f25d1b02719d3b59bd9c5100e9e124975b0bfe42e4d503f7b1a97e5f930610a1

Analysis

max time kernel
288s
max time network
292s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01/08/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlagueRust
Size

310KB
MD5

230cf76fa4af0e2525b9da9a1e91c723
SHA1

95e6db0cbfc7e01f7d1ee6f738a3d9550cfd9bd9
SHA256

f25d1b02719d3b59bd9c5100e9e124975b0bfe42e4d503f7b1a97e5f930610a1
SHA512

103bf4544292e3293526c0e0508abb32cd356f5454bc9c618b09044a7c6434086f3be46d1d1a5e9794a0b5c426935fb0f83c946b460f7865ccbe4dab55c17b0d
SSDEEP

6144:wAKomy3uokeOvHS1d1+sNs8wbiWQd90vZJT3CqbMrhryf65NRPaCieMjAkvCJv11:+omy3uokeOvHS1d1+sNs8wbiWQd90vZi

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670184131125011"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1872973762-1326452598-87257502-1000\{B1294EF1-C221-4892-BED3-5F8EDD86562E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PlagueRust-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1424	vlc.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1212	chrome.exe
1212	chrome.exe
3652	msedge.exe
3652	msedge.exe
4944	msedge.exe
4944	msedge.exe
1912	identity_helper.exe
1912	identity_helper.exe
1128	msedge.exe
1128	msedge.exe
2828	msedge.exe
2828	msedge.exe
3008	msedge.exe
3008	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1424	vlc.exe
2320	OpenWith.exe
5680	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe
Token: SeShutdownPrivilege	1212	chrome.exe
Token: SeCreatePagefilePrivilege	1212	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
1424	vlc.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
2320	OpenWith.exe
1220	firefox.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5680	OpenWith.exe
5884	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 2084	1212	chrome.exe	85
PID 1212 wrote to memory of 2084	1212	chrome.exe	85
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1144	1212	chrome.exe	86
PID 1212 wrote to memory of 1540	1212	chrome.exe	87
PID 1212 wrote to memory of 1540	1212	chrome.exe	87
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88
PID 1212 wrote to memory of 1476	1212	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PlagueRust
1⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9097fcc40,0x7ff9097fcc4c,0x7ff9097fcc58
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3088,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4272,i,16957869129159489708,18337899294851329643,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3436

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff923443cb8,0x7ff923443cc8,0x7ff923443cd8
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,18358145400563229280,11952070071354262551,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1576

C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe
"C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe"
1⤵
PID:1972

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\TEST.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
PID:2904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\classes\math\Math.cpp"
  2⤵
  PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\classes\math\Math.cpp
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:1220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c0ea5f6-9677-4230-87b4-ebbd66213ac5} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" gpu
      4⤵
      PID:4128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cd07c18-67ff-450d-9fae-841b64a434ce} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" socket
      4⤵
      Checks processor information in registry
      PID:1932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1444 -childID 1 -isForBrowser -prefsHandle 1340 -prefMapHandle 2948 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb2da53-2ee0-44f6-bbc9-607c48a7b9d8} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab
      4⤵
      PID:1872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 1440 -prefMapHandle 3412 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5f43174-0aa3-4a4e-8196-c990cb3a8133} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab
      4⤵
      PID:1444
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4268 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4260 -prefMapHandle 4256 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0a723dc-a8fb-4a59-9ac3-8fc8a249e306} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" utility
      4⤵
      Checks processor information in registry
      PID:5208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35b52663-8d8f-4b82-b066-9b47deb5888e} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab
      4⤵
      PID:5632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a120c7-10b3-4dde-a080-7f47faa48bd8} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab
      4⤵
      PID:5144
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa356d21-cff2-49ec-ac23-6512b316a304} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" tab
      4⤵
      PID:5228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5680
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\authgg.cpp"
  2⤵
  PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\authgg.cpp
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:5884
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75f1e09-8fe5-4073-ab50-feec917a20d4} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" gpu
      4⤵
      PID:4512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de323640-de35-4bc0-968a-889c13e4bf42} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" socket
      4⤵
      Checks processor information in registry
      PID:5980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2796 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2271168d-3e60-4b35-abe8-9835d47ed992} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" tab
      4⤵
      PID:5844
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 2 -isForBrowser -prefsHandle 3308 -prefMapHandle 3448 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d7a8087-e70a-49ca-91d6-e47c2bb04cdf} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" tab
      4⤵
      PID:5824
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4700 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 3812 -prefsLen 29142 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41439091-34de-48f8-9988-e6c9a3ab678d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" utility
      4⤵
      Checks processor information in registry
      PID:5636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce39f619-6fa4-411d-a6d9-d618b9e7e63b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" tab
      4⤵
      PID:5128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c70de01-047a-4043-9ef1-c9e9b4696713} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" tab
      4⤵
      PID:5872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5552 -prefMapHandle 5496 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee3715b9-39d3-44c5-b1da-abfff86a87b9} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" tab
      4⤵
      PID:2980

C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe
"C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe"
1⤵
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

Filesize
280B

MD5
8ee5a95b175b87dae506a8f6d46a919c

SHA1
3b5aaef20afa5ef77f7307158fcba62c293384cd

SHA256
e7570281c0063e6ab265bb786a8883ebf24bd6b5f9e478e477c5a29c15af8256

SHA512
c5785b029a9db2e6712716e0c2bfdd610c28e4510cde5c3482fcdecc14dba809b56eab9b9c9ecd2f2468ea6b8d42e4154ec188ea71f360c28eaa1d781fbc598d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a48f3e5e7f57969f_0

Filesize
19KB

MD5
a01f3903426dbb16cf3765fa789f3acb

SHA1
0c1d1387a7b26353c977aa4d607527f3d78844db

SHA256
448fde91b774b17df2d2e3b26ac4388ab6f0ae39cc0ea8545f7cc0403daddbc9

SHA512
84e427d70f9e2943f064739cb560a585f8d7a7499eb6312dfc4271d7fb04f4c0082db6d9cefa3432e9ee97823b95f749b8616dc9b1804f5386e4f4f2c4dbd3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
9f4fb3c24866c676815d1bbc0920aed2

SHA1
a9aa855968439d138763df8ba5f85de787f1dbcb

SHA256
0f59881122b445da90a7b1f652c9df751c3037df07e9632df4588b479c216d14

SHA512
5cdd8a4243e753736498bc880a2b604b75ede86954234c787c6755f868be2ee0e4cb04cf87c7629dfcd7c7aecc33b0155f8592d3dba2e84012559f9ae7356fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
16b64063548cea35c76bf56f04d2808f

SHA1
e792e40fa6141388d9d442e99aea67817983f4a6

SHA256
894884e41d14a96b830acb6965d405102e4356a71780b25175078dd9f4a48e27

SHA512
66a2ae9177b878be3650f4ba54e74e30efeef29a6f69a840203e2d825aabc2bfc18c6e5185da73b4956fb221994a74255475d5fa145de723eb90613faf53912d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aa1e1de89e630a450b4e056cbd23d63d

SHA1
1364a4ad7a1b3d1896d354395cb4c582ff62aa32

SHA256
2eeaa7d126b23df52995d717477c6292af509e57ae6dba05b9402e3112eae3a2

SHA512
772128f54d9cabac28006f35317ccd2b351eebb0192857bcaa5b6e42c0c7718bc5dbb43fb297c9dbfe6304326607f5a807a73b60601c0e3440a12de9622046e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7d7b48561f742dd68d729d4897ceef7e

SHA1
0465e149bb6af4124a01a2b96b28d09da588f7ed

SHA256
41f414ef807f28f3094df57d24154e63926d032e76be400543d812f31c291a2f

SHA512
16f0b240d1930ee5b9249f44e480d596e8ad0b7f5de72f509ef9dc67e7be660e080c8ed96f82ee4bc268b63e95f6db0f04322cf7b676ba2f564adf24b39e04c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f18357a8cebb88c44771ccd8b54a3622

SHA1
26844a75763d742e21b240d20fbb4543cc9f54da

SHA256
f4b4e2dace374a1316ef84948baadade15db75f12d1241ad35205911c6b5e9f2

SHA512
c0b5c9f0bf96d143e435bfa36f661874ae976d0f5f656b0ef96d5a32e96c39fb1f0a47fd7160968625a19e3f173feb4c11ae358e6660d1c7b69adb312cd751fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0327124d3beed10b745c0f6c8fb9b110

SHA1
cb95faeda023fcfdd08f53631f94478fbe6263b6

SHA256
52020de6a47ecedabc9f10ceefac2e22c49f2061848b59ff20675af6b862ad36

SHA512
11e9946af5100e33ce3592759fe1ec877c0030a420dd1a38f50dc1ecea2b915abd4fb1cc45838bf3c9410ee08a215d72eeac1e98cba6088ae7f17536e1afd2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f62f2bde5bced366618d6b026b4529c2

SHA1
320e32900fe80ab706cd7f774698371c69859e49

SHA256
a6b70989a460970dd9ead3f658bef83230b36adfac60e6e1220e72b24d575b56

SHA512
a8474209436304ce6cbcec281817fbf7bffe424864a3c9a3d51a3b0760755fdcf3674a95cd8ade1e5ece78c96204daca3f0e12a1b79e0e2485a15ca9443e9f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25b25f12735aaff26981c524ec58ffc6

SHA1
ea5d82b108f766659e944132704c4ae60421d278

SHA256
0e2efa7fce2dcfe521639ebbf5e0ee9d32ad5112d5e5cd27a1a70c75f1d989f1

SHA512
5c8ebd94b952112bedc5a8a9f9d38e7c93624cb93b8217e0e49b38d405707956757b7382f683829c8a967bbcd68f8fc272c8dd1a7bcfbe248a617d8441f11822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e62a27457f8a0e1e6abc260ea415ec7

SHA1
ad9fabf3fb3264b7f220e5972045c063a877463f

SHA256
6c33c7b2124bd1f9153f8c66a6a53990d9a961e4cdc2d978715c648c649cd31c

SHA512
bc9bdfa2086e258860442bf5add89b6944fd564d58b20bcc2ef02d491b80de7412199c6292c5c481e299916f0963473166098a6fad75407b79748481d064fc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39ee6a13c2a4b0742ca16c00976f9d46

SHA1
308f2dc43e8bb6eb336ae25f2f61d44d869c9dfd

SHA256
51e3f4447c1de56355ddd80fef16d91ca15c7d8283ae7a871cf249dbeba5ac28

SHA512
9a9eafb0650fe4c9b0740c3286901e71be1a66b0607e10b5953679e597ffbb64338db6d9dc21ee91f9f448d5e7777ba2be50e584af9c2e1837314d852c512274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27f10e5875cb3b2df547b4d7716ea7f5

SHA1
18aa23ccaf6249e34154297d73b318ba36d8d8ee

SHA256
c6c087ba2e1f893a5d1dcdf838934138376dd28cd1502b7028c9edd298658493

SHA512
569dd63aa76851289c5df64aa7f941545f92890beef0978a719a5e3aaa837d1bccf5a7c57119ff60e232d6150536eb7523d9cfecf0f7f74ec257578fae6685fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
823ac3ee062588fa38b33b2c9880691a

SHA1
99a27c650e58d64b7d88983ee8c860f300ca08b6

SHA256
9f40d237865d9dce316e28f9dbb676aee3d6c940b10b0f8f44eec58cc78e4d2d

SHA512
73cb377d097d1161b9dce266ac61561b8e1a68d482a1aa79a9061b4f7c9fb86c27f7fe0b93a6baf68571f7d8d914fdc4b9105e6ce736e152ab35c2599843bef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5c4668304b1a46998b8b337d438c6150

SHA1
103da24be0ad5057bffedc2a0d1b2464f61861cb

SHA256
520ce05c409ee321a394761598188a1a382f6a3270cc8589ec14e2c9a040c6ba

SHA512
1a0a7bc107d12771c12a67d5aecef3e0c3c3462ef3ce1485e267b19ce90816d6ab1a2a744c87fb9435bc3e82ef96e6601401e80e50c81cc9f656b7071c338079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
efa56964c1f8ee338b192fb58ea7bc0a

SHA1
98e9744efe80029272cc45f493d304bc9d2b3e9c

SHA256
87027283691908d07288d07ed739aa09c30b9da45713dc51643c94a36a096806

SHA512
0eda8ccae9fb55c4f3841c09451ac311a158fd6abdfb9e16b3a29357cb1465c8a859142a6d2271b147f775dcb8a9d978e7375c20650d4048ef15a700e13f4038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
82a023b039ecc16eb67b263b7a294ff7

SHA1
bd7b05bd87208566e2f196083b17558d7da7c0b7

SHA256
5eac78128a4fd96129c8116c1f3063e39b1efada19092321b55cdabe76c9f10e

SHA512
6d65c7907b45032f2cff8f89249bd4957a473a44c3c49c0054f067e63834d935d014135a13984d69608da6a0db859a3a18c26f1b56c6aececd2e8b17b0af7c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
7b02a0f0e4c665800c6e791cd4e07843

SHA1
d0e202016c593af35f34ca0439c17048b4a82281

SHA256
10f335629140a512ed46772195f1a794b7cab09cebabda782575d0f70de5735d

SHA512
92bd58c4d4c3ab6a5c1114a0fb5a6814d8cbcad90d95ce498f83e53540aaae9d092552d270c156da793b1da8673c705a4db6427b62a7183fb70a87cbf7aa418c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
34cca2a29df139a4a597f6f9bd0d8a89

SHA1
ea4345f92f6ac835a082baea72ef3388c2f711ea

SHA256
8f2721a0f9e2d8fcdfbf2d361c794bc420e847d90ce5b8bdffabd6e66760b5d8

SHA512
2076d02186e84462879c40ffdea793a7bbb5c7db87a2a621cef77def87a4ff7ac557cb60857e2986e4eba4032cc68eae626fabce5165df198d4f37708f1766f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2fe856e51c83a7fa7e350db6162f98e5

SHA1
9ce3fa1b106ce143c642617176a2d004bd227f72

SHA256
69519d25314a7237afacf1d82dfd97364359d74ee1a31bbf10190d099d094fd4

SHA512
3c11ffbf3a012cc514341ba4d2dfb756f042de6be600ca931a153370156b130468aa88aff54588add5119edba651fcdc2dc04b5762e285085a3590a50f2bb295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cccdb04720e1632b3ababce0c0954ddc

SHA1
627fb15e39972f5339ba623ccf2aacf616adcc12

SHA256
4aaa61366719d6428b64217960e4c31bb925799dd75288307cd306a4ec833a0e

SHA512
4af29420d1bddd88a5fcfca9ef860d2cd1f97b9bf295c16b522a33d2580f264b35b3a373a1627a1f3be80044162c8580f54efae2e55befce3de8915c916b5bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15960b37c05dc7b54098cd898fe5a4d

SHA1
2c7923730ff68a25d23f8e56c3e5b8e62d2a1de2

SHA256
a3dd370b2b481e239fa13c330f274b7d279573b77ffb813ba68a4961b36d6cb6

SHA512
7e0016a20ed5935f0b0ec2722617661b2486cfde8a9f0901c5f01b23a1545f8637149e5086281f02d834a6be112cbc8eae4af86639f7c1e1c9e2bc34cdb6f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a9caf082ab8e70ce1c73f379971f8f76

SHA1
46b80020e278c9021394d99a452589ed36c20432

SHA256
6f68f4ecd8887f60dc8ed8b9d8d1a4e9637521f2c9cab6584e23e8368448ccfd

SHA512
4317193dbbae94383059bb53493ae05bf0a61d7bb4c28caff3e19ecafcd3a6b9aa71be4aac978b81f5104e4ce9f460847b0a6f68e5c32040f2bd7c0bfe0bb2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8a184e922968499ff97495dc454ff03a

SHA1
3a2a85ecfb05aa625b2fea56bccf94eb1bfc6692

SHA256
c9bb024c68e8a51735e080cff0a4c33f28e84527b467857a2a2109359a945620

SHA512
0491cfd5d0ec163720ef46c3cb6c4764d35c608c68b06c1ef1ffd782983dc9a74be957d14b16c67ac8d5d9824621da81da08d6cc91611975a55b5c3ce9d19873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff50a20074ce7105f2ef2de7f5150ad2

SHA1
ba199d94044d1cdb94c58b299fa41194936b58c1

SHA256
525f2e1f70063eb9fd9d4d812f92e6afa4b4b37dd30f12c003dcb7b8bd7a340e

SHA512
e0f1e1bff4306497cc6677a0851b0345d4f1246bd3705024b206a4f05c1c67249045b726868fc45c460e1e58093c700548cbfbf7e45d63be2b5690df00a19422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76de9a80c428eee4726517a31d061a83

SHA1
1719f191ec432fbab8dc900e257a72448eb68aee

SHA256
91dcab8b3d37ca14f0b06063e7f050c11784e2ad1334ef4c28bd0f8ec339da23

SHA512
f6cb772a5c628e26c33a95f41b545b446e0605fc8ae625e56edfd06efcb618e06504d05ad2d0d092b28b1fb3c57e0192c1edd86675ff07af333675c827293a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9efa7d4b7d8179c00a8dc1ef5812d69f

SHA1
dfd787a8908c87d74d700768c5d979f26803371c

SHA256
84e31c40084d67d47b3e34f6b6adb8cf8327e7793be6bb92fc0e214a4f99b84b

SHA512
eafb23a5e9fffce6061705210af14864789b0083662567d9627319e22b7f8c5ebdd4137f1a219f55bcdd3d29a46a894618a0de817f627588f39eb518aca9bf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1de91b04330ee1f59aac1caecb73e16a

SHA1
937fe1547520b1cec2692872065a725845110d72

SHA256
f0d54599c1b25f1efcbe342ba3531dec5c31feebad2ab4352fbb155a7057e723

SHA512
487601ed560048782fd2d1376a512e2d54a9d8db1a53a60bb3212a5f24a89994658ee712d55b1ceef5db7eb0a9030e93e33aaf3faee363cb720222db0ee5d7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
187e5ed19a342fd88a931c3f45866e91

SHA1
2eb426d20015f67d9fc674417e226f79f87233ce

SHA256
d1dc11a6288d334af486d740810afdc2b2ac5f33a64d631bd01250da24c03614

SHA512
423bc7e1e9ebd2473a950d4e187f214d47dfe951390f70373952760814d0d5bc55d7adbbcff17779bb3a9ae1498f81d57208526e0be69b3d89e57e6140d89709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54b1d753f346632efc392ec78d209f42

SHA1
c608a1ea9140580767f42ca74357020f43e09bb2

SHA256
420c1414a381e66899df8e7d3c422df613e6d43760efe2b51500c2c8e14f900c

SHA512
bca427798adecca7bf5c377968f16c7e78fc28e921b4cc0f70cd392b21193084f249184081211c6f9f3ccbe21df41c7653b958c7a7f77976b325ab5b91556bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
659a09e8cb78c042d86dc3225846f8bf

SHA1
f0184cf2d89a42024b9645e759dc6fe5f0906f15

SHA256
e2cad234563b559683879c1edb0cc4add577c98e418e0c9f05d49bf76de75806

SHA512
21849971a61a11c61b9e42536a850c4c78b1d7e9d434531daa98f7abfe77e4134ba1a089513ef8fd1945592c436ac43e11412d75ff7ef5f542bf5d49c9ac2aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ff0f9f6b9d89ff68b99334dca40489f

SHA1
5bb7045cd6e6b2d1e010a66042700f72eb176c60

SHA256
f3a180c3fee7c295c22e75574435356bd5ed29d10e1312e3f862e5212324de29

SHA512
6b57338071a873699cf415388da5fca8393e23cf9931b4243372961102699cb60985c16382e2fa3474a63319bdccbc9307770eceabfd5f9157d5e9e2a78d93af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1733.TMP

Filesize
1KB

MD5
7d4ba41800544c55cf2a9d94ba52b6f0

SHA1
b2fe0e3b25cff5cd0d08e1d3b6254e24d6166925

SHA256
fa8bc5c046ee6224c0c3e472c21c536cd5b0a8fa719026a7d035189d93bf7b5f

SHA512
80090f145277de11c67b98f7860973255c6332fe09e4eb1d8842ece640b77ab99ecf3e779bc1b81f89485df801be5ae0629edb9124485dfcf99f22822ec8e404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fd2f0de86382ec20a0f8abedfac7e56

SHA1
537f5a4a7c7eccd446ff40f6d6d1185a623145ad

SHA256
021f42cb07b3f84d6b0e541e5e5284e72d2f4a2900549a1772f9d3bf21c24fbf

SHA512
b8d7cbb01d7b65792132378f8547664fcda1cac54af64923bcdd5d6a0df566f6b8fa8a9e3ddcef1457b86ffe5232540d21720b3c6afa07d0315979a0166873e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28ffc2df937106f93b64f6b7d0785e96

SHA1
5f76a1abeefc7394613c2d9244b204a070ec0af6

SHA256
e1ca741727e768b27d46a158618cc0ee6b5cce6cf5f68a36b9f71c496d982d39

SHA512
0b963c90fa1e9df6ff71f9f3d354064e3e48bb62b728b6193085c851a2329f9335717098f9288c958a10c3d3c4a588eee2e9de4af0b43c2086b8051123dcf203

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
04054f00ba85c8e15678923ab1dbd02f

SHA1
408325d5bf7b21268ce27a5e49035151d40aa148

SHA256
3fdcfd8e1d2a7c659a5f2d6efd87ab0518d95943d60b227d5fc5154092ec3d26

SHA512
53646274a35bf831eb216823c61455da5cdee3d1ec124db858eec6907a98d5c8872e1733e9ebc5fe2f4baa54069bf7a9e96fe5c11eab776e0ce4c16e95eec06c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
b7b2a534f8ba8339e2afbdf75fed2df5

SHA1
e27bb2ee2764e4c5ab80a48dcf23963a304d9f64

SHA256
44a21d8b0e8c5d3c6e36bd7e6ce81261ec07643b1c4cd2815dce31301bdcff88

SHA512
b1bf7cac88118d5e7ff439c9d4dcf2bf3bc3e209c0918f6d0a054773084b42744b3a66a9701bd1805de4834d8b4c693b9ec66c0e38922090055fa1bd9e495855

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
6a8e20b81c44fe688e07b0e644ac4a03

SHA1
ff9a8901ce405f27f087c66d6e616bfb44dc78d2

SHA256
8d1488705ca9554534a9a47c27e4232145cce7e6c3b8e293504e002e7a5b1e51

SHA512
bf709799ad3b68ddf6504316850e6c2d140cf189ad6c7809340f79ffe7885fca7759d51e071aefac7d050b9fd8d391593a9462b90489514419df766ccfeeb8cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
2df33650ed6554f60c2a7b604af41ee6

SHA1
5cd2cac0c00f8695bdb82c8cffefb38ddda96130

SHA256
6b55b505b7cf37681393223906bfedbeaef76cce54c982de9661f1f6e59719b5

SHA512
2d8d81f6df909a4b54677b75a6c218e1cd8b441846559fb819e1de0294d5d96ef0e8a32181d5a9050afb9109fce6d95c4a9f0431c509f375dae7fdeb2d46c2e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
d8b2c5f65023f8a849b2ddf74224bf6c

SHA1
61e36dcf1969b84366f4f0d593a3df16d81d4651

SHA256
9ba4a8bcdbc0c99f6bfded8eb5ee8b3aa4079d24e00c309044d53095355c6a79

SHA512
cfb2fd2629cc5a1a78a88d2b1221800b7f2c8c915b3ac9df84a30b5cad0e9d51c30dedada071db01016fde0e9afe89ef3494dd1d3825654d75af3f5d78a25193

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
4749a5e9e430e6f56e38cc488aba50e9

SHA1
1812d38efec74342d93aae5f73ebd8115b2981c7

SHA256
1d810fd340a20cffb85a86986d75ff0dab5a7b46a9ce3d9235971f7565618632

SHA512
026b01b0358983976160346deb342bc54612c0a3e242045cfcb4dbc8486860e8bf0fd9cf5e927da514d88409289008430cf3bac0e8f686ec17b133df5a19b2de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
8e2d2681f63f499c002daa9c1d308b00

SHA1
3479349bead123f049c6d6d30c55e9e191fa74b4

SHA256
5a243345dad07619b0c47cdc00befb438789710e36eb69acbe25540361075fe2

SHA512
8815d2006fce5ae587de348b10d6e2436fa78e033f240516f08d974605785d30e2965f9b2135689b7d7da70d011db442530f28dae7c697f779b4e761945d9890

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
b590ea4d32a90712d4dc00affcceab9c

SHA1
433e313426932eeefff3ccde73af15343f718dfb

SHA256
6c5e19bf9b331d7155c6b81cde126f762def7feff01d01e5bd0fec9f77c744dc

SHA512
96031db41275e79448df8ced6cf5f1109e08cf80bd4655b4b8f4010fdcc5bc9ed66ddcb57967183144d04415472a9018916c1a16805dc42a8d94c41883cf7ed6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
b6dd61c92e232f544aa3a0c21ef193ba

SHA1
bf7f4e1700fee29d3a139ca50dca3efe9ab54958

SHA256
7f56d6ec920fb4a236144e7882e4d8ae612384d2d8f2805769806a8100843c96

SHA512
86dab9bd3c6adb1985098ec16b572098cdd148e13e2c94868cdf37803b22e6b15ce2ba091fdd7c4c7b2e0ff621b203a7f08fd88d7124727eed142f6ad9ef3f18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\AlternateServices.bin

Filesize
6KB

MD5
d70bebc3f5d417f7199f6c693fa17d76

SHA1
26453331a9adc4069322c8c569ee235b418d6ce3

SHA256
2b0b994bc60a62af12c65c9cbc91c872eeec18a5dd6b04e83f3b512c614f06f9

SHA512
120cd303969f1775a8b9024879c4009cd6b0b08ddc69382cba06747f16a38630b6e8235ed9e088da44531eadd8c191a1101b134e21207c5741efa15e5d17a66f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
50fea2836cf72c7e741cb0751eb71589

SHA1
3a8b03f285ac3c6f253c2cf9059b34c2f051c235

SHA256
56d9c379a43d244223c2c395ef12f938aca8ff3a2b04e0eb9b67d26fd41549e0

SHA512
805be2baa9425082f7616175c5c4a246342f79e720b1e2371948a0d2719ec9ff51c6b98d2040a2aa1c99cfc0502cbc64efd7fdbc85b487d40c08d4ecf0e41388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
6be92e3c1a7252e68cd7db509585f63c

SHA1
2492f6ee6d741cd54690a3e23004b7196a981279

SHA256
5377fd83de4b4f090cdd8b4edc3ea3ccbd865956470a65c3f026ba244200eaa4

SHA512
91eca75786efe785d522fd4b7c9e4b515880454ff29f07d56a03642d2a64672aa917cfdef8e850d9f2ae17f826d8bee8b7dbb687131fe4f44bfceb32adab80c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1205db1051f68ddd40497b6c564db2f1

SHA1
41246ef72efdadb831f6cd37d15f9988bd40cb4b

SHA256
a960eeb7a3167adb2f37c788dc5300a220c445606477b77af8ec84b8783d124a

SHA512
6c5ddad52d8c2ccc7432fb353ae3adfe2ccf60e22e18a59db8a5518a8ac8f0244fc9abcb59044d031958083876ee7325e6ac73b8a5c4cee0c83f2e5a07b8a5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1e591f534fbb14629082b3af367a8f1d

SHA1
9877e7c75c754060f626aec4b16278af9b161d43

SHA256
e6d3739b0d2e31d14b193df4a4d5fb3cc4143f154c4cd6394467c0ad4f7bb7de

SHA512
38f87d665cdc4a7898a769cbedc1e4af852ee7b2cc7c9b89412dbe9569bbad608ddcadca84dbae212ff8e36996ef763e800a9823711c8afecdd48db6fe1fc2f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a11ca11c4c6fda50164b3b824eb76f85

SHA1
dab4a25f5b005f9ec0925e837a117402b6c654fb

SHA256
04accef183ac081c5bd3965372aa795016f34fbaea42f03c6da9ba5d18b1748c

SHA512
bb0677e0e25927b46cd427e5c5a96a89ef92d143973c320ecbc0bf2c1044bf977d9ae30db1887e12c8930a4d5f970f4f214820564b8766bf0e972441f4f24762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
cf5d08937e9874126f376d4bcf63d6d6

SHA1
ddf3f3bfeafdeeaae7e4dacd43d747a1bc6ebb66

SHA256
0195d06a9d73093dd4f38730ad5c55a21366481cb0990740fcf68a282fc8620b

SHA512
740f5a99734cd406fe83e76fe5738af0aa93552f09d818963e1c503ce9285a7653cff7b656addf9b36dd5f5dee890b56c6c062376495cce5b52245e8107c2d0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
d77de09b877c22759bb4a4be0c490f5b

SHA1
0d0dcd59787c58f4dcd4ffb64fd60e38b3bcd824

SHA256
a13c333e816d8cf0dd2c32981f8f5a1316d9253be41709ee52961dfad55243e5

SHA512
b6d99562120f8349c02f6f51aa547d733ef07113bd1690045eb8a8a94535ee8496ca870b4fde918cdd87d38a8d009263eb1998d727f396446ebc1cc481010ba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
fc3d1937eb5f3e43ccabd655dc0f249c

SHA1
056087e9609c2a99daa4eb865daad42b017adb8b

SHA256
1d236a5d2dd355834944ce5a8ea55ddeccbe9a6044fc828e7313b0bcad793471

SHA512
6e670015263eec26d23df605f662e97eddc9341f045e175e238bd982322572862c755b6a2b93a46d037bbf4eb1c163cb45b40adc19a6e044c317bc37b6516555

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\13c9df7e-3d76-4bbb-a0f0-67cb494f7157

Filesize
905B

MD5
e4e3c28ac2aec1f654f1a05f1b4c3eb8

SHA1
2a05cef5ddf25f7ed23e614064cfc0d6934c536e

SHA256
3f7ec15067e3609563444c0c1496b3effc797b4d14887754bb496f83afcb6910

SHA512
52e36a67501c5646a4b0919c3f394058b0bb50f54f43a56ebfa7ad112637a0c3b064010ab273cfa1d2ca2ff818b8a06a546252aaf8445278f78b035fd8590ac6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\18dfa333-0ddb-49d4-aaa4-4c4f19325a38

Filesize
671B

MD5
adb5d62237402bb4cb41e84090648bef

SHA1
4e78dca0821996ab73186ebe7853b1a3f3776560

SHA256
f3a065fbc90a9b7ea38d014360adf0cce75164e147474141cc7c52bddd976d8f

SHA512
326d1821f324d5430d31299345cf3776e6f0e56570a6ab75b84865359f0f9b84c31b93838f172bc3b012ac9c4f91d75fb8a3bea1f5420a294d26a51e316331d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\54688edf-0c3e-4479-be63-e1c2059d91b3

Filesize
26KB

MD5
a0c502519ba42a2dfd803d7baab75679

SHA1
2901df0e8d4e78f1b7590583091fdc24023397e3

SHA256
b9f185a7abbf8a9dd5d4aee251a7fdfeb0723fdc1adb6bcff6b8aa7ee4567c97

SHA512
03d5bd0b4a83cb8a8a300bdf0a6e89522809a22f1f3abb362921bb915fbef917fdd18e814e5bbb5fe1851cd372173978f108c96c6fee4879d98deea7866cc272

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\80a53c5b-eb0b-4f44-a272-1f280d1433cd

Filesize
664B

MD5
b4455a4d14f27fca677122e09a48cc5a

SHA1
5e02d6d7e6a6607436fb9b1260acd21d5283d7be

SHA256
daa177adeb9dbb9e5621c21afeb8c5fc3334dbb04e0450a0590fa91b14022c3f

SHA512
1adb9ba1b2d804fc5dcdfd41203f474ba671b0d3ba2f2ca201c055ce0a9d08aa311036f59a84a1e4d975ff0427d910a81c761b9ec756f1b4924cc750170342e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\ea95c5f5-9174-4db7-b635-52bb4a7db1a8

Filesize
982B

MD5
3389a309abe22a98aab91bca29390335

SHA1
5729da7aefcad23759c74a4490ea1ac914259bf4

SHA256
534ce230588afeefa6da0f253c52713ba65cdbf42fc812b929ebd6fe38b8d704

SHA512
66681aac03084e16643fe1c289090efd04301bed72b476ffc323879dd767aaba7e7600f9447e6f9b8b78116dadcdc02f987d96eca1e05a43ac19f3ce0dcf121d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\ee25a13e-c857-44e8-ab2a-9e6a21efddea

Filesize
659B

MD5
68c0ba56d2c4bf58c8f796e2e2800caa

SHA1
5a2d52fdb617248cd57b1d738f3d3a6148a527db

SHA256
48a92b24417e1072479e22c74f28aeb3ef411a314195a5624864df118f7f3290

SHA512
1d420a26f508834026ca767fb7b9042ba5d96e6165c43ae2ae83dd9d7cc78e0983de514e8cc3c9dd936c8940b7039c10981e893b9ca0b01c67e93a2c0d5e5292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\places.sqlite

Filesize
5.0MB

MD5
753e843a0c6bad9644f0e76421c8be37

SHA1
f8997c1b58206e892fe8b4052f1ec937332b0224

SHA256
e265e264b84bcb36335dafe0ee1e234a42a0523044641906d20978b17a1c3bbd

SHA512
8b5ea7f09950442dd770d2085d6a1e2e31fc951ad8ff932be9937d80ad83af875111b119746d87ca9c45b7a7d6735336e2faa9d45b9814278f05911cdc4068f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\places.sqlite-wal

Filesize
416KB

MD5
abff21aef49cc5a13f5801fb54d34c97

SHA1
886b281fd782789ab8b67f91c332f38465b70d78

SHA256
b74a5369a8e9c62b4e0c8bf619e4837867470f7e069923346dba5bcc3870dfc2

SHA512
de75660dae3df6f6221a9ed94b27b52f394f958647cf6b01b817adbb3443e89a172b4506e8b99447989be561131fe899042099dbaa4cfff95ef300f742555eff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\prefs-1.js

Filesize
11KB

MD5
9d5613906a9dd49394358d8184ee9fcf

SHA1
656ecac90de82fb272834fd48fa883190933a5c4

SHA256
500a4809b148cc858cc773c3b6f55dad24561d5cf1180c1e55d96dcb6b10ec81

SHA512
c649b2c862a9517a7c78b84a22198eb1f8047266f71af8eabebaa758c0c9dc20e7e956c10bf5ca02bd14491ed5f5a369be17c6d946ef69872dfc6b598a4f56e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\prefs-1.js

Filesize
11KB

MD5
69814b8e358364dc75a8a163cde0d901

SHA1
2791647480d8dc17289094e747d3011dd9359d6c

SHA256
7058c753f6cb206fd5e174c9f16412c5af19f224333074ba9f57afb58c421819

SHA512
c9f953ee75d41894d7ed3e546aea56daf8539890f79f538655c25daacf3291ef9431402ff5b460b63c5330188d19de225b620d3cabdcc66fccccd057e4446939

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\prefs.js

Filesize
10KB

MD5
5fef9ff5a4e2dd2004857e21b1472b79

SHA1
29b5e76ad6cf1abe5e1dfd229464806848daace5

SHA256
a36e9544ca8bdd119a35cba22b2a213a93e594f35ca0ce58d9cccdf2d29cdf31

SHA512
0cf169c050e68f48815d9461bd2c14aff3bd24f729a03059d4afdab68d2d7145a91c159490be88309ac0c79e91261b39d5eea7a59a698b52523243a635c8a8f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
18795c96c8e843325b349fc94524d087

SHA1
d883c3826bdcd2baa76d4f38dbfa7f39ea81d685

SHA256
5af1155c2241997a1c0486776b226d5785fa664b07c821cbd09931e522e3b74a

SHA512
172e948ea1a8733b471c8d1e1a81f7d4b21b429a204ca352d8c6206b2b8cd59d411f6493bab0802e316d15fa79fa876b882af87f1ce0cab014001dbaa2c4a17f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
2c5c6dd116f6911652eafcaf3681eac5

SHA1
5ef4a1d122dcfdd37654e0cd8de83b2b585042bf

SHA256
644cf8e849a7b79bd760c717d601fba4ce18604be46725ef14ec49479742b26b

SHA512
9943b8dc66059a1a84b7f176f46b0dea9ef6e7c0c35c8cb5f7f5e23f11f8ba41624885696ad75dc9c6f31785f644dd426f61082ec97602d416bd658e0f41cac6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
560KB

MD5
78deff542148c42c5757a4dd4e2bc084

SHA1
a8f0a3efce52be23fe42576d56ace9cda118787f

SHA256
992d19770cdfcb53ccb630d52e5f394c79896a29fd92075afe12f54bec0d0b5a

SHA512
fc3c963c660e6e4602aff09298e6504fee79942b2b6dcff2ff6de8dcbe54ab69f4afe3f7a1ea5c99c8d16020a7b960f2e7234de6e39081dde34e894aad2a3a85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Downloads\PlagueRust-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 697415.crdownload

Filesize
12.4MB

MD5
cc58234c2f07a0317f794f020e06efcf

SHA1
9655c05040093a2f2dab6f0a207ddaaab949ef38

SHA256
d2974025cd3c93767b15c6f11c105f92c5c5f5b24389f69b2993c526f8c372b6

SHA512
99fe0580bd8e440df4f254c7c9cff710c6b8c5b8433ab5714211ca44c5f6212a3c5079ec2554bb60a628b423e978003b04be0cbec6bc03d01af389be5dd23e21

Download Submit
memory/1424-891-0x00007FF9048B0000-0x00007FF905960000-memory.dmp

Filesize
16.7MB

Download
memory/1424-890-0x00007FF906490000-0x00007FF906746000-memory.dmp

Filesize
2.7MB

Download
memory/1424-888-0x00007FF7532B0000-0x00007FF7533A8000-memory.dmp

Filesize
992KB

Download
memory/1424-889-0x00007FF90F900000-0x00007FF90F934000-memory.dmp

Filesize
208KB

Download