Analysis

  • max time kernel
    1725s
  • max time network
    1657s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 21:27

General

  • Target

    NotMyFault.zip

  • Size

    1.4MB

  • MD5

    3098d0f7a888949089cdfb9351904303

  • SHA1

    ca50aef1aff4b17be449ec7276b01ba728ca7c6f

  • SHA256

    e26db5a12a6e1f83085cc40446a0b8fb6e322b989c46f4cb649a955682c15de4

  • SHA512

    2a0972c2d7854c6b84a1f68dc437f99b7cbb4cd03a46f275c30d5f0c80f6140bceb33cdc29e7ec96e4ff76796e388090b46112e709e6736bb0fe388c64dacff2

  • SSDEEP

    24576:OpJA0obRiRMjQ8rrifP+cNjoWrb7CWzSvZ7nToHL/dWP10N7XaBI4XuB8R:OpqTNNxQWcNjNXCWY7n2YP10N7XaO4+o

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 12 IoCs
  • Detected potential entity reuse from brand microsoft.
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NotMyFault.zip
    1⤵
      PID:2360
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1188
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2932
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ef9758,0x7fef5ef9768,0x7fef5ef9778
          2⤵
            PID:2480
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:2
            2⤵
              PID:2768
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
              2⤵
                PID:2704
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1664 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
                2⤵
                  PID:1416
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                  2⤵
                    PID:2700
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                    2⤵
                      PID:2016
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:2
                      2⤵
                        PID:1036
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                        2⤵
                          PID:1064
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
                          2⤵
                            PID:2104
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
                            2⤵
                              PID:1760
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
                              2⤵
                                PID:2340
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                2⤵
                                  PID:2860
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2008 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                  2⤵
                                    PID:1004
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=720 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                    2⤵
                                      PID:2408
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3880 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                      2⤵
                                        PID:2768
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2404 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                        2⤵
                                          PID:1188
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1628 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:8
                                          2⤵
                                            PID:2584
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1988 --field-trial-handle=1004,i,7060492989140448373,498317818625880950,131072 /prefetch:1
                                            2⤵
                                              PID:1764
                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                            1⤵
                                              PID:268
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe"
                                              1⤵
                                                PID:1224
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                  2⤵
                                                  • Checks processor information in registry
                                                  • Modifies registry class
                                                  • NTFS ADS
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:1332
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.0.545813307\673730648" -parentBuildID 20221007134813 -prefsHandle 1260 -prefMapHandle 1240 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8564b9a1-6438-4299-bc46-499a85ff799a} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1372 3dd9d58 gpu
                                                    3⤵
                                                      PID:3056
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.1.297561447\180025364" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20681 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fa9709e-5540-4c91-b2dd-d0780001fa25} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1536 d71b58 socket
                                                      3⤵
                                                        PID:1816
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.2.556714733\1960753194" -childID 1 -isForBrowser -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20719 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d129b6b4-ad37-4075-b34c-5c7b3dc76f01} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2316 1b5ecd58 tab
                                                        3⤵
                                                          PID:1460
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.3.1373717128\1304347327" -childID 2 -isForBrowser -prefsHandle 2764 -prefMapHandle 2760 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4223cc-4373-48a1-a57d-f6047ced64d3} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2776 14c88858 tab
                                                          3⤵
                                                            PID:952
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.4.325185590\497124" -childID 3 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5750e67e-b2a6-4dfd-b33a-9e8ecca2c390} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2912 d61e58 tab
                                                            3⤵
                                                              PID:1752
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.5.1296317246\26289970" -childID 4 -isForBrowser -prefsHandle 1972 -prefMapHandle 3824 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f28124a-bf4c-41aa-8856-ac1104489f4f} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3856 18fafc58 tab
                                                              3⤵
                                                                PID:2028
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.6.1380645488\1583238588" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ffdea0-cd12-4b22-91e8-98cd7f3aff7b} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3968 18fb0558 tab
                                                                3⤵
                                                                  PID:1972
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.7.1630389350\1222017442" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 26318 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6845168-2f52-44a3-af2f-ca5615ce8f11} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4144 18fb0e58 tab
                                                                  3⤵
                                                                    PID:1940
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.8.111290849\1443848483" -childID 7 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26477 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {150f3f62-bd28-4e13-84b1-73ef14f0b765} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2824 2102be58 tab
                                                                    3⤵
                                                                      PID:2012
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.9.1062880124\1216661744" -childID 8 -isForBrowser -prefsHandle 4352 -prefMapHandle 4036 -prefsLen 26652 -prefMapSize 233275 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07439ff0-ce2e-456a-8736-5d7edbae50ec} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4008 22b6a458 tab
                                                                      3⤵
                                                                        PID:2020
                                                                  • C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe
                                                                    "C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"
                                                                    1⤵
                                                                    • Drops file in Drivers directory
                                                                    PID:3076
                                                                  • C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe
                                                                    "C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe"
                                                                    1⤵
                                                                    • Drops file in Drivers directory
                                                                    PID:3180
                                                                  • C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe
                                                                    "C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"
                                                                    1⤵
                                                                    • Drops file in Drivers directory
                                                                    PID:3284
                                                                  • C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe
                                                                    "C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe"
                                                                    1⤵
                                                                      PID:3356
                                                                    • C:\Windows\system32\pcwrun.exe
                                                                      C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"
                                                                      1⤵
                                                                        PID:3480
                                                                        • C:\Windows\System32\msdt.exe
                                                                          C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWFA08.xml /skip TRUE
                                                                          2⤵
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          PID:3500
                                                                      • C:\Windows\System32\sdiagnhost.exe
                                                                        C:\Windows\System32\sdiagnhost.exe -Embedding
                                                                        1⤵
                                                                          PID:3952
                                                                          • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
                                                                            "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bv5bycnd.cmdline"
                                                                            2⤵
                                                                              PID:4032
                                                                              • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
                                                                                C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB8F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFB8E.tmp"
                                                                                3⤵
                                                                                  PID:4064
                                                                              • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
                                                                                "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\phs_uobm.cmdline"
                                                                                2⤵
                                                                                  PID:3100
                                                                                  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
                                                                                    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBBE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFBBD.tmp"
                                                                                    3⤵
                                                                                      PID:3136
                                                                                  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
                                                                                    "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.cmdline"
                                                                                    2⤵
                                                                                      PID:3208
                                                                                      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
                                                                                        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC1B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFC1A.tmp"
                                                                                        3⤵
                                                                                          PID:3192
                                                                                    • C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe
                                                                                      "C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"
                                                                                      1⤵
                                                                                      • Drops file in Drivers directory
                                                                                      PID:3412
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      "C:\Windows\system32\cmd.exe"
                                                                                      1⤵
                                                                                        PID:3692
                                                                                        • C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe
                                                                                          notmyfaultc64.exe crash 0x06
                                                                                          2⤵
                                                                                          • Drops file in Drivers directory
                                                                                          PID:3720
                                                                                        • C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe
                                                                                          notmyfaultc64.exe /crash 0x06
                                                                                          2⤵
                                                                                          • Drops file in Drivers directory
                                                                                          PID:3852

