Analysis

  • max time kernel
    361s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 08:11

General

  • Target

    FeatherBootsrapper.exe

  • Size

    41.5MB

  • MD5

    bcab8a0235d38d2ca5ccbff6c9672c83

  • SHA1

    5d3c70a7e1045b3dee01ad0e3815eb0bbab36b40

  • SHA256

    ebb1467cbf6ed7d18143f4a0ac36cd10afb15145ca9b949f123b146b0670e624

  • SHA512

    37bfc9f8bb57051fb4eca24b1d3c421cf489e841dd70fe11301a04815ad7cce0c4d5d6749bded2805ff51db9f7ba8c2adeabaaa0f85ae8ed54a48cf3415b94fd

  • SSDEEP

    786432:H+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVL9jvzVSz59YQFS1QtI6a8DZcSZj:JXGMK4XR3bLSCU/+6yPlhvhS99zOiIb1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FeatherBootsrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\FeatherBootsrapper.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\FeatherBootsrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\FeatherBootsrapper.exe"
      2⤵
      • Loads dropped DLL
      PID:2112
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6689758,0x7fef6689768,0x7fef6689778
      2⤵
        PID:2384
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:2
        2⤵
          PID:2444
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:8
          2⤵
            PID:2556
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:8
            2⤵
              PID:2756
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:1
              2⤵
                PID:1556
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:1
                2⤵
                  PID:276
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:2
                  2⤵
                    PID:856
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2876 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:1
                    2⤵
                      PID:3028
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:8
                      2⤵
                        PID:820
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3388 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:1
                        2⤵
                          PID:1936
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1976 --field-trial-handle=1336,i,8146021272426863012,8527605599128089597,131072 /prefetch:1
                          2⤵
                            PID:1432
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:2020
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                            1⤵
                              PID:1052
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe"
                                2⤵
                                • Checks processor information in registry
                                • Modifies registry class
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                PID:1716
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.1377929258\1033836176" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1172 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d7459a3-872b-4d19-b3c9-0700878e12ca} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1288 11cf1858 gpu
                                  3⤵
                                    PID:1140
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.268579301\1513179590" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21c20cbf-a527-4e25-994c-1d0779454df5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1512 f1f9558 socket
                                    3⤵
                                    • Checks processor information in registry
                                    PID:2124
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.1486688529\1273487451" -childID 1 -isForBrowser -prefsHandle 2004 -prefMapHandle 1988 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc58400b-9981-44a3-92dc-c23ef599fb11} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2028 19566f58 tab
                                    3⤵
                                      PID:1952
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.1785005547\810451460" -childID 2 -isForBrowser -prefsHandle 2516 -prefMapHandle 2512 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c831b7ad-c398-4a80-9dda-4dd08160cb71} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2528 e62258 tab
                                      3⤵
                                        PID:2732
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.281644866\131648576" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccc055ee-0964-4ba6-a2ff-2dab6bfa404d} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3264 1d178858 tab
                                        3⤵
                                          PID:636
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.909135176\450855523" -childID 4 -isForBrowser -prefsHandle 3784 -prefMapHandle 3776 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf1e61b-6bd4-436e-b069-5f69e5cbd8a5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3796 1f3add58 tab
                                          3⤵
                                            PID:2952
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.1896662352\1130817989" -childID 5 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {209cd2b1-fd4b-4ab9-a238-172f536a2e12} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3892 1f3ac858 tab
                                            3⤵
                                              PID:2476
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.7.2029419232\1826344068" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7f03845-9132-4162-853a-eef120c59088} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4068 1f3af858 tab
                                              3⤵
                                                PID:1232
                                          • C:\Program Files\Microsoft Games\chess\chess.exe
                                            "C:\Program Files\Microsoft Games\chess\chess.exe"
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious behavior: GetForegroundWindowSpam
                                            • Suspicious use of SetWindowsHookEx
                                            PID:2112
                                          • C:\Windows\system32\AUDIODG.EXE
                                            C:\Windows\system32\AUDIODG.EXE 0x188
                                            1⤵
                                              PID:2476

