Analysis

  • max time kernel
    291s
  • max time network
    298s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/06/2024, 14:07

General

  • Target

    https://winderbox.pl/

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 8 IoCs
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 13 IoCs
  • Modifies registry key 1 TTPs 5 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winderbox.pl/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff808313cb8,0x7ff808313cc8,0x7ff808313cd8
      2⤵
        PID:1224
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
        2⤵
          PID:2012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
          2⤵
            PID:5004
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:2596
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
              2⤵
                PID:2208
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4592
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3868
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                2⤵
                  PID:2896
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                  2⤵
                    PID:8
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                    2⤵
                      PID:2408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                      2⤵
                        PID:1812
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
                        2⤵
                          PID:4776
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                          2⤵
                            PID:4772
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                            2⤵
                              PID:1788
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:8
                              2⤵
                                PID:2896
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3300 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                                2⤵
                                  PID:2480
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                  2⤵
                                    PID:3360
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                                    2⤵
                                      PID:3068
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                                      2⤵
                                        PID:2956
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
                                        2⤵
                                          PID:1704
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
                                          2⤵
                                            PID:1064
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
                                            2⤵
                                              PID:3576
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                                              2⤵
                                                PID:2344
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
                                                2⤵
                                                  PID:2116
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                                  2⤵
                                                    PID:436
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
                                                    2⤵
                                                      PID:2972
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
                                                      2⤵
                                                        PID:2952
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
                                                        2⤵
                                                          PID:4412
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                                          2⤵
                                                            PID:780
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                            2⤵
                                                              PID:3600
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                                              2⤵
                                                                PID:2060
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
                                                                2⤵
                                                                  PID:5012
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
                                                                  2⤵
                                                                    PID:2260
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7508 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5028
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:4748
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:5032
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                      1⤵
                                                                        PID:416
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                          2⤵
                                                                          • Checks processor information in registry
                                                                          • Modifies registry class
                                                                          • NTFS ADS
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          • Suspicious use of SendNotifyMessage
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4788
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.0.977972016\662465409" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2670af6b-963d-4796-84fb-96dbdcba07f5} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 1844 18dfee0e858 gpu
                                                                            3⤵
                                                                              PID:1076
                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.1.427345566\1705487509" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf3c97b-6610-4275-a1ad-7367e9824fec} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2372 18df2185158 socket
                                                                              3⤵
                                                                                PID:2276
                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.2.788514245\1981153371" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2748 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8dcb56-fbe4-4f6d-962b-657ae11560dd} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2724 18d81aeee58 tab
                                                                                3⤵
                                                                                  PID:2492
                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.3.609404228\1603987739" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a399a6a-57fa-4c92-b7eb-3da14eb38f46} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 3592 18d84afcb58 tab
                                                                                  3⤵
                                                                                    PID:1532
                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.4.1951567576\861683049" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5028 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f5c2c-7ae8-4c39-b8f5-aa23ecd3d948} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5048 18d86fcdb58 tab
                                                                                    3⤵
                                                                                      PID:3764
                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.5.1987574149\1307553537" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c79b96a-d7e2-411e-9484-28cb84189a36} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5184 18df2140c58 tab
                                                                                      3⤵
                                                                                        PID:764
                                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.6.1618339925\1216412294" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d8c2bd7-b23a-45d0-8040-fda2d5759555} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5364 18d870c5858 tab
                                                                                        3⤵
                                                                                          PID:3520
                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.7.409273395\1101180882" -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 2940 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9ec7c8-4286-457d-81a6-ceb9b232b7ef} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5972 18d88d1f858 tab
                                                                                          3⤵
                                                                                            PID:1636
                                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.8.1578528333\1121416091" -childID 7 -isForBrowser -prefsHandle 5112 -prefMapHandle 5088 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e95684-6e96-401c-bec1-b7e7cb48abae} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5140 18d89858258 tab
                                                                                            3⤵
                                                                                              PID:1760
                                                                                            • C:\Users\Admin\Downloads\DiscordSetup.exe
                                                                                              "C:\Users\Admin\Downloads\DiscordSetup.exe"
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2456
                                                                                              • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                                "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
                                                                                                4⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                PID:4504
                                                                                                • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --squirrel-install 1.0.9148
                                                                                                  5⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Checks processor information in registry
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:4692
                                                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
                                                                                                    C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9148 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x530,0x534,0x538,0x528,0x53c,0x7ff7d2d33108,0x7ff7d2d33114,0x7ff7d2d33120
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    PID:2956
                                                                                                  • C:\Users\Admin\AppData\Local\Discord\Update.exe
                                                                                                    C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1664
                                                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2128 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    PID:5192
                                                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2268 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    PID:5208
                                                                                                  • C:\Windows\System32\reg.exe
                                                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
                                                                                                    6⤵
                                                                                                    • Adds Run key to start application
                                                                                                    • Modifies registry key
                                                                                                    PID:5580
                                                                                                  • C:\Windows\System32\reg.exe
                                                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
                                                                                                    6⤵
                                                                                                    • Modifies registry class
                                                                                                    • Modifies registry key
                                                                                                    PID:5620
                                                                                                  • C:\Windows\System32\reg.exe
                                                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
                                                                                                    6⤵
                                                                                                    • Modifies registry class
                                                                                                    • Modifies registry key
                                                                                                    PID:5664
                                                                                                  • C:\Windows\System32\reg.exe
                                                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\",-1" /f
                                                                                                    6⤵
                                                                                                    • Modifies registry class
                                                                                                    • Modifies registry key
                                                                                                    PID:5708
                                                                                                  • C:\Windows\System32\reg.exe
                                                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\" --url -- \"%1\"" /f
                                                                                                    6⤵
                                                                                                    • Modifies registry class
                                                                                                    • Modifies registry key
                                                                                                    PID:5752