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

                                                                                        Filesize

                                                                                        441KB

                                                                                        MD5

                                                                                        4604e676a0a7d18770853919e24ec465

                                                                                        SHA1

                                                                                        415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

                                                                                        SHA256

                                                                                        a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

                                                                                        SHA512

                                                                                        3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                                                        Filesize

                                                                                        68KB

                                                                                        MD5

                                                                                        29f65ba8e88c063813cc50a4ea544e93

                                                                                        SHA1

                                                                                        05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                                                        SHA256

                                                                                        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                                                        SHA512

                                                                                        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        a266bb7dcc38a562631361bbf61dd11b

                                                                                        SHA1

                                                                                        3b1efd3a66ea28b16697394703a72ca340a05bd5

                                                                                        SHA256

                                                                                        df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                                                                        SHA512

                                                                                        0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                                                                        Filesize

                                                                                        242B

                                                                                        MD5

                                                                                        9f792dfa93ef83500d97b8f336aafa4f

                                                                                        SHA1

                                                                                        2fe5e59c192c2657745fbc215808025b58b2e9a5

                                                                                        SHA256

                                                                                        608a0cc3ad657d5e6b57a6662c88c3cde685d20a79135abb3ac80a0dd4ff6332

                                                                                        SHA512

                                                                                        6b934ee2f4908efbbd510200a6c67e1b4f423ed894218e958a1881b5e10dee8f4278dea71818cd04f412c9d175d83a05618fe3e832b8196b7b481d0b479afb68

                                                                                      • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024050621.000\PCW.0.debugreport.xml

                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        108c0f3bf996592139497e6f54dbe614

                                                                                        SHA1

                                                                                        6996fe7b669700e1c16b6949309bf1fe0f64bc7a

                                                                                        SHA256

                                                                                        dc91d7eac34d7ceb3b3e4a3a077b7cd86b46939fda6179caa6bbf022f12b2c38

                                                                                        SHA512

                                                                                        1698596cd4bfad27b6045c6bd916893f2d7ee1483085d7128ae852173d89ce3cdf376d5f22897c5ce84427520fe69355d90021f841b05e62bb8f4b8844b00335

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

                                                                                        Filesize

                                                                                        200KB

                                                                                        MD5

                                                                                        a484f2f3418f65b8214cbcd3e4a31057

                                                                                        SHA1

                                                                                        5c002c51b67db40f88b6895a5d5caa67608a65ce

                                                                                        SHA256

                                                                                        79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

                                                                                        SHA512

                                                                                        0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                                                        Filesize

                                                                                        24KB

                                                                                        MD5

                                                                                        f782de7f00a1e90076b6b77a05fa908a

                                                                                        SHA1

                                                                                        4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

                                                                                        SHA256

                                                                                        d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

                                                                                        SHA512

                                                                                        78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09d0fd92f8e726a7_0

                                                                                        Filesize

                                                                                        289B

                                                                                        MD5

                                                                                        18000c420ea180823b38b1eb5b1bd24b

                                                                                        SHA1

                                                                                        114a364023550c2b294b37996da7a12f7b822052

                                                                                        SHA256

                                                                                        7263020a9cf19882504de1b53f05195b69e63c1a0f24fcbbe13a3d82cfe6a3ea

                                                                                        SHA512

                                                                                        3b88bb4b433c65bcbd93e08abd0252264caa4a884aa2e7518bb135526b42209a2ee9238a07fa0b7a0672dee346709f825087f775c51864c5489a0ab334c28a3b

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c03a66f55691377_0

                                                                                        Filesize

                                                                                        280B

                                                                                        MD5

                                                                                        9063b78748ae3c344cb0506693e25068

                                                                                        SHA1

                                                                                        a3055b3a43b0b364461d23a82746c58988b522fa

                                                                                        SHA256

                                                                                        ca1fbbafe92c8fb780e961a86e0b97cc7a615e1aceb199eaceae58b7367f1aba

                                                                                        SHA512

                                                                                        d567fcbf8b374f6d2ec1065a43623f550b57c921f198c5595ec1b6f776d841b38c95112a0bf7cd5382c2f26d7e702774f112f43fcf560eb0490eb5d59130b77f

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c35eefe94f0ee438_0

                                                                                        Filesize

                                                                                        318KB

                                                                                        MD5

                                                                                        b9c5d5b4704d83eb30b9497df9da71e3

                                                                                        SHA1

                                                                                        7cea60c22655c7bcc16d4c554e1b9deadda41a96

                                                                                        SHA256

                                                                                        78ca6a3dbd9bd1b14e5f3cdb9d20f2902eb0098e545799b36ee845ac317e6284

                                                                                        SHA512

                                                                                        c3099b3d9a94fa79109c85b37511b0429b6f953bb73264112ee4e9f8a2655433770aa42e0c9f894bfa47240fb6b05a77b0f359b8eeac216924f47b5a746c2414

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d287f735f4ac0065_0

                                                                                        Filesize

                                                                                        19KB

                                                                                        MD5

                                                                                        f9c25d960890b681a440c29950438eb1

                                                                                        SHA1

                                                                                        5802f2f82c9a7dd6627640c4c06119cd5574a177

                                                                                        SHA256

                                                                                        8d18cb802a335d5f5af165a3286eb7ebafd424e6235a50a10237f6392b10d1bc

                                                                                        SHA512

                                                                                        a361383c8895d75d046ebfcde6e00ffef21cd34fc4bf85f288ad947e1177edbdb2d88150b229e9af42f71d697e62c9fca95261d8ce37090617bbd9a17b4f863c

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        168B

                                                                                        MD5

                                                                                        d08860bcebde550a1be9a5423280e872

                                                                                        SHA1

                                                                                        20634e6af867e77e703ad501eb11fa8d76889f71

                                                                                        SHA256

                                                                                        6828adb1d84641134cde9777c41f54d0154e4494d324264feea83d8ba4d0918e

                                                                                        SHA512

                                                                                        8ecd60cec1b071b2751b2b749c29293b9a62a411ea35dc747ad018babea03e004816b5f3afe08a71d1bbb790ad37c11e4f28d31c730b3b04390ef1eba056066c

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        aefd77f47fb84fae5ea194496b44c67a

                                                                                        SHA1

                                                                                        dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                        SHA256

                                                                                        4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                        SHA512

                                                                                        b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                                        SHA1

                                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                        SHA256

                                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                        SHA512

                                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        459a6fa994b59b80e5bde1cad707ccdb

                                                                                        SHA1

                                                                                        53ab73f65d1357dd4b860a2a94d661e4eec3224b

                                                                                        SHA256

                                                                                        fb6bb713faa6fb343a4d843d72f8b6d6b96d36684c6c520ed43eba87a1f7bbdb

                                                                                        SHA512

                                                                                        3e97d6bdb4a6f6a723c927376241528c175408e29ee792bbb5e02719b3ecf3b3905d532691b74d816f112a53d953cdc9384451875cd95f045df0bab496900f3f