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              9005e730ab1f4d457fc3e82ac1955af0

                                              SHA1

                                              aa945c300ae35fbd9596aaa696a59ffacbee9dfe

                                              SHA256

                                              924a8cf5876114616109f3a7ddeb63eb0a9b10dc14c3ee5b1832b92f4a5a03ae

                                              SHA512

                                              54d6e46edd4d09fb85db208f8eccd955cb1fc1d8e3f29aa0c8e39af45fac1b92500604baaa7e5333bbbd84b16b03a614cec465e0b10577624b1150911743373b

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              d3f0f096c1fb35a32032c347da3b894f

                                              SHA1

                                              5778192dc1f12fa3c70d593a3c39071351db1ccd

                                              SHA256

                                              806ef761db265d026d7094800b94fea0d05fc3c57baac60e3c2ce26373931919

                                              SHA512

                                              cc5446103346fdcace64401e543a402c73f1aba11a7df750dac07af687dd031517d4d2431c97e6043f3813005fb04626beabbc8ab495304b1a4a284c423c7ce0

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                              Filesize

                                              16B

                                              MD5

                                              18e723571b00fb1694a3bad6c78e4054

                                              SHA1

                                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                              SHA256

                                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                              SHA512

                                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                              Filesize

                                              140KB

                                              MD5

                                              0fd35f450959c98f18f4d5da3c4ecf7d

                                              SHA1

                                              27e48170d1cf83894d75bbf4656d68738cdd3f99

                                              SHA256

                                              c93af4e3a3c415b54847a92df6f6c49111cad0295d159d7f75400d2e6bbad1d6

                                              SHA512

                                              e8368b5f8aa262ef5b475eb6d4bcc3edc4e05bbea0d77181d064a438d2d23daf168a220d5c287972e7f8679c9d3d050b410131f1228d8a3e26fcc688ea928f28

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a253ddba-02c5-4b6f-9a55-176cc4c12d3c.tmp

                                              Filesize

                                              140KB

                                              MD5

                                              6929d52d6f041446a58c85b46298a43e

                                              SHA1

                                              e650ee80a0a936b7c4ab40c8a1e85290dda5956b

                                              SHA256

                                              13d6134157209eeba133159ea5439d6e134bfea8579ecadd302db09480e6cf39

                                              SHA512

                                              2e55a9305d88886d2298b110a1d0f90a0cbdfece6ef7bdb73c8ef1288452fe1e30349fb472f059906bd312263a0a06c5642bd2c7b88c2aa6fe3850a51d849066

                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{E2856B15-A196-4C82-BDA1-C75D273DF989}\{E2856B15-A196-4C82-BDA1-C75D273DF989}.gamestats

                                              Filesize

                                              12KB

                                              MD5

                                              d29c3d48948b47ff0856788c7f1067a9

                                              SHA1

                                              40d1d7542b0ae7e963cd77f4faa31787d13c3eca

                                              SHA256

                                              ab13a464752639064f53148f4b6a5960b36193e655f0cc8ed70cdf87a2b5fbf1

                                              SHA512

                                              439fe41b99c9fc9b9e1a28405e646d040426e797f94259e93721b14d3a5fed44f1d524f86bdb649339d9c6ad3251bb077943821d602b55ed1a03e61a63762000

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\activity-stream.discovery_stream.json.tmp

                                              Filesize

                                              23KB

                                              MD5

                                              ba1983ced140bb935b24bdd131bd42bc

                                              SHA1

                                              3562856d15d8041297a5b39e41a7c726fc173341

                                              SHA256

                                              796d3b26c81197d1b19aaff9bbdfd37e92d7e103bec556c624a63d1eb42e01d3

                                              SHA512

                                              7cfff5bd4e8604dd671bbd96533a4c9529de52a2c385da24c5b535c0f1ceae462aa35daca83b02ff515138b743c581ad2fae9297be65676e321926a6067a24eb

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\api-ms-win-core-file-l1-2-0.dll

                                              Filesize

                                              21KB

                                              MD5

                                              1c58526d681efe507deb8f1935c75487

                                              SHA1

                                              0e6d328faf3563f2aae029bc5f2272fb7a742672

                                              SHA256

                                              ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

                                              SHA512

                                              8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\api-ms-win-core-file-l2-1-0.dll

                                              Filesize

                                              18KB

                                              MD5

                                              bfffa7117fd9b1622c66d949bac3f1d7

                                              SHA1

                                              402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

                                              SHA256

                                              1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

                                              SHA512

                                              b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\api-ms-win-core-localization-l1-2-0.dll

                                              Filesize

                                              21KB

                                              MD5

                                              724223109e49cb01d61d63a8be926b8f

                                              SHA1

                                              072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

                                              SHA256

                                              4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

                                              SHA512

                                              19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\api-ms-win-core-processthreads-l1-1-1.dll

                                              Filesize

                                              21KB

                                              MD5

                                              517eb9e2cb671ae49f99173d7f7ce43f

                                              SHA1

                                              4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

                                              SHA256

                                              57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

                                              SHA512

                                              492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\api-ms-win-core-timezone-l1-1-0.dll

                                              Filesize

                                              21KB

                                              MD5

                                              d12403ee11359259ba2b0706e5e5111c

                                              SHA1

                                              03cc7827a30fd1dee38665c0cc993b4b533ac138

                                              SHA256

                                              f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

                                              SHA512

                                              9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\python312.dll

                                              Filesize

                                              6.6MB

                                              MD5

                                              3c388ce47c0d9117d2a50b3fa5ac981d

                                              SHA1

                                              038484ff7460d03d1d36c23f0de4874cbaea2c48

                                              SHA256

                                              c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

                                              SHA512

                                              e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

                                            • C:\Users\Admin\AppData\Local\Temp\_MEI29762\ucrtbase.dll

                                              Filesize

                                              992KB

                                              MD5

                                              0e0bac3d1dcc1833eae4e3e4cf83c4ef

                                              SHA1

                                              4189f4459c54e69c6d3155a82524bda7549a75a6

                                              SHA256

                                              8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

                                              SHA512

                                              a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\db\data.safe.bin

                                              Filesize

                                              2KB

                                              MD5

                                              1acdcb768d80ca2bc57a88ccb78347d2

                                              SHA1

                                              ec228ddeed853f81f5bbb204a84933a18d09bbaa

                                              SHA256

                                              aa17e8b4f8d38540f262de4353bbcddf38a05b66b07c0e5d86e496c32edc19f4

                                              SHA512

                                              d3b46103fa8b96222305f6fc3b805ff37d9fb882061eeb92aa1479503dc3f485fc168a9b9639c76f95e5ef4366e4d2023f4436849fe77be54117d99e873ca0ed

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\ab256af5-0f21-4d10-ae53-795f20e3965b

                                              Filesize

                                              668B

                                              MD5

                                              6d056c87d39b060f86fc0275b100774d

                                              SHA1

                                              76be95fb52af172ff6f89e4f3667715b5bc4477e

                                              SHA256

                                              62a77fed6186437cd51183e142d81a5dfadfe736881aeb508aeef4bbd74ecf50

                                              SHA512

                                              37021ffc44a086220d0e091d2ed57aea256b3d525e7d1baf064454202efd7c1d046316a82b62b7d0bee6665d7bcb042a2174922faf4ddfc0c0292ab89a49cabc

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\e2968a52-d0b3-4af2-81e2-c0954e33c44a

                                              Filesize

                                              10KB

                                              MD5

                                              0b0c48a83e15c6dd3708d207634c4115

                                              SHA1

                                              8ef9bc248c8c823285117fb5be1d65ee67cb8f61

                                              SHA256

                                              3e239a0bd891377f1165d1537ed4493cb93c687fa91dde09c67b55fc7f350c35

                                              SHA512

                                              b209324d0d488246a6383376cac103da58b8c0a11488628ed588a67b3a1363909dfd9fc2c09e6ab59f820f59ac22744d4a240441e821c615249603e65a5cf691

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs.js

                                              Filesize

                                              6KB

                                              MD5

                                              d16770313ed6c384a4d0fd2cd0c2c0ac

                                              SHA1

                                              1f5dbbcebb9beebfad9e91255013d9df8db21835

                                              SHA256

                                              d0b303259156942ed02640332c19946d44ef51e3bba0a4ee346e6e843f5b3443

                                              SHA512

                                              40f8b9185239f45c7339860f1f17d6418cb901064cb3586828cf530fb8cbaa46d769ff1ce6585b60e02ccf765f8baccf8b7352889202d764410e354b6260bb56

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs.js

                                              Filesize

                                              6KB

                                              MD5

                                              f4ca859aee2bd7c4194e912807cc05d7

                                              SHA1

                                              21861aa81586ee2b4d4b74934c6eb9131c8527db

                                              SHA256

                                              671d3cd39007dd6571df0defb3f7843d2137e55f5a1d8ad2d20ff9aab103a5c2

                                              SHA512

                                              94a36ce199d2496edaa4a4aea68af7ae7def6a0b90a1abaa389a51ad6e5057e14592bff909cb76c64519d1b6cbbde60c5e43192e7ca488298bca96fe6ec8757e

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore.jsonlz4

                                              Filesize

                                              913B

                                              MD5

                                              5a0b1edef80ec3082064c88c850474a6

                                              SHA1

                                              fb7d456b1ea63f0fa1b8450588078946e2ae4757

                                              SHA256

                                              a3d681c9ce965e1ba93cf465da0b893a8a3493da2487f2a8920c2a656b37d4dd

                                              SHA512

                                              19a6faa6d67c8928a277efbf7fe34992faceca9f92698c107c4f2e54de5e0e78a4f517fd20bfbc78566a0df2b8efb4e446f7b5f6a83db6ec4a1002b6154902d9

                                            • \??\pipe\crashpad_2480_DYBZWSNDZAKJRJFX

                                              MD5

                                              d41d8cd98f00b204e9800998ecf8427e

                                              SHA1

                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                              SHA256

                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                              SHA512

                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                            • memory/2112-739-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2112-845-0x00000000003B0000-0x00000000003BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-721-0x00000000003B0000-0x00000000003BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-738-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-737-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-736-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-735-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-734-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-733-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-732-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-789-0x0000000004460000-0x000000000446A000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-788-0x0000000004460000-0x000000000446A000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-824-0x0000000008570000-0x0000000008970000-memory.dmp

                                              Filesize

                                              4.0MB

                                            • memory/2112-825-0x0000000008570000-0x0000000008970000-memory.dmp

                                              Filesize

                                              4.0MB

                                            • memory/2112-846-0x00000000003B0000-0x00000000003BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-720-0x00000000003B0000-0x00000000003BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-854-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2112-853-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-852-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-851-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-850-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-849-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-848-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-847-0x00000000041B0000-0x00000000041BA000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-855-0x0000000004320000-0x000000000432A000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-857-0x0000000004460000-0x000000000446A000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-856-0x0000000004460000-0x000000000446A000-memory.dmp

                                              Filesize

                                              40KB

                                            • memory/2112-858-0x0000000008570000-0x0000000008970000-memory.dmp

                                              Filesize

                                              4.0MB

                                            • memory/2112-859-0x0000000008570000-0x0000000008970000-memory.dmp

                                              Filesize

                                              4.0MB