEJeCX58bU-KA==.jsonlz4

MD5 7c973b0250419434f56f17be835a0ad2
SHA1 843ab29a201110e9ae5ee538a649e4dd4133caf9
SHA256 1d060a4f63e43f8d46b7bf35fda6a3602bbb038c4ff1afdc074d662d74780431
SHA512 9939f90d091b3ffde98e4a4de7b6676d077456d2f54be990687d4d5c0751ab39967942db883f641d0c6e93fe98966efeadf518fe0f234f6a5293b7f0ae6acb9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

MD5 3363417955a0c6b90695733d07fa2636
SHA1 37174fe180fa3d1cac955d8a391b310af44bbde3
SHA256 efa5d3b5bf14ed8d67642082ca08894a51c6c0addcc2dcaa98cb2fbfa04ee437
SHA512 ad15441fd2457981135787bb9360d88babf19c193830504d63a817d484d779bd788095b331b10d68d3becedb13b980a40fb6070cee2b822635fd2f3c2ef6dd79