                                                                                        Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\app.ico

                                                                                                Filesize

                                                                                                278KB

                                                                                                MD5

                                                                                                084f9bc0136f779f82bea88b5c38a358

                                                                                                SHA1

                                                                                                64f210b7888e5474c3aabcb602d895d58929b451

                                                                                                SHA256

                                                                                                dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

                                                                                                SHA512

                                                                                                65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_100_percent.pak

                                                                                                Filesize

                                                                                                163KB

                                                                                                MD5

                                                                                                4fc6564b727baa5fecf6bf3f6116cc64

                                                                                                SHA1

                                                                                                6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

                                                                                                SHA256

                                                                                                b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

                                                                                                SHA512

                                                                                                fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_200_percent.pak

                                                                                                Filesize

                                                                                                222KB

                                                                                                MD5

                                                                                                47668ac5038e68a565e0a9243df3c9e5

                                                                                                SHA1

                                                                                                38408f73501162d96757a72c63e41e78541c8e8e

                                                                                                SHA256

                                                                                                fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

                                                                                                SHA512

                                                                                                5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\ffmpeg.dll

                                                                                                Filesize

                                                                                                4.0MB

                                                                                                MD5

                                                                                                3c3f780ec6dddfc5803d19dcf0b4a0c1

                                                                                                SHA1

                                                                                                e27813b9c36539d67daba118a58038ba751c2ee5

                                                                                                SHA256

                                                                                                f51ba46aa90587df7294c216d3e0d45f5cbf3a062b04971d96d87647556fa02c

                                                                                                SHA512

                                                                                                332aa9bff4db2458b7a1742f732e501dec165236b87a062a9fef4b09b734d901d13966b18d5fbe7461b50990585a240fd8b2593def254a7d03e92269f40b8ccc

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\icudtl.dat

                                                                                                Filesize

                                                                                                10.2MB

                                                                                                MD5

                                                                                                e0f1ad85c0933ecce2e003a2c59ae726

                                                                                                SHA1

                                                                                                a8539fc5a233558edfa264a34f7af6187c3f0d4f

                                                                                                SHA256

                                                                                                f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

                                                                                                SHA512

                                                                                                714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\locales\en-US.pak

                                                                                                Filesize

                                                                                                428KB

                                                                                                MD5

                                                                                                809b600d2ee9e32b0b9b586a74683e39

                                                                                                SHA1

                                                                                                99d670c66d1f4d17a636f6d4edc54ad82f551e53

                                                                                                SHA256

                                                                                                0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

                                                                                                SHA512

                                                                                                9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources.pak

                                                                                                Filesize

                                                                                                5.1MB

                                                                                                MD5

                                                                                                e9056386a2b4edac9f0ffa829bc0cfa0

                                                                                                SHA1

                                                                                                f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

                                                                                                SHA256

                                                                                                546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

                                                                                                SHA512

                                                                                                c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\app.asar

                                                                                                Filesize

                                                                                                6.3MB

                                                                                                MD5

                                                                                                91a273dc1d39acad8781fecd5f57933d

                                                                                                SHA1

                                                                                                918ae121eafdae53fa029f1aece4e7dfce752112

                                                                                                SHA256

                                                                                                f819a0553fe7e04e331119cfcd6ed399a05865ff05f0434d0b2e5ef660bef2d2

                                                                                                SHA512

                                                                                                b406f7f686b56014c198e3df8d80f104cbacb3593ecd21c35003e6820b53092f7269f35d3045b7de9ea370ae258efb0d30639a494af1b59eea3f6563cbb83ef4

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\build_info.json

                                                                                                Filesize

                                                                                                83B

                                                                                                MD5

                                                                                                5a3e7b67737956e1e0e985788775062d

                                                                                                SHA1

                                                                                                b861613a795f268ead8b990a85fda1bb3ba74a01

                                                                                                SHA256

                                                                                                3d3f8ef59d1323705154516e73d62fa0781b19315372ac2332a82029acced2a4

                                                                                                SHA512

                                                                                                86a45e9023b3f82d0f781e64de06d969ef427052063f3e8bf8cb508dc771299af10bcdff6a596e06094a7ad64805c04d3331e98b4d602556b5643f7c5c7546ec

                                                                                              • C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\v8_context_snapshot.bin

                                                                                                Filesize

                                                                                                627KB

                                                                                                MD5

                                                                                                1e4da0bc6404552f9a80ccde89fdef2b

                                                                                                SHA1

                                                                                                838481b9e4f1d694c948c0082e9697a5ed443ee2

                                                                                                SHA256

                                                                                                2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

                                                                                                SHA512

                                                                                                054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                0d84d1490aa9f725b68407eab8f0030e

                                                                                                SHA1

                                                                                                83964574467b7422e160af34ef024d1821d6d1c3

                                                                                                SHA256

                                                                                                40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

                                                                                                SHA512

                                                                                                f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                0c705388d79c00418e5c1751159353e3

                                                                                                SHA1

                                                                                                aaeafebce5483626ef82813d286511c1f353f861

                                                                                                SHA256

                                                                                                697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

                                                                                                SHA512

                                                                                                c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                Filesize

                                                                                                62KB

                                                                                                MD5

                                                                                                c3c0eb5e044497577bec91b5970f6d30

                                                                                                SHA1

                                                                                                d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                SHA256

                                                                                                eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                SHA512

                                                                                                83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                Filesize

                                                                                                69KB

                                                                                                MD5

                                                                                                aac57f6f587f163486628b8860aa3637

                                                                                                SHA1

                                                                                                b1b51e14672caae2361f0e2c54b72d1107cfce54

                                                                                                SHA256

                                                                                                0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

                                                                                                SHA512

                                                                                                0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                                Filesize

                                                                                                41KB

                                                                                                MD5

                                                                                                88680fb89f9210ec416b2da239b58b5b

                                                                                                SHA1

                                                                                                d0e7034c4ce7a100ebfba6f5ae73d2cfc5cf01db

                                                                                                SHA256

                                                                                                f3e85184b9da403ef7277231046f43fcfe9d08f2bc21bf09967c43576d6a66ff

                                                                                                SHA512

                                                                                                fb9e301ac1e7990a2f4c2f109e135c78a275d6feb07ad8aa7765ad3a5e8fd5c77085334ff1b3bab4222090bba6cf4b6b9b3a1e5da3bbf8958d64ed7143d31b39

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                                Filesize

                                                                                                19KB

                                                                                                MD5

                                                                                                76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                                SHA1

                                                                                                11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                                SHA256

                                                                                                381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                                SHA512

                                                                                                a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                                Filesize

                                                                                                65KB

                                                                                                MD5

                                                                                                56d57bc655526551f217536f19195495

                                                                                                SHA1

                                                                                                28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                SHA256

                                                                                                f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                SHA512

                                                                                                7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                                Filesize

                                                                                                88KB

                                                                                                MD5

                                                                                                b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                SHA1

                                                                                                386ba241790252df01a6a028b3238de2f995a559

                                                                                                SHA256

                                                                                                b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                SHA512

                                                                                                546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                                                Filesize

                                                                                                1.2MB

                                                                                                MD5

                                                                                                b48e876e91ec89fbaaef68677fac8058

                                                                                                SHA1

                                                                                                90d1ec84f062ed577f423c44dc8bf04bde44d514

                                                                                                SHA256

                                                                                                41b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac

                                                                                                SHA512

                                                                                                2d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

                                                                                                Filesize

                                                                                                512KB

                                                                                                MD5

                                                                                                ddcffefac58f205ea194e1612e7c22a7

                                                                                                SHA1

                                                                                                4db6276eccafc0030490f970824b55dc327bfebd

                                                                                                SHA256

                                                                                                5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a

                                                                                                SHA512

                                                                                                4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                Filesize

                                                                                                3KB

                                                                                                MD5

                                                                                                dface1f959df327faf6c2df08bedd195

                                                                                                SHA1

                                                                                                979cc3687c3184cd0ddfa82f27433ed54c51bd95

                                                                                                SHA256

                                                                                                94c43282b118b8af2f37613b7499fc9f4d6ac954d2c8ea2a0f776cee3ee7ecbf

                                                                                                SHA512

                                                                                                be1ce44492501210fcfacfd833ebc42d6367b19e491c836170b097fcd43bec51a4bffaea192c2efaac46593ff8a59b3fed365cc155120119b67fb51c06ba45d5

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                Filesize

                                                                                                3KB

                                                                                                MD5

                                                                                                f76bec6944666ada19a9fe9caea062ac

                                                                                                SHA1

                                                                                                abea7a94577e44e351a506ebb56b05404b953d30

                                                                                                SHA256

                                                                                                996b8a9f52e23f16cea5e2a0d115201394e13856adfca4b69d392d9fbba2dfdc

                                                                                                SHA512

                                                                                                6959932ec73ecf7844c0d3271a0e593652b0568baa79715ba3fb9d99390b22f61aa9e3fd4ca59cb936602f4f5bafd06238f4f4427d0a67554fd25604f839ba8d

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                Filesize

                                                                                                754B

                                                                                                MD5

                                                                                                341b5da3d20aed419e09adcbb5b0b198

                                                                                                SHA1

                                                                                                3f0d42a38331aa0ae759f9e481a738d30ec1851b

                                                                                                SHA256

                                                                                                9c665789906188f506089b89797f990a8e5d011f547f036d53615bdda4d14355

                                                                                                SHA512

                                                                                                396d16177a217ca572b9ebb71dc08c91d180e984a656df7f22e96aeb9603062f5ce78376908c9e8af94580945b89f7781cb74744d3f4a720c3603ecf9b6a5e95

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                Filesize

                                                                                                8KB

                                                                                                MD5

                                                                                                78066e2ce42ee12de90bd94c80d8c161

                                                                                                SHA1

                                                                                                b4282258fc5ed6213475df1c05caaa87528d6471

                                                                                                SHA256

                                                                                                87cfe6c0d2e833d51c4b0745b7a3d5cc169c3b90a13b5a4fe01c8da99d75f1c7

                                                                                                SHA512

                                                                                                f87123bbaadebed5efdb89208e34e0d1b5dc1dde569cf0374729f79691d5482ded6c0fa37dcbe1ddec366684db2f6f69ab5be3b4a969306ecee7b593d83697a2

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                15f819536754a2ecfaa5ec36773539d8

                                                                                                SHA1

                                                                                                457823c76de67b52c2af3ea5b776a55c9517d083

                                                                                                SHA256

                                                                                                1347bba7c05a41ddeb202ceeae5683eee34da2964ae4c1b8b5d1f5fffd997b4e

                                                                                                SHA512

                                                                                                c931d028e4684374029c1b1c24035b21d142c56cc7e3208762475bf42fe9df5ff6d0dbc4035244309d26e47d689c3dd17446762dac85a7587519aa5c3e64e6f2

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                46f7f94d1087c4c84d96574781bd5567

                                                                                                SHA1

                                                                                                45ee53a2cc783aec8ca1260a6e40db506ca853f3

                                                                                                SHA256

                                                                                                0552bd1e5ca7b742104e27a0fa7a7469492971a19b0b6ded968628387de6328c

                                                                                                SHA512

                                                                                                4550c7421872d5ecbc7773f3355403146859656e22e22fb582643e919de89dc53a793b02bf89f92f748fe3b90affd01a3c3ac5f938b5898cebb09a83700f2361

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                7c28a40243e7692d1118855e3b7ccd44

                                                                                                SHA1

                                                                                                33f1f5405273f58e8be98dad061d569a76220ee3

                                                                                                SHA256

                                                                                                31a41a3b28695fb300fd87df106f6cdafb299514be041ca7eb1dc025cc87c14a

                                                                                                SHA512

                                                                                                06b5f983f657feeffb81e47934779a065def6cbc1eddc5af0df3ee34c172a5613abef140bf33d325fa92383a499c200cb06d62cfeb4335824f6fc129837f2c0c

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                11KB

                                                                                                MD5

                                                                                                45a47c01b243f442c9a2da07f86ca09a

                                                                                                SHA1

                                                                                                7d5cff3e018c8966c3d42ee9ed3b62779ed945e1

                                                                                                SHA256

                                                                                                3c9ff1c135db3499ec11301bb142adcbfe07537957610fbe41654fbba47927cb

                                                                                                SHA512

                                                                                                e444c96d02cd6e743b4b37e6efe51de18dc5bae2c9712d4413ec6c956ec787f61292255b2083d2aee7a9b1e0aec722f391a2f7bdc4b9b4e1f68131f9a747ca35

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                1d123167b79e7a415361ee08ac60ac77

                                                                                                SHA1

                                                                                                e9f133de88da395c424c5b9a62ee64756ae1d44b

                                                                                                SHA256

                                                                                                f185755bd21d211b68054b8a61f38f9fe23d028cded6f43be95466d63b472d0d

                                                                                                SHA512

                                                                                                968387ab6c09aee8c1cd0fa90bf035083114e45155678b023ebcebf58f4e9a490cfa9606a76de62b680fcbde8abf40f008d3e561859f819682d84e233c54ff3e

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                15f17fcda814629087c0e807cbcd5c5d

                                                                                                SHA1

                                                                                                8c39ea94d88079f74ee197f231d5c681684e2cee

                                                                                                SHA256

                                                                                                81daa0d0aa11f2ee03a12406bf22bad8898dae61da4cbcf36ad89f740784e69a

                                                                                                SHA512

                                                                                                565bcbc0094b24a0a042d7ee3dbac23f3751287c1113aad3d59f18dbb49c296908079cd5cfdb27f1c1ffcaa8f1243ee3bbaa92c098b021a971a972677ee8ebb0

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                31d786f7ddf688ee97eb1a8462547dac

                                                                                                SHA1

                                                                                                dccc81490a104610059353ff69682698dd16859d

                                                                                                SHA256

                                                                                                e9f23f30fdb55d95e69e1930049a098f964092ad3811f7f6703fa5fe9c2216ad

                                                                                                SHA512

                                                                                                1ee26a14cd855ed82d4f5ea642fdcc4c4e09eacc6a5a495234842045c3ee9dd8a16bc03527715bfb6f96e2f8d275d9b992b774dd897270966526522cd42473e2

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                2677083711f8a3c8d6ae9457836c65bb

                                                                                                SHA1

                                                                                                f071f6841b446da284620e9b2d7708d8b052c92f

                                                                                                SHA256

                                                                                                aa5ac433a555362118ef0bf18cb5f8fe336a981d8f8cced6511cd9f31e63ec92

                                                                                                SHA512

                                                                                                a0f9e4d4978640f6bd4d9d70f2b33298daec2e8ba50a5095925c2688e463f3e685b5d054bc516c13bf3eae12f62327a636b736c61853061c38f25e4c721b9b58

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                674bba33f820e06951cdaf49222a9e23

                                                                                                SHA1

                                                                                                e461f26b708051584571b3cb2ebca98457dcd77d

                                                                                                SHA256

                                                                                                d03508361cc4e9814b3d4c20eedf6956e31fa1af8487f3b7a72615c0f16d79ec

                                                                                                SHA512

                                                                                                6b96fc15122e385aa8c6f9f8b9520f742f9a066ddd29124ad415ca48202b8ff7e8f6b74e3cb7cdc52aa6c915e2eb2b8d7f3d802e1138d8e99f1d2bac4f70e1fa

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a6ab.TMP

                                                                                                Filesize

                                                                                                538B

                                                                                                MD5

                                                                                                6c42e76160ffd267f83694d67323610a

                                                                                                SHA1

                                                                                                28ac10f4db65fc7d0629a18dc8cba17533024e28

                                                                                                SHA256

                                                                                                12e05cacc2fd6e1c2023e87a152f88b939088e7a619297497ceeb93a9a3b28a6

                                                                                                SHA512

                                                                                                e06069dd6efba6f3217f77cbace9720c527f3eb34874246a8b42f07217147bb3822fea7785b67dfc0e2d0d241784d309930fbc8a9f681a11688d5abcec666f25

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                Filesize

                                                                                                16B

                                                                                                MD5

                                                                                                46295cac801e5d4857d09837238a6394

                                                                                                SHA1

                                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                SHA256

                                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                SHA512

                                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                Filesize

                                                                                                16B

                                                                                                MD5

                                                                                                206702161f94c5cd39fadd03f4014d98

                                                                                                SHA1

                                                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                SHA256

                                                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                SHA512

                                                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                Filesize

                                                                                                11KB

                                                                                                MD5

                                                                                                8066bfa945c2a7d2a5e99411e93172dc

                                                                                                SHA1

                                                                                                5988441698eecbf6d89a0d3ebb8509856493bbda

                                                                                                SHA256

                                                                                                14cc892dea5836e8ffdb8065b0aa1ad237b6f60304b76bb26d22d9fb83c146f5

                                                                                                SHA512

                                                                                                28cf65ba59216bed0629cd1a0d39a42f330e617eb4b2654a5b732f40c15a8e9a125ea3ebad4c6749458392c873846a9175d59f37ffbff163e6b1a62a46e93d4d

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                Filesize

                                                                                                12KB

                                                                                                MD5

                                                                                                90c99a70b32e7c4744faa2f4ac69f75a

                                                                                                SHA1

                                                                                                3552f7bd196c752fd002d35f71df0cf5b97d1483

                                                                                                SHA256

                                                                                                6f78f86043d3e8f1e9b36243ba6fb635b80a6ade46f5e24bc68d6c1126c6d4aa

                                                                                                SHA512

                                                                                                9e813e63133502cad9ea40a246d6f1695426848f8df350c0a9c28bf817f92d82c75641091343f3ca8080e9736df35e70747425d63e2add82ce3eb39984c678af

                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

                                                                                                Filesize

                                                                                                29KB

                                                                                                MD5

                                                                                                d032c762d7373fa2684ef0067f28740e

                                                                                                SHA1

                                                                                                23214b90b66fe9d9f7157a0b22d7706200506030

                                                                                                SHA256

                                                                                                a6486700ff734b288a460b6cb234995b64e3ee32cf8a1136b31b516153b7229f

                                                                                                SHA512

                                                                                                8229784566d621829b0cc0e392fe4751de1a729827ad0c9b9cc626c1f9dcbd8aebbc86c1f6147e03980ed219c94973fa1e9b551dae275567da8e3c9ebf1f6e8f

                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11272

                                                                                                Filesize

                                                                                                16KB

                                                                                                MD5

                                                                                                01ca156a762fb6da999207a84d2a7743

                                                                                                SHA1

                                                                                                a07ca0c878926b05fd79c9b3a33eb26258fd3c16

                                                                                                SHA256

                                                                                                51abbbdc0d9efdb1d9268d268ea96202a001e6dba6c9b8b026c6275bd73df26d

                                                                                                SHA512

                                                                                                32d84a86e022c54e18d8ab00f83b24259c892c076a8d04f75ec690cc2beec6e6fee9c00f3fd4b4a75b3589b2c21a012c6333878ecf965d8934df25a06ea6a646

                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

                                                                                                Filesize

                                                                                                13KB

                                                                                                MD5

                                                                                                24a95d55e3c3f5cbc4e778dbaa7d6e9e

                                                                                                SHA1

                                                                                                fb66247c8b034d5783c174b5ee93474dfbbf9362

                                                                                                SHA256

                                                                                                802307b407adbd87130c0c2255969ddbba635e1a3c14653733b3dbddaeac776a

                                                                                                SHA512

                                                                                                7ed56b10d22e2feac461ca5662c86669f872b1978a34a658d377b171532bad5fd030639db5d975a97873945044c134c1c59ea665c9023e393ffd76070d6ed429

                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                b646c84c5991e176f7e137ff8f515f7b

                                                                                                SHA1

                                                                                                52dd56c58a28ded672942d0bf38bc94ba0168705

                                                                                                SHA256

                                                                                                beeda1c19d1ca22c41d0882ad22d9a221282eb9969d8e058d1d42ecf9ca0efa1

                                                                                                SHA512

                                                                                                e0e90535fa75d5dc65b96953ea537b0f11fac66c4daab07ccb34146f5247417dfb934cea6c63b4e8cb549a8d8629370d5baef5e9bcb1a072e098d47d364b137b

                                                                                              • C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

                                                                                                Filesize

                                                                                                81B

                                                                                                MD5

                                                                                                a7657c3d29ffa0c38fa0710c4a057a18

                                                                                                SHA1

                                                                                                5300f1c026ad4858951eb8b38c1eda03369f2161

                                                                                                SHA256

                                                                                                732fca23c9deaab2aec377e2bbba5905983a5545c2a8c7eecdded379b59699b6

                                                                                                SHA512

                                                                                                886bee5b25822ada19a411eda1b5bbb98b83740a1b17d96e915dcdc0c835d81bd2d9e83cb49fc4299aac52722c51007d3ceee3229f070fa7a0accafec2c7a07c

                                                                                              • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

                                                                                                Filesize

                                                                                                1.5MB

                                                                                                MD5

                                                                                                172a25012639d2177d4218d386953f6d

                                                                                                SHA1

                                                                                                f7a937a8d9fa267cf2cfd9f7ebfbbef0618c91f5

                                                                                                SHA256

                                                                                                59b4c3fd71a9d602778ac9479c101c87c9ec0ef28d9a986c6222ed965cad21c8

                                                                                                SHA512

                                                                                                c8d318e3eb81928d1e781182fc59a57395353443e9d33548316238f3cafcbb2de40e0978d17147a5a3a021b168f24144222246d2749dca1a4a10bff3662a0a80

                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                                                Filesize

                                                                                                442KB

                                                                                                MD5

                                                                                                85430baed3398695717b0263807cf97c

                                                                                                SHA1

                                                                                                fffbee923cea216f50fce5d54219a188a5100f41

                                                                                                SHA256

                                                                                                a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                                                                                SHA512

                                                                                                06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                                                Filesize

                                                                                                8.0MB

                                                                                                MD5

                                                                                                a01c5ecd6108350ae23d2cddf0e77c17

                                                                                                SHA1

                                                                                                c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                                                                                SHA256

                                                                                                345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                                                                                SHA512

                                                                                                b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                                Filesize

                                                                                                2B

                                                                                                MD5

                                                                                                f3b25701fe362ec84616a93a45ce9998

                                                                                                SHA1

                                                                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                SHA256

                                                                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                SHA512

                                                                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                                                                                Filesize

                                                                                                997KB

                                                                                                MD5

                                                                                                fe3355639648c417e8307c6d051e3e37

                                                                                                SHA1

                                                                                                f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                                                                                SHA256

                                                                                                1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                                                                                SHA512

                                                                                                8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                                                                                Filesize

                                                                                                116B

                                                                                                MD5

                                                                                                3d33cdc0b3d281e67dd52e14435dd04f

                                                                                                SHA1

                                                                                                4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                                                                                SHA256

                                                                                                f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                                                                                SHA512

                                                                                                a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                                                                                Filesize

                                                                                                479B

                                                                                                MD5

                                                                                                49ddb419d96dceb9069018535fb2e2fc

                                                                                                SHA1

                                                                                                62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                                                                SHA256

                                                                                                2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                                                                SHA512

                                                                                                48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                                                                                Filesize

                                                                                                372B

                                                                                                MD5

                                                                                                8be33af717bb1b67fbd61c3f4b807e9e

                                                                                                SHA1

                                                                                                7cf17656d174d951957ff36810e874a134dd49e0

                                                                                                SHA256

                                                                                                e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                                                                                SHA512

                                                                                                6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                                                                                Filesize

                                                                                                11.8MB

                                                                                                MD5

                                                                                                33bf7b0439480effb9fb212efce87b13

                                                                                                SHA1

                                                                                                cee50f2745edc6dc291887b6075ca64d716f495a

                                                                                                SHA256

                                                                                                8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                                                                                SHA512

                                                                                                d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                688bed3676d2104e7f17ae1cd2c59404

                                                                                                SHA1

                                                                                                952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                                                                                SHA256

                                                                                                33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                                                                                SHA512

                                                                                                7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                937326fead5fd401f6cca9118bd9ade9

                                                                                                SHA1

                                                                                                4526a57d4ae14ed29b37632c72aef3c408189d91

                                                                                                SHA256

                                                                                                68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                                                                                SHA512

                                                                                                b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

                                                                                                Filesize

                                                                                                8KB

                                                                                                MD5

                                                                                                659e8760c0c3e9acf6931867bbfe6f7f

                                                                                                SHA1

                                                                                                1041ded2d06e79bd8bb04e51318f2b4c8e26b2d2

                                                                                                SHA256

                                                                                                4d62a333cb1045de0aeff1984de5f57dbe18b99e24aa7f7a0689cf84e9370a73

                                                                                                SHA512

                                                                                                ee4144bb5159b673592cbaab93e32837b669cef58b79ed958492d2ab5537fe674a972e7f3c1489e4d8548a9de349d6596437c6b8298a72f59dc25a8e57e5d408

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                0abbcd5e5a195deefc2aca3723b4ce49

                                                                                                SHA1

                                                                                                bda98cce0dafdfa52da2891a175ef0a22f98b1c4

                                                                                                SHA256

                                                                                                a05c4d08851fb95e5a87baa7bbf9418f03511ab0e66c3347a7df82e1de2208ca

                                                                                                SHA512

                                                                                                794e4ba15b29afe8e450706b33ffee8fe90d30bea511990ee762590b305ee77ce9fbeed9bf39fb02a985ee3c02a8009de7a82490dcb5b448605c681ce97441ed

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                cd114da5934c38af5195654da0ee8bb5

                                                                                                SHA1

                                                                                                211409cfaab1136dd3b72eff55b884a1167646dd

                                                                                                SHA256

                                                                                                4125a6fe491d8ae67bc8f8e1dea2d2ac88539cbf93a242d3d1308026f0da5c01

                                                                                                SHA512

                                                                                                97f4059334319d5ec2774bec9ea2a3d49583487c13f0a1490c9a51143d630df558397f84eccb01980f378e3d53208f3782decdd0f3fbc8d1bfefd5c77893e4c5

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                Filesize

                                                                                                3KB

                                                                                                MD5

                                                                                                de2318ed1f4867bb6d736c2d06d8bb7a

                                                                                                SHA1

                                                                                                16009969d16ab39691b85c32b9b6d4c22fa34779

                                                                                                SHA256

                                                                                                1043582351bf29344f92f2cb9448db326b725716ffe984aaf76b2c6e11f3476d

                                                                                                SHA512

                                                                                                8194249f3f3114106450de0d0126b838908314a139a53b8b26f9cc16c214b3637718e7fbb17fdd8664e64861e543a38748e57ea186bd14b6109adea57880720d

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                Filesize

                                                                                                3KB

                                                                                                MD5

                                                                                                deeb61604c9ab319d18e7eb1bd6d9a24

                                                                                                SHA1

                                                                                                fad0fb21d09ccd8508e80249dcee305df0b639ca

                                                                                                SHA256

                                                                                                986bf51522e6e33ea14d54cd5322aa55ee56c95e7f01bc81c96ff7befaee5bba

                                                                                                SHA512

                                                                                                25f72a49b3c6823a4b31f44db18da2b074fd1bf114f977a8865fcfdffa44b2ee0e89b7dd2756d95a8014031694e9932c95de9b2d2ea41e78683f8c80c18ece0e

                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                518bcb341793086a662a4d3052e81591

                                                                                                SHA1

                                                                                                62ddda41f10204681a0c7a9bef6c692e4f19f766

                                                                                                SHA256

                                                                                                7c43d4d029fef583e1980bb5b65b41b8bd6233cd50f2fa31dc07522f1b6c22a2

                                                                                                SHA512

                                                                                                415f2189230a8ae61ae19f184c6b692a136c182316411711e53066ca61b7caa442e8a62c1ecf0153004c3c0894dbeb1d8a99448c16223563b2af5f9b40026cf9

                                                                                              • C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

                                                                                                Filesize

                                                                                                41B

                                                                                                MD5

                                                                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                SHA1

                                                                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                SHA256

                                                                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                SHA512

                                                                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                              • C:\Users\Admin\Downloads\DiscordSetup.XNxET0lq.exe.part

                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                be5703fc72b1ffed90f587a13266738d

                                                                                                SHA1

                                                                                                0aad50c44f204aec18ba7e553d604b88f48c3621

                                                                                                SHA256

                                                                                                7e9dae07c1eba63d9b65e0b2f0241902a6406e4e329c5ddba617da2f856dd351

                                                                                                SHA512

                                                                                                daf5fac58eed1673f4fb8b53c2248d561fb14e093cf53a960aca8e701111d6ec34ac80b7c39c5137e2aef883da5a2d62b28f018a4ae9287a13884999a007c3ab

                                                                                              • C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier

                                                                                                Filesize

                                                                                                147B

                                                                                                MD5

                                                                                                632baae7961971b45182ed7f60b09466

                                                                                                SHA1

                                                                                                ca8bb0a1ee6d319a67b67d94e2246ad44cec67e7

                                                                                                SHA256

                                                                                                a532726f2b49df41913f3d96f21c930d69efc1c270955d12f03f634f3499bb6e

                                                                                                SHA512

                                                                                                1904d1a4b2fa3413ed6d89ad01a05e721646d0c30c066f79b851fc5a38c1bbd14e590c294deb243ff9d8948ddc278a6bddf42a49c591472ab99afe184a505bae

                                                                                              • memory/1664-1506-0x0000000005460000-0x0000000005480000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                              • memory/4504-1465-0x00000000125F0000-0x0000000012628000-memory.dmp

                                                                                                Filesize

                                                                                                224KB

                                                                                              • memory/4504-1272-0x0000000000800000-0x0000000000976000-memory.dmp

                                                                                                Filesize

                                                                                                1.5MB

                                                                                              • memory/4504-1464-0x0000000012570000-0x0000000012578000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                              • memory/4504-1466-0x00000000125D0000-0x00000000125DE000-memory.dmp

                                                                                                Filesize

                                                                                                56KB