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        c8bf8cf9c356ea325d5d68844a2e5610

                                                                                        SHA1

                                                                                        99bd9aae31145571e88fdd43019d52de9fe906ed

                                                                                        SHA256

                                                                                        0a80c5b15b1be849443efa8cfa20ab0b808c33afd4a947e326a1d87e050eff9a

                                                                                        SHA512

                                                                                        c53abf6f3633315652b457167c129688373f92f64b48ca0f9b3cb122db81ef8f970f1dfdef162c83afae5f045da78a4c901ce9e88d19032f8f18bd9a9a4d05b1

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        ea82729537570feabda05dc73f95b8d6

                                                                                        SHA1

                                                                                        30dd87e0c50a05e98458212ea53581d831874e3d

                                                                                        SHA256

                                                                                        0bf341b9c5021e88e08441b4509dd38c63bbcfbafcb1c657770217e9cb5b1738

                                                                                        SHA512

                                                                                        a6f9f512ddee4d09af92eea084b87fe770c5f82ecced3487058ea8a7476aa3f6381d68e22fe4e48f630230b687930a21afeca994bf0f5fb29d110f923f645b1a

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        04262b97987c32c96eed460a289d988b

                                                                                        SHA1

                                                                                        7e1fa2553a5cd74e4734b268290f9250f067d6ab

                                                                                        SHA256

                                                                                        a54106e863369d892df28f869284d72e6443e60c2816f52d16464a2243249235

                                                                                        SHA512

                                                                                        ed9eb15146f4f348ff26e22a815dd634f36ebc9269a3c5a489cd0beb938e2130c6a49acdcda1d7263d6f69ad759af68c7894cac64c3c34eb776aa5a4102e8098

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        347661375e259aa553e5fa200c12dfb1

                                                                                        SHA1

                                                                                        8118f5f9adb83c8867029f24161b035d24db2f75

                                                                                        SHA256

                                                                                        0a7e931c2ad99443dee9878af362acd35d7efda690e38a3f5ea32b7e6f2f4629

                                                                                        SHA512

                                                                                        ed93adf752bae678c4fb08cb5c4a7e9ee6326bf08ce26321f134681d7370bb0be1638ff71e0c8c5ec04fbaf000d04ebddccc920d389cb86b54fe3b20ae0c5bad

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        76e1d14ce2f9e433d34edf84d46a5f74

                                                                                        SHA1

                                                                                        e2939ec90b7e081626c065e28fede207eb7e66ca

                                                                                        SHA256

                                                                                        c66ead0fa3f2ebf8a0c3747988b9d913ba363e7fd12fc83b84e407d28ef8f32c

                                                                                        SHA512

                                                                                        0232ea01bd4126daa256d3d2dca22a3627a9345d7998d1b44144aea8e1abb6d9710ba03e0016e8362501c7041256c49062086a5ee5d4f1d50eba22760d412df8

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        1605a3fca9956c65f6476b914de26df9

                                                                                        SHA1

                                                                                        fc6e17307008469f4ccc6be3440e59a9faa5b88e

                                                                                        SHA256

                                                                                        da061a872b1ba85f27a7caf1b011a508621a19615976bc3d830c7c64e48551aa

                                                                                        SHA512

                                                                                        817c438601990a0320199e1628b2d9ff0fe09ef11ceba9ac620e31b851e0940e1487689f0571b04270c095c90edddc0e6771ec6217a9a2da6e549f1ecf2a4cf0

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        56ab629042b155cae4f8a5e3696fdca6

                                                                                        SHA1

                                                                                        972022f0b669f0ffee5d1b2bd974b2a1d22b558e

                                                                                        SHA256

                                                                                        00714dcabb9bd685e73565c8da9a443ed0ace1059b79d2d9e25279c35cdfc801

                                                                                        SHA512

                                                                                        d5a8a4976112c4b5806d49a31a6007113e070c3b92dac5a8d7d388afc2613485b0023b667bae63473d41819df86914846b883c6080513ea60c6f5937a5144a22

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        18e723571b00fb1694a3bad6c78e4054

                                                                                        SHA1

                                                                                        afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                                                        SHA256

                                                                                        8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                                                        SHA512

                                                                                        43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        139KB

                                                                                        MD5

                                                                                        c63e1acf7f20b1970b52bdc8784b5eb4

                                                                                        SHA1

                                                                                        54002c2cc2f88b8479acb5f6dcd9d5aabb158867

                                                                                        SHA256

                                                                                        46148bfe10b2aa5d0582de39702bb32eec24cea14a77772528ca30fc6ab193f1

                                                                                        SHA512

                                                                                        395464e314f6a5732dc5b0e60ead97c0e94bc58e7944b27145ff596edbe7d8eeccf8daf95d02f1276944130bdb8591aa9c68b142a123a6084a056bb9f4c559e4

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d2b5491b-1af0-4833-af49-61aca38b2308.tmp

                                                                                        Filesize

                                                                                        139KB

                                                                                        MD5

                                                                                        fa49ae7eb14328e6ec58a5c2575f1d3c

                                                                                        SHA1

                                                                                        82d2b9f309afb1382ebe3898acc5a6ddb87e5f10

                                                                                        SHA256

                                                                                        b23aa0f925fe72631b8e9edceb4f4e6be1045c52759bf42fa03270a15317fddf

                                                                                        SHA512

                                                                                        f945d4461a6891ec52529bb0e063a0b35a71b28dcdc74dde1ffaa0c5d0e8a8be78c4de8b95ac853e07e04ad0d86f27188abc795c63f4c6cbc68757a74e7cac50

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\activity-stream.discovery_stream.json.tmp

                                                                                        Filesize

                                                                                        25KB

                                                                                        MD5

                                                                                        a452031bf498ddc05af06febbd88d617

                                                                                        SHA1

                                                                                        5c84567b287f74eaff2dce4832424ec0766b51ec

                                                                                        SHA256

                                                                                        57ab21fc8f01a87a53341068def035889abae5fa3fe6abc1568d44192b214955

                                                                                        SHA512

                                                                                        8b868e9ae9be7de57f8ffbe27796b0e1d3f7a95eb561ee3948375d5445e9055d1b360431ef866f98c57e619f82685f5f6522994ba76c89a9f71f768efcad04a9

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\doomed\15894

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        1d2bf0efb6010dc1662dfa66529b21cd

                                                                                        SHA1

                                                                                        e86588b44f441eada1f24321320fd8b340473ec0

                                                                                        SHA256

                                                                                        94f57733f2eb1e028ef4c09964cbf1915ac3768c5a2915b9f7929d341ac92b97

                                                                                        SHA512

                                                                                        e11fbad501f807c754cf3e71ec15f8fdd1052c86543fb9f527e38e2919fc087362675a3850fb5b9984ffc15c19a9ff80618ce539ce5550aa6e231c93f6ada901

                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWFA08.xml

                                                                                        Filesize

                                                                                        744B

                                                                                        MD5

                                                                                        018b3bce62e32e1c212a892d70b7327c

                                                                                        SHA1

                                                                                        adf054fc289626f9db9707e31bc4dbf160531729

                                                                                        SHA256

                                                                                        d5cbc71e26889ef9c92c4249d2485eb947754177b3f23e577c0e8758a57aeb9a

                                                                                        SHA512

                                                                                        ee280ae7f757a58309d1c2f1bfcea21cadba08f809d6fb7dce5afb93866e5d4ddee019691f3d938f0f9704f2cb3a9cea9003d5de6cff394ba3f42e66aaf3b82a

                                                                                      • C:\Users\Admin\AppData\Local\Temp\RESFB8F.tmp

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        f5c9034346866dac6fdad8ac8234df56

                                                                                        SHA1

                                                                                        f0089bc887fcb1c48e750a13e0ce94384e38e1b4

                                                                                        SHA256

                                                                                        9923bb777f82fd3a76e2eed6764f66930c3c19899d67e15daec6d354360c4824

                                                                                        SHA512

                                                                                        812e79a909c8fa129d2160b31e29b6602fea5f5c8684c8436094be62fd10f40ab2c4855b9ab2293797c4ae54b4d3bce8756950f40ab830994d61df4588b5b2a7

                                                                                      • C:\Users\Admin\AppData\Local\Temp\RESFBBE.tmp

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        17577abf0e97152c7ff68c2001ef4b85

                                                                                        SHA1

                                                                                        a5a542bb61ff702410bdc9c198fdb50e763f1bd1

                                                                                        SHA256

                                                                                        5d66df0a7e5cf7742912b3731b8ef97d78875a04822decee8dd5c7688ac59c16

                                                                                        SHA512

                                                                                        eda85bc8c1dcbf6e3c18a81d63af9b040be7cf5223e48163658e9638f05a0828901c033c34b4cf8fb17a9ae44e9c9b9c8f042b571a6bc34c8bc23a19d8832a49

                                                                                      • C:\Users\Admin\AppData\Local\Temp\RESFC1B.tmp

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        d4a6d5a83dc15956a5ad42856d3a53c9

                                                                                        SHA1

                                                                                        e6da03fd89773cb47a8fd3339f7b84d65cff07b7

                                                                                        SHA256

                                                                                        96fbcec50263d8de1068520d6d3b46c46fabd070c00781809de271b99a69d12e

                                                                                        SHA512

                                                                                        086ded886189bb87287746ac24ffc8d69491e395f177a62f4ab03a36f703ebb403a0ddea196828c42bae132432526d0e69370391f885c009255d4e0b2693c344

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Tar9EC4.tmp

                                                                                        Filesize

                                                                                        177KB

                                                                                        MD5

                                                                                        435a9ac180383f9fa094131b173a2f7b

                                                                                        SHA1

                                                                                        76944ea657a9db94f9a4bef38f88c46ed4166983

                                                                                        SHA256

                                                                                        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                                                                        SHA512

                                                                                        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                                                                      • C:\Users\Admin\AppData\Local\Temp\bv5bycnd.dll

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        7dec6558b4dbaa74fdfc7f3849e4de4e

                                                                                        SHA1

                                                                                        ab00d9dfd2255235c8e90e0db387cd295e3b6a77

                                                                                        SHA256

                                                                                        a506fd09e671edf3e70b0c6b0c2627859ccbb104492d1beb566def7e25e3eff1

                                                                                        SHA512

                                                                                        a92a241d77d85cd6d8e6e0efea98b41d87fc5f90ab942a29ed4ae8d8ec5222516c0fc9e77e037e53b447ad8f7124ceb72d170633c03166c90db0923ce167e1ba

                                                                                      • C:\Users\Admin\AppData\Local\Temp\bv5bycnd.pdb

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        cba8efc7611c2050ef2253560f7a4f90

                                                                                        SHA1

                                                                                        84383bc9eb4ac01c67a788f8c04418ae392c0343

                                                                                        SHA256

                                                                                        c930ee11c46c996f4f2c264e7ec9f413224b9eb7dad3b7f7d0146988827be0a6

                                                                                        SHA512

                                                                                        8e15ceb56c4bc43014a7405e40317eacadfdde670605e89d6a599b1243b70206a0c6f8330bc60bea87eac5624e97f88bc4070954f011f40dfdda3c526542ec4b

                                                                                      • C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.dll

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        1955960925954c71bda53fbec475044d

                                                                                        SHA1

                                                                                        ee7c614270b40f8c5a0afe93531de8f7091d4df7

                                                                                        SHA256

                                                                                        084ca4c3e2b0acb00e71b0d088c1940b9049e8f1b56b1b16b746a3523abf1c9e

                                                                                        SHA512

                                                                                        298009b3194b35cc2f6d7ae42c2fc8a7bdef894fdcacd1d77ee700b46e5fa5bc42760acd84c882b9baed05c49674234d9d7a93278d8c9f51781f794b7d409ce3

                                                                                      • C:\Users\Admin\AppData\Local\Temp\iyr-zpxw.pdb

                                                                                        Filesize

                                                                                        15KB

                                                                                        MD5

                                                                                        2f627d8c69bd21d048146c7277a46965

                                                                                        SHA1

                                                                                        ad37c3d07e45de6ffdd7cb7923b9bd28b1006992

                                                                                        SHA256

                                                                                        46465c8d72397c5c70b1ed736a6fe6c72bb3a7b35f274b87421ef72655fbc6c6

                                                                                        SHA512

                                                                                        6adbad39ad6ebe15e4df1d03335c1a9652db0e94c378ad5cac01d78fb7a027b5dc3170dceafee7955bd96142ab51201268da660cab6a6400eadd5f30e4cb458c

                                                                                      • C:\Users\Admin\AppData\Local\Temp\phs_uobm.dll

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        f39ffaddb1d6a72bd9d84dc6b5f68aaa

                                                                                        SHA1

                                                                                        c9118e3a5f6d8d79956d6d7a5edf930ed818dee2

                                                                                        SHA256

                                                                                        5530d199db31f433ab57fe759ef25509516a9c510af9f90a76b602c6bbd85643

                                                                                        SHA512

                                                                                        358de256ea6855caabdcae13bc7391605b37322877ec1558e5bc325e39a8ca0996d6f48ec224793941a29084ffb544a3167b102eba0ade2790e5c58cb7f2fc94

                                                                                      • C:\Users\Admin\AppData\Local\Temp\phs_uobm.pdb

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        ab9ba38efe841bcefd8e40ba71bae80f

                                                                                        SHA1

                                                                                        09ef350050deedc30e205fe01e7ca10016f4dc4e

                                                                                        SHA256

                                                                                        c85bb2e92c5e739b4557a816212cd61d8a10fb11664af6d88441548748a15eff

                                                                                        SHA512

                                                                                        a10c9cdbf2b4d7fcd90fd0eb1d4e1463f74cd1e0991621e17f0b34eeb265a5b20ed45b78848dbd4ba69055a971a47c618e668d3109f63c4301066597c6671d2c

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                                        Filesize

                                                                                        442KB

                                                                                        MD5

                                                                                        85430baed3398695717b0263807cf97c

                                                                                        SHA1

                                                                                        fffbee923cea216f50fce5d54219a188a5100f41

                                                                                        SHA256

                                                                                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                                                                        SHA512

                                                                                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                                        Filesize

                                                                                        8.0MB

                                                                                        MD5

                                                                                        a01c5ecd6108350ae23d2cddf0e77c17

                                                                                        SHA1

                                                                                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                                                                        SHA256

                                                                                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                                                                        SHA512

                                                                                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        3b737135d1a45102d6bdace0a9a2b7f7

                                                                                        SHA1

                                                                                        82cffd5557476010b5384672e7cf3b1db2139413

                                                                                        SHA256

                                                                                        0eab18d24969a7451cccfed7e66ea36e8569f8874e4444c21669eefa428c0f02

                                                                                        SHA512

                                                                                        1ed106cb616e7f09321dd90a213529cb694cc48c6e76e959f802e989089e5b16cf770920ccea9814e3efeb006770db2b36fcc31a9562c756e53a2ac88e257d32

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\addonStartup.json.lz4

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        35860b7440797fdf92b6b343858fae39

                                                                                        SHA1

                                                                                        62c24f43eedf6e71b226f0159dbbfeecc152f47f

                                                                                        SHA256

                                                                                        fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498

                                                                                        SHA512

                                                                                        5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\bookmarkbackups\bookmarks-2024-05-06_11_mUDMqzp9jbRt6ySnwvoA3w==.jsonlz4

                                                                                        Filesize

                                                                                        941B

                                                                                        MD5

                                                                                        20be0665130ed556da4834176282d8d9

                                                                                        SHA1

                                                                                        2e90b493924bd112c82dca176d8ecf30bca37f4f

                                                                                        SHA256

                                                                                        d19af3cc7ff4ff9d3debfdd830d6009485c59b9018e3f72da8998c9398475df1

                                                                                        SHA512

                                                                                        f982351d34fb751d3e4d130a0fb08e4bbfba590ba9fc889c85b20f4b604f652073becd30c68190d30717904ff753f18c060df03a5fde0d663a0dfe3722820a19

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\broadcast-listeners.json

                                                                                        Filesize

                                                                                        204B

                                                                                        MD5

                                                                                        72c95709e1a3b27919e13d28bbe8e8a2

                                                                                        SHA1

                                                                                        00892decbee63d627057730bfc0c6a4f13099ee4

                                                                                        SHA256

                                                                                        9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                                                                                        SHA512

                                                                                        613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        69db0906c828dfaef2e77bafda0f9c1d

                                                                                        SHA1

                                                                                        9304b4fb7275c2e3a5bf07aabb3c86e17159efe0

                                                                                        SHA256

                                                                                        40064c36f56bb77230f14461a37672dbb83b1e9d099ebca85adf664e81aeaf56

                                                                                        SHA512

                                                                                        568c54aa4193ee08ecc18bd7575b0c15489b7ae3c2ed4c9ef3b23a3e7f57940015a7d35bbd6236a0a0b4835cac7a4e26ae8ddea6e2e570469a83c82f528fc682

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\bc8331f6-01b7-42af-85e1-b36feddb7fb4

                                                                                        Filesize

                                                                                        668B

                                                                                        MD5

                                                                                        b69446933fee03d5100bfedf3b4c1024

                                                                                        SHA1

                                                                                        f932dd7d9365c0c3c8fb067eab0277721c2504b0

                                                                                        SHA256

                                                                                        099ea5c87b4a0845cbebb4305204522a68f113cd9f0fc9a92e44ccf55b6f6b1d

                                                                                        SHA512

                                                                                        44f3fd6da01b183a5ee56640e6f8361b06797dc2e30a1d7b05acfeef4199f65440e72143cc542474650b7fabf0f0ca3041cd160534c32d1aa4e0d5bd141ec4c8

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\fe3507c8-3ddf-4900-beb1-10f5c9df3045

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        26d84d26a97f3a050c054bd9336fa7ee

                                                                                        SHA1

                                                                                        c9e6d995bc9c474c61473181597529e41b8f09b8

                                                                                        SHA256

                                                                                        9029f698ff473eec36ba557faf25b079108235acd8c294a0140b9b66819accd6

                                                                                        SHA512

                                                                                        7148efac0649ab512c36512a73d9a5dfcf812cc3746477af79390ffe63d91723053d235bcd3c024885e42878cfd28f7ed56664635b9b62e86e5364a819976171

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extension-preferences.json

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        0bcf208899396bcb6e659783268d3b67

                                                                                        SHA1

                                                                                        89b0cfdd4f7bfc36e9263cff6432080429a3eb49

                                                                                        SHA256

                                                                                        0013ff84e9c5a777f6f161b7cb6bafcc3fe1ec554300e97be2361196af214c21

                                                                                        SHA512

                                                                                        f45d7288b84b08c977d55ef0de766aabab0223f027b1ee6cbd2e29f179d4e6555a479c13abde15a73b1335b37721a17c32135ff3f8ea04323d6e9a68e1c4ab24

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extensions.json.tmp

                                                                                        Filesize

                                                                                        41KB

                                                                                        MD5

                                                                                        3d95ad7f4c3f0ecb967bf5a0ee96da10

                                                                                        SHA1

                                                                                        fd50c488f94bca1cc6109f38ed8ea88c821eca09

                                                                                        SHA256

                                                                                        6f7e50057eb99c8fcefa87e0abf180316cd0a06327555068ffd3de2a0edaaeee

                                                                                        SHA512

                                                                                        36f3428a77ec50cf7f778a507f86487e01a711ed2955b61f8a1425399a0ed7f31ce01743f0488ff26009532c8fb8452e965e30631953f80911d607e17375893b

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                                                                        Filesize

                                                                                        997KB

                                                                                        MD5

                                                                                        fe3355639648c417e8307c6d051e3e37

                                                                                        SHA1

                                                                                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                                                                        SHA256

                                                                                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                                                                        SHA512

                                                                                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                                                                        Filesize

                                                                                        116B

                                                                                        MD5

                                                                                        3d33cdc0b3d281e67dd52e14435dd04f

                                                                                        SHA1

                                                                                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                                                                        SHA256

                                                                                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                                                                        SHA512

                                                                                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                                                                        Filesize

                                                                                        479B

                                                                                        MD5

                                                                                        49ddb419d96dceb9069018535fb2e2fc

                                                                                        SHA1

                                                                                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                                                        SHA256

                                                                                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                                                        SHA512

                                                                                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                                                                        Filesize

                                                                                        372B

                                                                                        MD5

                                                                                        8be33af717bb1b67fbd61c3f4b807e9e

                                                                                        SHA1

                                                                                        7cf17656d174d951957ff36810e874a134dd49e0

                                                                                        SHA256

                                                                                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                                                                        SHA512

                                                                                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                                                                        Filesize

                                                                                        11.8MB

                                                                                        MD5

                                                                                        33bf7b0439480effb9fb212efce87b13

                                                                                        SHA1

                                                                                        cee50f2745edc6dc291887b6075ca64d716f495a

                                                                                        SHA256

                                                                                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                                                                        SHA512

                                                                                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        688bed3676d2104e7f17ae1cd2c59404

                                                                                        SHA1

                                                                                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                                                                        SHA256

                                                                                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                                                                        SHA512

                                                                                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        937326fead5fd401f6cca9118bd9ade9

                                                                                        SHA1

                                                                                        4526a57d4ae14ed29b37632c72aef3c408189d91

                                                                                        SHA256

                                                                                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                                                                        SHA512

                                                                                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        2ce666b3ad6825378091e36f9c1bd4fb

                                                                                        SHA1

                                                                                        afe24c1c4fdc472d4c9e94eb515893a1d30c95bf

                                                                                        SHA256

                                                                                        580e454b567757547e057990a1d8816a05f7f2523fad46307cd961b20519e3f3

                                                                                        SHA512

                                                                                        a5085f0c61a5b2754f488e6ae133f8fd13a9c815176888295482724cdebef768f7ddb486e8b7fc4dcb1b19f20756f96540fb10f4aab856fe49995ad74f17701b

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        c0274df9d748391b14678f972edad37c

                                                                                        SHA1

                                                                                        4775a48e1618d59dd629260fe7bb1c7d1013b02a

                                                                                        SHA256

                                                                                        655ab7ef074fba184bc8cedfb99d2adf0220c971ffe2e8d2b26f439d7afc87e6

                                                                                        SHA512

                                                                                        88b6a49203d9d8c75dd3ede9ed48a9c0cc35c07fa97ddc1be94768b957665ae42e1e085095b5dff3534104d7f5ffb3b08ee34e8031a7821e7cad088a2540d05c

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        dfb8bcf943945a50c911974574dfb7b1

                                                                                        SHA1

                                                                                        39cf31d66f19666745595f62812b17db28b49576

                                                                                        SHA256

                                                                                        2a1153fa5aa81edb0238ac4519eca5d1296cbb2fb201e0ebf8004625743263a1

                                                                                        SHA512

                                                                                        c9ab3805be6684b310d004ab24f871bd2637c48cae45b64944ee535c4192a3e1b2f0d954276c011371070a526be35c302a9bbff81b9c8fe5b1abc2a78d8842ea

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        54e9245d9b3cd81a7c6b1a3e79980400

                                                                                        SHA1

                                                                                        3c5d1c4f63ac63c63c359a9185a541bb0b4e0925

                                                                                        SHA256

                                                                                        6a288268dcadde7202a1434f8accb104ad3fe4efbe75b33df528d36725eddf0e

                                                                                        SHA512

                                                                                        93acc1fdb9d9de38f681d903e3c0583f35d37d313c6a99b0c6d77b537ef8a6c0e7da191fa80c8865f47ddc97b2751087b768827614cbce30317ed7af6b4dcc7b

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\search.json.mozlz4

                                                                                        Filesize

                                                                                        299B

                                                                                        MD5

                                                                                        e4b66478ecde473b6d9c95d7a4350d37

                                                                                        SHA1

                                                                                        cf125f3ec9060bf59a3e4449b0fb151eaad01c5e

                                                                                        SHA256

                                                                                        4510c82fc9289533b0dbaf0a2a70a45589814c06be7e9adc395100ff18d5fc73

                                                                                        SHA512

                                                                                        0fef6926821a19f686d0291db9e7efb1a60cd6d13d94d4cc6fc3eeb06be3807d697debde0a5a264b430d449482bb26666b8273c7342e99d592e9b516027c086d

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionCheckpoints.json

                                                                                        Filesize

                                                                                        90B

                                                                                        MD5

                                                                                        c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                                                        SHA1

                                                                                        5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                                                        SHA256

                                                                                        00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                                                        SHA512

                                                                                        71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        93e8c672653372f7fddf9bc3130e1021

                                                                                        SHA1

                                                                                        41aa3d923cf72e38813d37cabac6d835525eb417

                                                                                        SHA256

                                                                                        17183dc01ef20793f6dedd5532f53c0139ed523afeeb0e485858697dd7a9d663

                                                                                        SHA512

                                                                                        3b5a7dc042d623cd486bc3fc875f2a2cdc3ae56a7721e20a16087b600408cc356451bd14769355c088804f36f2f42911b1f415f14f095cc08ede2ca55014e42e

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        b928234e6d67fc9d3ae973937c299f6d

                                                                                        SHA1

                                                                                        9bf24e258cfdec20510006e3300f57762e105715

                                                                                        SHA256

                                                                                        2df1c6715a43082bba9820f9c7b0b423e5d8dbf93f26221d06551c4279db1e04

                                                                                        SHA512

                                                                                        486fa2d418a7fc25a56af4af84e463e039c7200e092f2271ba88c16c6ac71bc8b8d463a063770a3dac924ad539f43dfefc113760a17be1613bf09a5977c0087a

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        1f9c06ea3fa3d7ce9449ffa9473fc3ff

                                                                                        SHA1

                                                                                        d5c458c5ffd3de6e257461c1223f73840e7f79be

                                                                                        SHA256

                                                                                        4b6ae0afe0655290db39196c19c56f8e190c0470d9b25a2b9785f434df06279b

                                                                                        SHA512

                                                                                        fa56d02946207093c3487a55d3b7492b9c95844b997352bb13925083f7794aaac2e665f805d7cf50fa1e80713b85a6d60f3c129e00d2e9b1f22943ce15ae380b

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        fbd183b87a91f35af6a7612e9dc67698

                                                                                        SHA1

                                                                                        73a7e6f50acec67084ff5272af8d5716b6f571f0

                                                                                        SHA256

                                                                                        bf615e491ac8f53cf7bfe0602e8c01a6fb53427130f37b017470f65f6fa45e2e

                                                                                        SHA512

                                                                                        a8ee2b1b76960af9585f333266eee3c5c2884684440c2ddf2cb30e57eb4d08f74d616d4b5ea06d8c553e6c8aa312fca762baf037a1a02438eff3f2bfd2c0893d

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        2017932e01c87aba694c47a5e410cc90

                                                                                        SHA1

                                                                                        01aa7f0a92e18ba585a983d5e9aa2fc0ac791230

                                                                                        SHA256

                                                                                        4d5c3df5308599c80a6459baca510ad355af0c7b28ab439c1966a2ff268411c2

                                                                                        SHA512

                                                                                        6c4f2b5be373d2b96a0f9b4262aa4bd7de0175712b2e37fef1e815d2d4c63cb9c9b2039f1153cf2014db69e6a26d3948b3f543116897c234719bdf0d3c9bc669

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                        Filesize

                                                                                        192KB

                                                                                        MD5

                                                                                        95f877f1816efebe50a70ee07630f79c

                                                                                        SHA1

                                                                                        5e534f289c6febb996b8e736b166d70ddfb92160

                                                                                        SHA256

                                                                                        87cd985c28469d0af21219a1968e5ea19d7855f9e973f7406651384aa70bd875

                                                                                        SHA512

                                                                                        dc7ddf9c30a78a9482fca30e15a343a6d010c88df41828bb7f49fbfc8ff8150e04428405050fd4ec616d6f5ef4840444f2a06ced072b4e41c988ea9c64843d70

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                        Filesize

                                                                                        160KB

                                                                                        MD5

                                                                                        49c5b368c1898df08a78322108f587f4

                                                                                        SHA1

                                                                                        f59894f92a18540f0a49146ec5ee59d28e182969

                                                                                        SHA256

                                                                                        9d6cf847978fca7c09d0ffaf264950b343d5ec62378e8dd5d0f3061d0807088e

                                                                                        SHA512

                                                                                        aebf5dad06d6ea78b5639ae096ce81cc2cd8e661c40f337b21c084a81f9f9bf502b3e3e69c84179d40c5ce897657b434e28c507521297db6048c466e027e3848

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\targeting.snapshot.json

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        466a525b72da72c8d3b7e3e209864591

                                                                                        SHA1

                                                                                        047812768cacbabad7abc81ec545c3bf562d15b4

                                                                                        SHA256

                                                                                        cdd176d7346839e4da433ba182d2e452935f397929c80e677ee0baac378dfb79

                                                                                        SHA512

                                                                                        816ad33744e2f4d0f4f8cbe21db26851400a51493e5b62ff2a0c3dcffe93a597548107bc8fa37237a45a9065647641398bd579c134903054dfc2d4e9976dad2f

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\xulstore.json

                                                                                        Filesize

                                                                                        141B

                                                                                        MD5

                                                                                        8c8e29dfc7492b92903124e1da454a88

                                                                                        SHA1

                                                                                        09e1ea8b5a53255747809121543598e55e38f9ba

                                                                                        SHA256

                                                                                        08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

                                                                                        SHA512

                                                                                        bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

                                                                                      • C:\Users\Admin\Downloads\NotMyFault.Suq0GMqT.zip.part

                                                                                        Filesize

                                                                                        32KB

                                                                                        MD5

                                                                                        0a8d92731c833019deb9cbcfedef335b

                                                                                        SHA1

                                                                                        2abc14fc5a887d70eda966c7f30963156f207d95

                                                                                        SHA256

                                                                                        1584c4316a2eb12609c2292e60f2d8006922dfc896287a18e7d3a6b7a2afceeb

                                                                                        SHA512

                                                                                        9f1313fcb0fc3bfae30c3f791162cb63f80e93d70c2d6ad9236110346f8e868cf11d4bc00e3641d9ba6e3b6ddbc92e6d2b6b144eebbe3d4e6bbb5cc00c4c7398

                                                                                      • C:\Windows\SysWOW64\drivers\myfault.sys

                                                                                        Filesize

                                                                                        21KB

                                                                                        MD5

                                                                                        d5adea32410f975ea943521da0f7f31f

                                                                                        SHA1

                                                                                        835896d28dbe897fe11c8605f59588741389c152

                                                                                        SHA256

                                                                                        49c93b06246d47522e1a9cb9b1f5e0513db736bc466983eebfbf4445479d9419

                                                                                        SHA512

                                                                                        5f4814e3de3cfecaf3f4b2a9daea783e8d61a516b2ef3298205fca050a4674bdc5f38c2823b33e8aee24346efcd56a75a92409be9ee2414cc2b178b95322743a

                                                                                      • C:\Windows\System32\drivers\myfault.sys

                                                                                        Filesize

                                                                                        24KB

                                                                                        MD5

                                                                                        c52966a7b415e208bfb17793576fd074

                                                                                        SHA1

                                                                                        2f2f3f31adcd9572a5e04eb79c93155ae4b1f143

                                                                                        SHA256

                                                                                        67572c9a0bb9319d7904005e83676026a7b23489581040806a6aadd22d150185

                                                                                        SHA512

                                                                                        a5b40941cf03007e69cb4317d2b9db8f2881c1a88c4970406e2126e19c9eb155d586643c4ce5e9a6bc8083e586d070b71fd1a5139ffb65bd093f56bb969657a8

                                                                                      • C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\RS_ProgramCompatibilityWizard.ps1

                                                                                        Filesize

                                                                                        37KB

                                                                                        MD5

                                                                                        367fe5f4c6db87e1600f46687e5aac54

                                                                                        SHA1

                                                                                        9807dc03ea1ecf6ab12f36feec43e2a635ebe145

                                                                                        SHA256

                                                                                        177625ac9b07bbffcbbb47101c2d1121f47b03b42226861bfd7974b9cebc0c98

                                                                                        SHA512

                                                                                        694e1a2c2c508aa6105872d867981431ef895834703ab498c2483630a97a46cbc1ecff9a62857fbebeb85cf2ef9c4dc51e4b6f20cf74c65c1b67f68acabfa303

                                                                                      • C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\TS_ProgramCompatibilityWizard.ps1

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        46e22c2582b54be56d80d7a79fec9bb5

                                                                                        SHA1

                                                                                        604fac637a35f60f5c89d1367c695feb68255ccd

                                                                                        SHA256

                                                                                        459af2960b08e848573d45a7350223657adb2115f24a3c37e69ffe61dea647f9

                                                                                        SHA512

                                                                                        a9a24df3fb391738405d2ea32cd3ef8657d8d00d7366858a39c624dc9ebbf0b64d2817355d41eed6ad3cc7703d264d2921c8a2590ff95601d89f3cca72ba786f

                                                                                      • C:\Windows\TEMP\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\en-US\CL_LocalizationData.psd1

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        5e03d8afb0fae97904a14d6b2d1cac9a

                                                                                        SHA1

                                                                                        78f401b1944ed92965d7a48dba036413688f949a

                                                                                        SHA256

                                                                                        538a5f22a12b0be59a7a83e0381c6ff661932f07643a87c2d3a542eade741671

                                                                                        SHA512

                                                                                        884c0494728dd9f1a4fc8092152b2253350304b745d6fc1e4b02c9cd2366bc8c92a169c549cd77bcd67e5e2e515d89d46c1d11de5eeb500d531d87839365cd19

                                                                                      • C:\Windows\Temp\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\DiagPackage.dll

                                                                                        Filesize

                                                                                        64KB

                                                                                        MD5

                                                                                        e382ec1c184e7d7d6da1e0b3eacfa84b

                                                                                        SHA1

                                                                                        9a0d95eb339774874f4f0da35d10fd326438b56c

                                                                                        SHA256

                                                                                        786d95dc0d59089e14055385cce8765888f55236b5220fdfd28cf2d9b07e63ee

                                                                                        SHA512

                                                                                        019bcb4f41b5bc5853db2fa528ef126e839c5b0d0dc096dd441ba02d8c71e7913efd16b74aed93952ad2cc5422b151c12d3017fc22a65ae5ce2e7e1fc72a396c

                                                                                      • C:\Windows\Temp\SDIAG_014c5c26-6540-45de-89f6-971c252bdbc7\en-US\DiagPackage.dll.mui

                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        526bcf713fe4662e9f8a245a3a57048f

                                                                                        SHA1

                                                                                        cf0593c3a973495c395bbce779aef8764719abf7

                                                                                        SHA256

                                                                                        c8190f45d62c5c03013ffc66b3f9bf60f52a32464fa271d2fad5fd10432da606

                                                                                        SHA512

                                                                                        df7e93617461c2fd25b5b684311126e66b7cf9f1ecfbf4c8a944f65fb2c904194ec635a9c7b962d4583ea77b0312435c7dc1b5ecbcb1fb3a5a74fc1eb2c21d04

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\CSCFB8E.tmp

                                                                                        Filesize

                                                                                        652B

                                                                                        MD5

                                                                                        ca726cbd46264a24d32258225956ae01

                                                                                        SHA1

                                                                                        19dc2263c2ba5152a70028c910715554c969f173

                                                                                        SHA256

                                                                                        d21a7258c9449353ea88007ab8d228b17a693c3c5f3927474e0793ea05f36283

                                                                                        SHA512

                                                                                        8f6c89ec71c7431794b188af171e5567e629a8bfab4e85de783c3754047382bed1ea3e21d62a6df13f9f4b2c5bf1d33c8fd27e20ac012c79ce9f4a5d7098c4c7

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\CSCFBBD.tmp

                                                                                        Filesize

                                                                                        652B

                                                                                        MD5

                                                                                        e3e3f9404a3a9768cad917ebdedd3764

                                                                                        SHA1

                                                                                        4c171cf61620696e899f3741875822382187fdbe

                                                                                        SHA256

                                                                                        fc558dc49513e1edff6642b09bb86f14ec62113d31edcb74c1f3029f69747047

                                                                                        SHA512

                                                                                        86b3b6a33407e316e81f07a0df9a744a6f126b857f70c6962b1465271c2e29586ba20035d74aea62c10af5f5a9a90718fae15b0a9bed8b5dd87e323662d62756

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\CSCFC1A.tmp

                                                                                        Filesize

                                                                                        652B

                                                                                        MD5

                                                                                        a207bd4dfdbdaaad4ad23be1f9b2a338

                                                                                        SHA1

                                                                                        d0a775db69be42163e9d773be101878add7ede7e

                                                                                        SHA256

                                                                                        53aa2587723c12e252e57ffa2cbf5531143f7a7e66dd2a85dc1c3663d14cdbd4

                                                                                        SHA512

                                                                                        72c70e74601002995bccfcdbc8d2857b4d881c1976b4f1f0d95ca20d27dbc4961f49653ef573e5b0bb97f3f75a0f43861a1567a25725716af2b8f2eb979e7291

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\bv5bycnd.0.cs

                                                                                        Filesize

                                                                                        965B

                                                                                        MD5

                                                                                        b0dc59b099ca7c12fb8ad72d3c50c82c

                                                                                        SHA1

                                                                                        f19e28849921cf51e322824c5a8ae8bc00014cd1

                                                                                        SHA256

                                                                                        e75eaaa3d7908fb05000c0a957048d20091a0d2575e87d091d11cdb3a5b562e5

                                                                                        SHA512

                                                                                        852c937d36afe3b6df5826b9f1877d511259e2a0ffcdf229c8c655ced7346b36e526928537386121e3ecbc8b1285144dabe3b760db1873cb3baaf70a0f21c364

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\bv5bycnd.cmdline

                                                                                        Filesize

                                                                                        309B

                                                                                        MD5

                                                                                        2ff2063fafcb36b03caeff1ac5ed64c6

                                                                                        SHA1

                                                                                        9300884df4115a6787cf3252862e08ab77832c57

                                                                                        SHA256

                                                                                        51f6f326044d94e2862f3c5a16c2677e5b8e72a7a1b09a59f969de80877e5a09

                                                                                        SHA512

                                                                                        df5bf388675f397b17d2f0acb8c30989102cac565faa1c060b9092c20abaa260ba2dd27fd2799b6520c3d8126872dd26775a02e554ecb8d5c4e8794bd111d67a

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\iyr-zpxw.0.cs

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        252f38959fe104203e386334ad7affc2

                                                                                        SHA1

                                                                                        2c8d8a8f2952d79afbb9f1c39407aed139a6ca60

                                                                                        SHA256

                                                                                        32d6b5a428a39416d88b77bcb7569c68ece04d78805ee8200275ba37b4648216

                                                                                        SHA512

                                                                                        7a7cb397908f0b68255f44d13b56f24b98566445f48f609c04093e9f319b3b1e06df22a5a0783faa59c12e221d3597a8a950d1c10f5a3502ddb091ebdd362421

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\iyr-zpxw.cmdline

                                                                                        Filesize

                                                                                        309B

                                                                                        MD5

                                                                                        2079a9de5b5659b3f7fd55afa2fd4ab7

                                                                                        SHA1

                                                                                        b86c850b3526cd4b4e97d607a0748cff59afede7

                                                                                        SHA256

                                                                                        b0b1ee8863f66ffc747ff719d51fd821029ae045fcca44089858a6864aeba577

                                                                                        SHA512

                                                                                        7000757e448caf14ce9e65e05cb1018806f201c71923560e1a4b5194b3f82c5abaaa00366f8d8cb987cf9a7944debd6e66ac79d947920def4768060001d8d899

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\phs_uobm.0.cs

                                                                                        Filesize

                                                                                        791B

                                                                                        MD5

                                                                                        3880de647b10555a534f34d5071fe461

                                                                                        SHA1

                                                                                        38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

                                                                                        SHA256

                                                                                        f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

                                                                                        SHA512

                                                                                        2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\phs_uobm.cmdline

                                                                                        Filesize

                                                                                        309B

                                                                                        MD5

                                                                                        5ab33bd4945e9b8eb0f1dd2700e7cdfd

                                                                                        SHA1

                                                                                        9245771a1035bc75fe2353ee70b0f267c086e65d

                                                                                        SHA256

                                                                                        5beded8a8217d6ab81be91df78ddd636a30ffb49aa62a7e74b2a0c98e3bd8123

                                                                                        SHA512

                                                                                        cb642208fd02bda3d35a7d0e1ed4afe63bd1b7c23ced79a1eb9ec8d8601554031961730ede1a9ef98f1cabe4cd87876f3a14bb57e920d7cc86b469bf56eeee64

                                                                                      • memory/3952-1195-0x000000001B200000-0x000000001B208000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                      • memory/3952-1212-0x000000001B220000-0x000000001B228000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                      • memory/3952-1179-0x00000000023A0000-0x00000000023A8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB