Malware Analysis Report

2025-01-18 04:10

Sample ID 241103-xxa7esvjfl
Target Synapse X.exe
SHA256 64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746
Tags
office04 quasar discovery persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746

Threat Level: Known bad

The file Synapse X.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar discovery persistence spyware stealer trojan

Quasar family

Quasar RAT

Quasar payload

Executes dropped EXE

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Uses Task Scheduler COM API

Enumerates system info in registry

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 19:13

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 19:13

Reported

2024-11-03 19:25

Platform

win11-20241023-en

Max time kernel

700s

Max time network

708s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "\"\"" C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "65" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751349209573697" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{25877751-2A08-4721-A723-AAEC6360F56A} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Synapse X.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3816 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\Synapse X.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3816 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\Synapse X.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3816 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Synapse X.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 3816 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Synapse X.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 2848 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2848 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2772 wrote to memory of 4832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 1280 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4832 wrote to memory of 1280 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Synapse X.exe

"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "java updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "java updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1844 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2364c7e9-626c-45d5-a62e-9a2e880d2740} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2312 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0147fa1a-8e3b-4207-90bf-459e7d706cbe} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c96133-9bff-49d9-8c4e-396ed3e7e3d1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3452 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b4270d-0d55-4eb5-bcd9-c9867047dfd4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4688 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e73e0f35-e269-4902-8d55-605cd31b39c7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c0345a7-89cc-4ed0-9b97-ce048c3be05b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 2272 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd88f1cd-9440-4f3e-8ac1-fe0d9088f66e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03079bf2-ac3c-487e-9296-0fb47a756311} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 6 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7caa5b4-ab57-418b-8f41-5b451e19cdc1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d801903-7260-4fcd-8aab-a3f3cdaa925e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 8 -isForBrowser -prefsHandle 6140 -prefMapHandle 5932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f141eac3-d328-448c-993f-4c1c37a2da41} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6344 -childID 9 -isForBrowser -prefsHandle 6352 -prefMapHandle 6356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22015f9-17b0-41df-8e8c-5044ae87dd45} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 10 -isForBrowser -prefsHandle 6240 -prefMapHandle 6328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11399da2-0edd-456a-a12c-f79b6751cbb2} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 11 -isForBrowser -prefsHandle 6736 -prefMapHandle 6740 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70793c3c-b163-4841-ba4c-c00ff57e3956} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6964 -childID 12 -isForBrowser -prefsHandle 7040 -prefMapHandle 7036 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3134e3e-ca3e-4d79-bdae-7c2497f052aa} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7156 -childID 13 -isForBrowser -prefsHandle 7164 -prefMapHandle 6952 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef094f42-a46b-4ad0-b683-21360950ad91} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7336 -childID 14 -isForBrowser -prefsHandle 7344 -prefMapHandle 7348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5200d43f-1e34-44d2-ab66-97239d6ef5fb} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7520 -childID 15 -isForBrowser -prefsHandle 7528 -prefMapHandle 7532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecad97f-9f4e-4652-be6d-f0fbe81e3c3b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7712 -childID 16 -isForBrowser -prefsHandle 7720 -prefMapHandle 7724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d48b66-376b-4da1-b82d-596b93d0d6e0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7936 -childID 17 -isForBrowser -prefsHandle 7948 -prefMapHandle 7608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba742e5b-f1a9-4d03-b23e-be299e195d88} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8096 -childID 18 -isForBrowser -prefsHandle 8104 -prefMapHandle 8108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8577ef04-f31c-49b0-84be-2fff379618d8} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8292 -childID 19 -isForBrowser -prefsHandle 8300 -prefMapHandle 8304 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d550d351-91bb-46bd-a0e7-e9aaa15b5312} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8484 -childID 20 -isForBrowser -prefsHandle 8492 -prefMapHandle 8496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a22cd74-2517-475c-a49c-cbbcd9e83ced} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8704 -childID 21 -isForBrowser -prefsHandle 8660 -prefMapHandle 8468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d2224e-c448-44c8-889b-7ce99d8b80e7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8868 -childID 22 -isForBrowser -prefsHandle 8876 -prefMapHandle 8880 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc67061-1c4c-4940-89e7-1988e2a14ae0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9084 -childID 23 -isForBrowser -prefsHandle 8676 -prefMapHandle 8852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab74e6a4-f688-420e-aca2-96232f56a317} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9184 -childID 24 -isForBrowser -prefsHandle 9192 -prefMapHandle 9196 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10c62fb3-7314-4e9f-9930-a881ea9aec10} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9468 -childID 25 -isForBrowser -prefsHandle 9388 -prefMapHandle 9392 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a297b7-5556-4551-b4cb-3da363798413} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9660 -childID 26 -isForBrowser -prefsHandle 9580 -prefMapHandle 9584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70d5ac9-5979-413a-8245-385909be497a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9884 -childID 27 -isForBrowser -prefsHandle 9788 -prefMapHandle 9792 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9be1e4f3-3ed1-43b1-9e7f-31b2eaaa8227} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10100 -childID 28 -isForBrowser -prefsHandle 10024 -prefMapHandle 10028 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b583fb-905d-4889-913b-95f68582d76c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10120 -childID 29 -isForBrowser -prefsHandle 10112 -prefMapHandle 10108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a35612-628a-4018-b2e4-fe9b5a57c218} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10252 -childID 30 -isForBrowser -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {662e2dda-dbe3-473d-ba6b-2d97384e3d3d} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10472 -childID 31 -isForBrowser -prefsHandle 10480 -prefMapHandle 10484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9e91503-3391-496d-8a97-15a6055b1cb5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10656 -childID 32 -isForBrowser -prefsHandle 10664 -prefMapHandle 10668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b48588a3-db2e-454e-ac34-408afc50134e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10888 -childID 33 -isForBrowser -prefsHandle 10896 -prefMapHandle 10900 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ae7094-ae4c-4771-b3dc-a6f44c080010} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11168 -childID 34 -isForBrowser -prefsHandle 11088 -prefMapHandle 11092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c66f0c-a6e0-4ba4-9b30-1c01938348e1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11276 -childID 35 -isForBrowser -prefsHandle 11284 -prefMapHandle 11288 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {969f0706-438f-4651-9fbb-42e9281f6f54} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11480 -childID 36 -isForBrowser -prefsHandle 11560 -prefMapHandle 11556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {026e0356-9fa6-437d-ab73-1d357ad64aba} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11692 -childID 37 -isForBrowser -prefsHandle 11464 -prefMapHandle 11456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46c9512b-7f15-4103-beb4-22a6ae2aeb4e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11960 -childID 38 -isForBrowser -prefsHandle 11880 -prefMapHandle 11884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ef24052-1829-4eda-aa46-60c7bde474c4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11692 -childID 39 -isForBrowser -prefsHandle 11976 -prefMapHandle 12076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cbe4120-5426-41d2-8540-2625d535aedb} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12276 -childID 40 -isForBrowser -prefsHandle 12284 -prefMapHandle 12292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47af189a-b309-4f1b-99cc-c8a759b4bc1e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12472 -childID 41 -isForBrowser -prefsHandle 12480 -prefMapHandle 12484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb3e0a16-97d3-4d15-a674-d07169ae90e6} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12672 -childID 42 -isForBrowser -prefsHandle 12464 -prefMapHandle 12680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47c3802d-c3b7-459d-9073-bc06a7ce4fff} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12856 -childID 43 -isForBrowser -prefsHandle 12864 -prefMapHandle 12868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbac146-c978-43a6-a064-5c787bf2177c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13032 -childID 44 -isForBrowser -prefsHandle 13044 -prefMapHandle 12988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5c541c4-20bf-49ab-90ac-dfa13d435913} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 45 -isForBrowser -prefsHandle 13124 -prefMapHandle 13128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45be2b88-73b4-4a4a-8c83-f1b62972bc2f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13268 -childID 46 -isForBrowser -prefsHandle 5948 -prefMapHandle 13108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8433352f-a350-4b9d-8cda-3bc27847edfe} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 47 -isForBrowser -prefsHandle 13316 -prefMapHandle 13320 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {087084e3-8f85-46da-8510-2646dea5e534} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13500 -childID 48 -isForBrowser -prefsHandle 13508 -prefMapHandle 13512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988209f5-b1cc-4e88-8069-5816a6a9ef0f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13492 -childID 49 -isForBrowser -prefsHandle 13648 -prefMapHandle 13644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {763656ac-ca03-46a9-a8b9-a15794360786} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9388 -childID 50 -isForBrowser -prefsHandle 9648 -prefMapHandle 9652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e5a36b-713e-4918-99fe-00ef4d801394} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9400 -childID 51 -isForBrowser -prefsHandle 9636 -prefMapHandle 9640 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a21ded-4cad-4136-a798-0bd3a54dad7b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13912 -childID 52 -isForBrowser -prefsHandle 9620 -prefMapHandle 9624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82714816-0137-4aa7-9433-74e6d221badd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13712 -childID 53 -isForBrowser -prefsHandle 9608 -prefMapHandle 9612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e025da3-2c84-4323-8a77-bbe0348ea42f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14052 -childID 54 -isForBrowser -prefsHandle 9192 -prefMapHandle 9168 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a418e8-f657-457d-a884-3f5b3135eff9} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9148 -childID 55 -isForBrowser -prefsHandle 9152 -prefMapHandle 9092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57e53cf4-f23e-4011-9f4a-0c3bc7d4ab68} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14408 -childID 56 -isForBrowser -prefsHandle 14420 -prefMapHandle 14364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15b98b22-4ca0-408d-b09a-3b40a0764224} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14384 -childID 57 -isForBrowser -prefsHandle 14376 -prefMapHandle 14368 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {069275c2-3995-4ca6-beff-350fe8acb2bd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2838cc40,0x7ffa2838cc4c,0x7ffa2838cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4556 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3448,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4948 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4916,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3440 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4480,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5260,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5384,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5548,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=872,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=1112,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Windows\SYSTEM32\cmd.exe

"cmd" /K CHCP 437

C:\Windows\system32\chcp.com

CHCP 437

C:\Windows\system32\whoami.exe

whoami

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" /s /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39c8055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 Inversin-43597.portmap.host udp
DE 193.161.193.99:43597 Inversin-43597.portmap.host tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
N/A 127.0.0.1:49801 tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
N/A 127.0.0.1:49809 tcp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
DE 128.116.44.4:443 locale.roblox.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
DE 128.116.44.4:443 locale.roblox.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 2.18.190.145:443 apis.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
NL 18.239.50.13:443 arkoselabs.roblox.com tcp
NL 18.239.50.13:443 arkoselabs.roblox.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 142.250.178.14:443 chrome.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 142.250.178.14:443 chrome.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 google.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 142.250.190.35:443 id.google.com tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.190.250.142.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 66.254.114.41:443 www.pornhub.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.14:443 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp

Files

memory/3816-0-0x00007FFA306C3000-0x00007FFA306C5000-memory.dmp

memory/3816-1-0x00000000002E0000-0x0000000000604000-memory.dmp

memory/3816-2-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 e78c57ec9112a2860d4c07e1535452c6
SHA1 cfb8f58daaa9ae932b2e55c04eb887210cbf0a41
SHA256 64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746
SHA512 50597692c65f476d3f96d43fc97813c2747cacccd542eaf82cb736827ba02fb291e905b9a7410f891eee394f2252f37aceaf26fbc8dcef0ebdd21fbe37fcaf93

memory/3816-8-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

memory/2848-9-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

memory/2848-10-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

memory/2848-11-0x000000001BC70000-0x000000001BCC0000-memory.dmp

memory/2848-12-0x000000001BD80000-0x000000001BE32000-memory.dmp

memory/2848-15-0x000000001BCE0000-0x000000001BCF2000-memory.dmp

memory/2848-16-0x000000001BD40000-0x000000001BD7C000-memory.dmp

memory/2848-17-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

memory/2848-18-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\ff54bb88-4719-4b95-a1e1-83d5ff16f1b8

MD5 8df8c5bae1fd5cb6f81f5c6b0359ab62
SHA1 c5ba97514873ff7487663bd90fd682ff129fe924
SHA256 3a2766cf4768248e7b1c2a93cc17972a0b64c0f9b79226e137495b47dadf5f0e
SHA512 23ffbebc3850e813390e9db4d4a9371bc79fac9215f830dbe78eddff9d098b0eb0a3185ed05305472c1a53691f85004db8dbf43adcb6a8b8213ecbd9ea2ab0d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\50fd6d61-f739-4e9a-983a-2fd0ee4cacb9

MD5 6f513f86c529c407a3ce85b3d2db4a2d
SHA1 97007d6a8b01e5bb5d28837f5c948d578fa51336
SHA256 92cb961554451d788e665cc3b42a9be42f06f9701e27a40d8c9f413cf51c6078
SHA512 fc58d734deed37ad9a05d531c3344b0feda5bf8ad71021a87314911bf0a2af07104c7889477b660fcb27601df7781fdd30f141f12e87da443250dbaabb996f7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\3b23a554-ed36-4039-a6c5-d752adb706b3

MD5 e3b3828c1789e40815af7e3852259b74
SHA1 063c514d81776bf21599c454394e52855b0108e4
SHA256 f1cc1afc562675e3e46cdef5d9025f4af3f40ec41cf78907d9368f6c3bd54911
SHA512 72216419f1785f5d50b2523c14387810353844916b2c50811d423a6be13654fb289c053b5f1bd2b010acef76f3be7edf1de05da8baebb9d1c476d48864c26167

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

MD5 e82ff79590c91372dcfbd2be7a7e47da
SHA1 f1562d95f75cddfb3025b2216e661c90c5aee92b
SHA256 166e3d96c9b00918fd554d6ee3375cdd8d10aec91f61dcb23d027f75a2cf7f60
SHA512 1fd74c1a4bf6d5d4810adf55a76dabdb1f0190d43c519051f8eaf69c1161cb6769bf8c8ddf85e7636c8eb65c2350b0166e46fceb7648f33d54021a13a9bc5015

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js

MD5 2b7e6a062bb0609bb4cfaa616bde2e8e
SHA1 ec9b6c7299e84db5a2cd7dab3ad1137f7bae6880
SHA256 80576d39c97da72a8667b50fc23d721aa634f8d58725914c21c845db2a575d27
SHA512 7f15e7cb8bbd615fe47a535338c181a9b7615a7e9941690477635db90b89e4b107032b77cf6379ab2c4f46092153011251a71c74649dd11c3e0fe8ab29cb723c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

MD5 138340034f542b112e289767d0d7c3b8
SHA1 a35b926b44363c247b1cfcbe5374b2578e98ab0e
SHA256 006ff2fbcd9dd3e6f620414422431adda61364ac8039d5f25180b8cde0052007
SHA512 fb74e5d18d03aee36df094beda9dba27db9992964b3158ab5c3b4f8a31cf21fa256296c0c8e43ee00e96620ed3843a4d28de314f5822f760c50b93c92357de33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json

MD5 8f83761496a7e88a789a82f9cd6a829e
SHA1 3ba63fc295036d822b25d4ece5c0d1495f557a24
SHA256 e45bce59f7212541cd8499afb1db838590fac19ab96dd1a04a9b611a805005dc
SHA512 06a47761a62b7e753b5a82506f46ce418c998873f0f485c4273ee15822328c806303923122edc55c2dfd50a2edf9a5069d9197a6da9977e444337b9e45bfa157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js

MD5 ba10b83389ecf9ba8e5c07282b2cf675
SHA1 4b78d6cae4fd452ad0786b6ed3fd6c94c578985f
SHA256 45b1d0de534dc879ac49ea819a6b30614302f03f9a153f96dbbe048de1239718
SHA512 d53cf72332b81475e0457a75fc41ff96486158e0c90fba49c901a8666ad53ceb870827f4fa93298ca314374ff96c3e08e673c2766bd8210f4272fe222f22cd64

\??\pipe\crashpad_6836_AGYVLMJFSEOSVYRF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df944248269316c33de04ee0328c4987
SHA1 58e2c01374b50b7d8b687531065336a211e1e56b
SHA256 d6c56a0a3b5631b092882a0efd716323cb1e37aba9ca98d19811effad6e8129d
SHA512 239196492ab5030703f2152f94edb31b096481b212818882e66b001ce9f89ced242ee1333cb8b34f389d8f3a98e283786f0c68c20812401e8f296089c16d2279

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b72b0d7deb8fe1f56e00bfa4a55a83e2
SHA1 05d2e215c41a80b61858488737a084c87b093d5d
SHA256 00f8b4e0e629edc6bc1015b76205ea0dc500fb0f44047e3a0de003216472faf5
SHA512 de786bf2d4575dc80b153c96895934f0149aa454634012a10eaaa8ceb8c6c20c2637de0502e6273795362c3d4bf2f60b1e6e099cb1169f11b32f0d3f80587711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 f89c837da316c77b26d302792891d605
SHA1 d8603ef396586b9b10ca07e4980423491bb34928
SHA256 5c0374b25fb23793115f3915628661690f5099b9b830f171893d7ab3e7eb7b3e
SHA512 64e37bc07f702d9e905fae153a19c51fccd15853394bd165bbdfe69bc803aca77b15cc58d86d1459d75e5e103ee7f615038249589466fde6328bd4d233b2da64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 90b89d51302eaa1b90d86b6e0f2e9fe2
SHA1 adc149953f018f62f409471f80afeb7e9b9de7f8
SHA256 b5c406fece3a31e7baf89c008f2a9d054c8d281ca800181081202aff728c5d2d
SHA512 abadac4d7be9e7e2326866ff5379f6b4306ce7f713053bd2cc50c01d04d551010b6e956fa0c9cdcbc97c76178b52239ab6f7c38dbab15d6de45aaf057d2fcbe7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 788ba5785137233228ec6a0db47f162b
SHA1 b066cec3e605f2d57a27934553f0f2898699d5d7
SHA256 fa768e11415b6fe402eb05fa24a27f44aacdc636be7129cb076a8ae0dd203bf8
SHA512 7c36065b3de3b52ea3619a97087312c57ee00478e9ba2067690bfa8ad4c2512d1f9c75f1f73b85aae3e4926ca4d4c3a4015d4fe216eaaf534295bb765d89d3ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 762e5512d2ff43896ae4302528965aeb
SHA1 fbb4567965cb4dbbc1990c63f949f233f337ab73
SHA256 09f0a78a6cc14fba8bde9c3d487999e63b7152781ff17e3bde4312cf6edc222f
SHA512 83996bb974c1b43b76e0ae46a8fe2752ecd69f3a73eb7dec5c5537c5c63d919fd07fa7dce57ee16879ec3d6b69dc3bbbfb769f03b6b7240b10261efae3a183bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4f663d8ebb214fc3ab5130eb6f263374
SHA1 debb02a0a85f0b369ae582bd73b34cbc11da45bc
SHA256 7e1c211c135fc1be1e60ab9ee6eb2a228fdedc937be67226b9964ec92ae5fe2e
SHA512 d3646221506b0345070d6deec23323e350c35383508689a51814c94ad849c4a257281c37d8d1e6964df123374ce8f2d11ff9cf7a4328c3e1da4febd093115a4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78f9a7ddf4df43427d986fb19c2e471e
SHA1 c2b90c8c6e85d163e2f8a7e016f13c38c7320e91
SHA256 3de64de158d96682e258dc2fcec946f3c2c5a443a12fdbbbd51d0d188b5a38e2
SHA512 511b5817d098ccefdb826201ee0939ac755b0bad2f75fdbb856b95ddcdaf4d71914b519399d4972bedccb7ce890cee2f8e3dbe2b0247ebe03098e3537d322404

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5bccc583340b2226727a87fc8c214e28
SHA1 c2d7ea3a1b16cf2d62b5b36b6d563417743d7857
SHA256 2127010747fdbacebd6242e4addb6424bfb00e271aa4406b066e389549a04816
SHA512 54c398699999941488b0e46631c35186f88f11c7089135d79ab8a4a6387b654ab2e68065e8e62987631ed767347e1c22f74a9c4de83c3f82e72a6c041b023e3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\99925c4c-9ad6-41ac-9744-45a96cba58a2.tmp

MD5 2cb2857d53619903c109a75b36452feb
SHA1 211d213820f0740248a85fd2f899498be03cc931
SHA256 9e12a750726fb05cb0a80eff783acef893f86bca5ed2efaccb6544ebf7f34261
SHA512 6cd8dfbee92f11e523ecd45f68129b201ae84173af0c05e2db2f24172c5bc9bc09408b41d68b1670c5bf6a354e0b078e76e25cbcfa0e6bdc25c8f9923b66bb21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d71ca7ff378fd5a49bfb32ca5c9b0eba
SHA1 633c1e7d2652d46b400e855b66cf9d498ab536cb
SHA256 6b067b0bc0c2b486fcec5adbde07a10d67aa6f437c539a1221fc51e46f7d84c6
SHA512 dcfa23b4059bd5b6578a59fb29f37059b5bc0cf286f354b42cffe3f648c9027fa0788f9ec404422428424b3bf822bf5de195842b2d6193132d9c46d8c95ed28d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0307107f8b91d09c83f315fbe5ed7cd9
SHA1 626c262abd5b9e21edc156e9cecfe3cf9b599b1f
SHA256 fe0cf3298cefb08a52a2b9c2ef5b1edee30439228a69eafd32268ca857f792b1
SHA512 cc66394897fa37b902aa9b584e732ac082179de0652833bd4ece69184eb57339b767b9053f09734db4305c5a02ec6f27c2131cfde7ea6c013e03a82531b070e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 607cd74b4de9088b2e411681d5a13145
SHA1 5a0b53430ce6f7a7b91192c00248b9995c03d42b
SHA256 2568547ef9d29f94924d3d6cabd3674a5ee4690679083cdf5a09d295b0e265a3
SHA512 9a8feb22dcc0551c3fe7570927ffea897749a5d42b61767f7385036b283da3e30c3e845d65a029c7ac7e34865c5941011c9c2bdc3054bfe0c01a4584af2eb274

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 873fa14f45b1654128876ecbf42d20bc
SHA1 da2b38b6ae58c32d495cea412f95ccbdecba0136
SHA256 8863f7a5272cbe43ad345da4756671b515f5614a2c342743f5415df9d91f697e
SHA512 954f1e02f24b19a15614109df7d2aab0e0575f405b1d4dcd44feb42fd47fa921d29dd3bc3a62ebace4b3371b128012d22c345ff133ad680796c25c8e654d2116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 469330eda98761de8d1bd4864eefd203
SHA1 ac92baff87cd52487f8ca118a7501676e35bfcd3
SHA256 b83a5cb20fc39daf3c8e8587a314aa057696ff71de987476e5cf6eb5e92dbf8d
SHA512 ef0779c6c82e8982731738877960ac1bcc3fafbcefefb8ecb191588ea3b3f6a38cef31feabfdfbacfd4803094d0c83dcd48ff9f28b971b529d4e6663665a252e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a5367d08d2538b218feeb15d49b5166
SHA1 2cfcc90a6fdc400700bc0939d1a840683ff348a3
SHA256 fad2df99894238aa8a748ec3c1a99b1e354437dc34be272d1ed3395d31645f8d
SHA512 c612ffb6d78c35041ff24739600306aa4d6e11083047fbcf1eaf7d4ae1f281bbdd6376d8542ee4338398a25d8fd4a6eb22331d1676a9abd414ee248febc95533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4b3bdf3fe258faba227b20d56d5a1a1
SHA1 222175d40ac3849de4b0b6470958e2d7ad96e38f
SHA256 fbd7c03da9eb5c0490dedbffed0a625f94999374ff05b6209b2069e030fbd566
SHA512 e4f16bdd56c25fc524ed942c88ec9846b48195a78040563d985dcb0f1139bd65621eaa85c0869b256928ff057e3ccd6f4fae929369132888b5400f9cfdb9d382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 698d23594f9d39d026c6599b660cac3d
SHA1 dbaa3885ea3fc3b7c38c323dc3ca4e4d7cc2b125
SHA256 ad320abcac9d063b8553e514ce8f182dc57a53438065f3511a2fc2a2fe1088a0
SHA512 6a2fee1471c5b96b67cc596385a9b2146375f80c7f2d6ec0ff9a9c8dbef8e1a86e8f5d5803342bf93aed12895bfed432211c4a384bc5bdd364758505e5efed61

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 766fde2dc3b231832512bd9a71fbdeb6
SHA1 5c4b0d332cafd5852d5e687833fc7af888f2d64c
SHA256 e7d48f154a4f0062630b9c75d5f28fe325bf26e966c06db86ed18baf584faecd
SHA512 995ab24886d195357a344c687536e6bc44de2d8e61d50e3cf36b664ee7b4dc6223779208d16ab25f38736b98ec3e692ff52237f1d38509c69b5f8b8a1a9c33ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de4fc3f84866708aad5995893ed2393f
SHA1 15426bbeb76cc4280ea9600ac5f95e6af113be71
SHA256 da4913ad57ef200e413bf10a2a0e39b926307c193f13da503705cb479bcf4b80
SHA512 a8f471c29fdf3e432c021932bf181aa1bfcce0a880924be0151af6dee4f472e4d5793bfda0112b9fe4a15c6fdcf64c03706a1a469f9fd74b43d537a475cca334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 943fcce310c0f1c34a21891bd9f095d0
SHA1 3248b66a5c81c749b86bda1f6a93d9e6f3864db1
SHA256 bd2c30cd080eb2e6d100d04c7ed869f7fd1d44368ad2266247c4c81f1f775779
SHA512 64ef4f2c64efb736c58f3cb8c23895c88a4691def91afbcf208c44ca15ba2523063b1f035484b1ea0b117d8d1c7c8296a2d9efcb0fec953fd772ca30a40c9f17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cd3c78caa73c32ab830e80e8e23fa0f
SHA1 843429affafa8e7c25ae84bd485f63c2f973268d
SHA256 8cef3698bd85bd49547757ddcf906e476fff8656278d9ed50a6d40fd5b898d51
SHA512 20abdc0945e2b49e4fee39039450d3cfde0050ecbfc5357eee79061ce7086cb62565bf6f2a284ffaf033dea46a2eab37770b2a6f460523679e24c42c03ed55f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d6fcddf4ee92cc1972a97dc545a79fb
SHA1 934ad6e40a5ee1705d30490d265a622d1329c4ba
SHA256 88403ae7580a21abba6ef5065716a291ed20383e1edc75291cdc09f3cb76b7fd
SHA512 ecc471419ade6dd90a28e8b29e956676420b242fca6b615b09882a2a6a57c8b8f15532207948c83c9d64e0d30d4fa91625c57f5c8959febd148f9aff14021ba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ea3cc559154a879f12f47a85c7513b9
SHA1 6914dac8cd5e44b8eddea458b367445e4d4fe046
SHA256 a4422ef2f6ce0d493d24dce6670dcae7cd00349ea5a999e704664fd624e15af6
SHA512 38c17481f6b724f09273235db65329d4cd5565d62e036aebe0a0b1d1c193174eb607a1952e71a48ba2843ddcda25833ef856b550519999ac6308100a1eeee1b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d42819af0e8dee6bffd244327580a67
SHA1 2de93fe917ac8ce5b0008d10b5a9493f103f54eb
SHA256 06855b0d2c6b8d71549a76523fb7bbeb7d16380efab7fe2f0ef2a4a45a8cd39e
SHA512 9a9453eceaf6f113c41cae247f339c0f3c8a54795f8edbebcd374a32861b5571b6f2f125398f4267cefa680dbaac1b0354c08de326c7b24c3dbaca4507f83c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d73ee6817a215a43a2a4d6d57cab6cc
SHA1 58f45248d2977a760253c168d69a2e0038bec4dd
SHA256 58754f1096f3ae2bef4e523130459d7b4fb3a0dac5fa05b4c057c0ca55ce589b
SHA512 6f218e9aee8a825fbdb4599253e149c52279ce8ae7b719b6bb2393f0e8beaab5509f5c56a74cc4d8397bcc5f1c78ba857eaa9d71bfe3570da77c447619f29679

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 234c02ba14aeed1bfafe5d19154f22d7
SHA1 3a072aebef169c8e1b45744e534d8d8665fdb3da
SHA256 2cab5a8ac2b35df7a887ed3dee2f19e239eb83f16b2b9a9a7c9679b720f97b3e
SHA512 1cccd1cb61be4484c8fa10b914a6c3f5079b1f5764bd61ca102877acfaea2f09f07c5a49b6cb63712f76e76b463fb984112a7e5e5d0e3033de7fb466671674b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70ddac6eab9aaa75ee15328b463aa690
SHA1 303bb4988d90e43aa48a0958ab29fec27de756e5
SHA256 0bda00e8f0e0786b268edd474aba530c0ae1ffe4b8f4692cd71fff1b5d9b7d7a
SHA512 0e9face198f3827fb51f0037435c90a8d9be5e7fd4b62e13bd99491c982dffe9442d43cbacf087a151fb216cb52a26835b4f7ad444cf2bcc7005a736c4e9431f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 216c60dc880156a7b2b00fd6c6b7f7ba
SHA1 6e52d5b3d76f8409297711b698d56ebc12e053bb
SHA256 17f0ccb1a277b672cc661e2a6139180f4ba2bb16a2c0e6e784e756e2f923ac2c
SHA512 7cd897ce48a6bb666e52ae52d4cd4019ffb3005479c4e103d5f9986c5b2f25dd1478ae24b9c9b14797ce086ebabee68473e0bddadf736c5c2f56e85f27885705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 483dff162ee03c68c1c56f8859ebdefe
SHA1 1ae06191b076eeef427d12d3da61af6ef67634a6
SHA256 fb99423c63fbdaee9cea4d1530f92bce512d87c97e2f81e93da62043d44e0171
SHA512 a1684c988407d3de4b8b9f3364e34e4536ad1058cc7ac9f0563d0d5651b8de94854f258c4c2511da248bcb66501e7b0c432f22f5257d5b6ac8be3971400601b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9c474c6b6c9a85d6260326dbbc18c50
SHA1 2828bad9697a3287127a47c2468ced9370ae3be3
SHA256 3c6ebf04cfe2c25993a5906374d4b0a6de4f86ded22ada609a5858e271b6272b
SHA512 902f5d634c0198fe8e3bf38b9d1716af383e58f32afdf77cea7957bd2ca4d5faf8f34e2b3c1859ab1eaf64f16eb59cf25ea4133cac620df36acde865428a1701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 953f5a3bbd0e028dd23e700a8a00e826
SHA1 0b33c980471334960e28d4f5a9d987b3e010ae73
SHA256 f4aeafe31044851b03f229571868e5908bc35f82bf3951163bf03b6dcf28f623
SHA512 f4f9d481e38e9c8eaaf737763ac0264a0cd741a5152e35b1598b014d9d6029487acb41d2f8c831755a4163c8a35c71098c9b28bd3c782a9f8209e63aa04eded8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93515433e095662f217eb42ef4fab4aa
SHA1 cfc0d1541d46e117517f0bf5bde221bd498a8ffb
SHA256 13d39b40b2623e769396747932be5c2c929c24dc34a13f42053b684575af6eb4
SHA512 91ac05307505a8724e7d125bcf770a5d9776372727ef7ec68764f4175eb3b8e7c8330a47ec715faef04fa20ac88bbca46450b7451aa1856f51c910a4f98dc3cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1e4c3b18af431d1482c564e83643b88
SHA1 adfb48e0fc40315c8b945a03dc694ad77a2224d8
SHA256 88748e0fba07afaaf80a79c41725c33996cbc31ae0c9233ace87967d8e8c6f96
SHA512 7fd55123dd5b1f1ad674669b61904bc075184e8b11dd699b26164912eb3fc50e003a7777ed41182c8f6bbfe45df6406b9c201baf1501a004bb8e28d7fa2a67ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3c09206de756763d7b928246bdfca58
SHA1 169ad13f4bec4ff6b8c67d2ce7f3825602a076d5
SHA256 9c174605e55c487e0cb837c55de4de30e774b5922e5c85c13a0ac64a4e311932
SHA512 12a73acae8681bde9404a98312ccd2f675762d5381224b42a05a1d46fb0c6efb439cbdcac4010bcf0f4a75170ef6644de20f3871647dc044185030503ce3c94d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cbb11775510f4a5bd592f4d929c542f
SHA1 6feed791125a51612a27416f4dfb902cb9f2a772
SHA256 7c935f601b2d9c932412ffcd2fdd802158e9b2e394f50206c4459de628594047
SHA512 194ae9d8f066d718e4bdbef166884ad01cd028dc6e17b1878ab42ba23b8f1f86ec01f7056abc0a73f17afa66b66e546e243843944ecb4bfd343303769452cbc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db03b32a3be052a168b4986772b7e145
SHA1 2a3b793b22a96eff055cc7581ccdb95fbd3c2190
SHA256 e43a955f2b02923adc11cfe747d0ba3b76afa1f90abd5ed6223fca7148fd9dca
SHA512 af9d6a9575b49b4879572b193e6b43f86b140c49e4b80845d8e336bf55199f1ffa6d339dda0bd3daf330a9740f054748656b1c04913613a7e173cc0edf1a6b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bfee3636cd7d2b1c66694e508978a46
SHA1 3817419be8bdaec901e31d1c00883e4518d62076
SHA256 caf0fc2f37b9a4f274c181af1b945261c4e1f57b823de8bf22802ebf8f9f7f1e
SHA512 d88130613b4fd62fe8e4616c620aae9864d142246f0dccf34554a5fc9d9152c6e08d507adc3b4e4c57a8f143422474796b6f7c8cc985e07942dc582a679a761b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0fef0a393f70509601036149157f5813
SHA1 5d5ae1ffdc0b99114a8738ebc9322d06c82c1099
SHA256 38e22e439b1bea153f972aaf9bd19c0833a922259269cd89d2067824b31e1865
SHA512 1ef50eb7abc53ebd10b0635b4c74c4d917ad7aabdd6fc17825f4f822026043f9b105289b758b1969e5d40f177edfa6cc8f3cd0953bc82c773d0165bf962d20b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0837b7cd3938507a17473ef9089c1a5
SHA1 8552fcbe6bbfa13af331c8047685451027d2b950
SHA256 78e999b9fad4bf2c4a10b4d58a8cfa4796fb26acfd3fa520f2cf0b28212cfb19
SHA512 3e0402acc052b3f14270876b146da899aaac111e51d299d736e9159200f879f6968fa4a081bda1289d92d872c2b679a3da963ecda220fa6f038fb16c7de58e3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a499d095059ed4b041707e1a8bea47d
SHA1 53e330e6b0a63fbce9f42cd98b4deac165dfde7c
SHA256 ca2d1bce83e7c36bfab0f726c3a80084bcaf1f307959936144f84d000e2b7faf
SHA512 e1bf6984b688e4458178fca051141f3ea2b71afc32970eba9b3347a8488ff70192688c8a5ca45e028f81f64cda3238e24e4a7ea678d5ca1dc42873402dde0e27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d3aff53e10622646d29e202e5c18476
SHA1 39ecb7ef5b9c5b8c74d98445e70ee35bfd0cf680
SHA256 c34a097aba2c3ebf0df0e7a5ce4833fea1c34e32754f4e07a8b422f6eda000b0
SHA512 d5b79be1d0cfd813c208f0fe9d8cadd746976ba32c327d9b727256a8d5c2d1af55330ee7d5c93681fdbda3ce514f899461f6ed2dfc153672d949402473e4d464

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c24af2cc15cc54cc109c52ce55c48ea1
SHA1 0fabae63c66ad65c58fa9f7f7be247ae6f55a29a
SHA256 1d7fd9cadc26a936f5d4bc053d52c4fe6bb643fc272c087e554255860b1a24d2
SHA512 5e8629f78fca49c26f0b8cd6b78d20d3e84166097141d02a0871415e801e8448f55bab3c271e1c1ee028ba45d9298792acdcf74ceddbb2b37dd28f3f6518f8bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dc245d8d580f3e0399eaf6dc0d18920
SHA1 849c8d55f0c27781eb11eeb30a4dc21b9551824f
SHA256 fe5bc17add2818b7bfed3229c6b91fb1067232cbd93bac7782e0eba695d90437
SHA512 1db161fd33dc66825760eeebfda5dfa22024d0356329e4d935b98760a0ddb543a6f07c70b73549e65937a4df459645ee52b2333cacf5b78291dd599a543d70c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72975e441c3a919c312fd3d220d17810
SHA1 7c4f659d9e7bef52c6bd7f448d389f60239ab0d7
SHA256 753fb94b63b13d20e77e7b83ed83a7b4949f31615a0cf7ca3c776bc448e0a2b4
SHA512 ec4c6001f07831af37c0bcd9a2940cf975abde874fe1e3a219915c99aec44d31e9739eadf18a84a201ff3d9c96a6c4ece46f111561def55fe6366b94b8bfe3c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2521f41a114c8574fdb17d0f4da6d04
SHA1 78022214c9c7c09d81f2ede4c43ec1c83f29b3d4
SHA256 ae80fe1e6143e24f14237ab1d735bc2d487c76f59faf2e75d6374e7afcd530cf
SHA512 bdea2f9196eaa2c29e7f1d3414933c5f51a87d839066aa05869d7ca92550bcae9fdf16dab89b29cac0c614112c5307a5627b192980f38a033ce19df0d323fcba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25873a93d2c257e76f20b95341af63c0
SHA1 cf37ba5965021fa8bb4f8fc0c5a0c005c5ed7751
SHA256 0e8778a943b97f0938c0efd4e71326b00c2f011ab7026e7e0204ef8b43a83203
SHA512 14db27872f165f2776f437625188344154f22e497677fa154fb234c1a8bc55d6a6a5a8e90204303a16490d52eb4dcc61d183e96947e36892d53352e5ef3b5232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7357457e832aa45e96b0356a13ce16b7
SHA1 5ee583903cfbf321e5d4a51d8250792042a400d2
SHA256 7b8b8fda31334807a0e9bfdd5113fa1bfb85dd17180caafe5853554c1d72c8ab
SHA512 8031e7ab1be1496c2907463afa2a8eaac5e33101d58726632561f5c9d55f8b84dfdeef248ce25bbaf246b7f8a3d1cae495b9beeb7a6494de7ab4be046c826ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b9308e37c1d7d869633ab54ff163f35
SHA1 8e1e2aa16f816ae7ef6b1b473e0d6b551514bfdc
SHA256 639d5998875485623de80d2f84c80142b89e0eeb614cc65f64c0c6f2448c711f
SHA512 af562923b5aeae751625b08816ee897ec82a4753deb0a57498ce7063206163c495ec9e76f212fc0452acf1db520dadd1bc7583b9061abb6f6191f7f79bcf24ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ebd7dfd5462af7031078ca0f66aa192
SHA1 64269a91f8b8b994c69b7c56beeb1baec23d8eaa
SHA256 c2210c02c5f34dd6e3a72249907f4f4a2f556fc3481f8cc33cc8f376472805ae
SHA512 6f4f1168eae50e55124eac719de4732a32c5aa4b53eaed0e8d8675211ad530f69c63f0e21318ac3e95931f30338457d081dc191bbf36f64a0fce48fa61f77d04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02c4cf273deb38049669cb63d27b3d1f
SHA1 36b1031341250a7d867584fb5cbc238a84b7d0df
SHA256 ac2639bde516377349f893c37506f6eab05b115167e7fc188471f3ca87795815
SHA512 38b673bdd8ce3cabb535c8cd72a43e7dd652772f120bc9037c8a86bfde871a4594aec792bf62ebcd42f6c70d4530f05a0ea43b54c41cbdf370e36dde656a9abf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a71570d999cfa2495bb29a1a549826d
SHA1 4ba24146db8212307cfb46c426ba48c0282c1bb8
SHA256 4680ca6dbfb7746a1dee3667a1a85f87a44741beee090c4d0adbe474309f83f0
SHA512 34f93dea7caac06d38d98ef1271325c2c9fb7fcb6e3e56d0e796a3ef7d6420bd061366ad5b20d2146fe11bcc8493a2ca4f916330dbc4486ca4a93bd78ff8fc2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a373c0559cbfb0840c9047768fa45c3f
SHA1 34d89b0a702e5ab8733986f53d35709439eaf03f
SHA256 646e40cb06d50676b10b2771a2849e27d18249912955371ba446b7d914dc68dc
SHA512 370cdebd064fd863e9a96052a4c43e699eae6f463d10f33603826a4d02be9fe1492fc0c58fe8c67cf2941f7eccc8f5b4b5e47b4278f2076b2a0f84ad4c5cc9d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6530a193ec8880646e7ccb5b6e996a8f
SHA1 f77c66d921ae1124c78912821fda10b9fd29ba35
SHA256 bbafe255691057f1cc43e364060a2cfddbd9964edb2a07002d0beeef2fe5b79d
SHA512 a5ccc60cc999b6d62bcb39440159ecd16171e0f54aa250b14fa106ee6737e6d46d96f30298d85acd9e9de1db4a9cc612a05d49a72e50a7c7926283c7272a8261

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14a24ba6a038f5ce5dacd2f5fa4861d0
SHA1 e95c8d05220f890f95f0fc41706b152e77f8c2d1
SHA256 e8aa8b186c87e8c3b7b8c1cc12280c917cd1e62afa86a60eb1670a30f4385848
SHA512 eaca9c1011445995d28ba0221e88f8ac28d59d713ba376b506cc680b4a4d054366af67da77e7dc5e1ac60fe7b00fdd1b6123260c9fe66d65618d15477468f76c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f9947f4949a9cb697ab22e40d364a2a
SHA1 f5deade702e259c091f43aa720d5557c10cf7d25
SHA256 fbbe5769e1987424784027be6a64810168751a2df2bab5fa78c92949006ddc9c
SHA512 82480913feabb1b504d103634c0a216d57252d219d97d349363b815e55d713214e29eb3e9cab17dbde5fe0c90f60803e9ab8e80181027e8ad53e0789b6654bfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 190e066fedbceece41a3fd8ef8643fb9
SHA1 52c2fc1645382125e677643871a7448b34055dbd
SHA256 e75d7f0b7895ee5297ace284cb06c4ed5296bba9c7ab2a7ef2d12579d0590bd7
SHA512 1bbab80afebed45c2f996103bad801d9cd949b66049a03c4955941dd1bf73cc62c71c4fda39f4b91938af0d1de78a21db1124cfe901a1f3ebf69bae9ec95ef9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06cf524c7ba010eb1d0d792e73ba8e89
SHA1 f5c37b8928b28c70990bddb6ff4fc8cd4133ccbc
SHA256 82c453b830ede2b5f4e740bd745a0facbcbca5cb25dde818bb1aac735576c111
SHA512 ab3a32ea46e07e428503be651c64ad05f03ed02c459d0feabdf79d4f8e5e92d8e8711cb8981213e8c96ffb38248ffd2c7c33e18eae5f2f0be82bb22d54f34842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 88354292f1fb99b410e7376c1739c2e3
SHA1 aca7d9de6af57287319884c808a30c840c70e8d8
SHA256 2bd72b64a25d75fa687afa7c21e86e059f67cd00f13fb759d9498be39d836b78
SHA512 7515997edcb63c5dad3fe8a283dcdca4f94e3a0dae33dc907ab0d396f6a6cc2a2ad505b57d59fe1e7498f35d8159a85b5347a4fbe1a3e4fdfe63b58864e8f3ab

memory/2848-1395-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp