12c8a9ab93649f8c75399b6b96f4c54e7454cd0eaa25090dc53c223788c85222

Analysis

max time kernel
488s
max time network
570s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/09/2024, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AimmyV2.1.5.zip
Size

51.5MB
MD5

5f253f81377176b9091ae669acd1451c
SHA1

ac69f0836b4f07292f026abd64097c48bee33139
SHA256

12c8a9ab93649f8c75399b6b96f4c54e7454cd0eaa25090dc53c223788c85222
SHA512

ffeb2afa63515d1fbd3d39bb45bfa61ca5f63c858cbf9dcce091e7a97bf5e4791736a6398e483a8c804aea76502214160a53bc0d7b072c437b3a54abd29ae385
SSDEEP

1572864:RZ72Vgh57ip1mJxRBrnEyZINZs0Jb2IGLvKEMRj4:njL78EVzEmmJb2IGzKEf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "4199638644"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31128737"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696498323125887"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2372	WINWORD.EXE
2372	WINWORD.EXE
236	vlc.exe
4808	vlc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
4156	msedge.exe
4156	msedge.exe
244	msedge.exe
244	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
236	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
244	msedge.exe
244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
236	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3000	firefox.exe
2372	WINWORD.EXE
2372	WINWORD.EXE
2372	WINWORD.EXE
2372	WINWORD.EXE
2372	WINWORD.EXE
2372	WINWORD.EXE
2372	WINWORD.EXE
236	vlc.exe
4808	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2160	1456	chrome.exe	85
PID 1456 wrote to memory of 2160	1456	chrome.exe	85
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1668	1456	chrome.exe	86
PID 1456 wrote to memory of 1488	1456	chrome.exe	87
PID 1456 wrote to memory of 1488	1456	chrome.exe	87
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88
PID 1456 wrote to memory of 3656	1456	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\AimmyV2.1.5.zip
1⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd57ddcc40,0x7ffd57ddcc4c,0x7ffd57ddcc58
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3548,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4552,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4512,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3376,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3372,i,15251991774465821931,17646479516539948010,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1092

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2000

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\StartOptimize.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4b0f3cb8,0x7ffd4b0f3cc8,0x7ffd4b0f3cd8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,7307881773498659907,9220020791674801254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cb65d3c-0cee-4f8e-acd3-8aea72c46edf} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" gpu
    3⤵
    PID:4500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44856df6-b9f6-49c3-a2ec-28542f97d829} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" socket
    3⤵
    - Checks processor information in registry
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71508ca5-324f-40f9-88dd-7aec76245a0c} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3844 -childID 2 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aba32faf-fa7c-480d-a3aa-4bb2f70d003f} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4628 -prefMapHandle 4624 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dccf9873-3504-49ce-801d-a0b43f9b4e13} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" utility
    3⤵
    - Checks processor information in registry
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5376 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a91fa4-b53a-4fe9-8f5a-6b521441e811} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79bbbc40-7e1e-4dc7-b482-4ec9d96d3825} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:3376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d361943-f4e7-49dc-a965-27b94933ecb7} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 6112 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eab5d32-5d88-4e5a-ae84-cd7e9b46557e} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:2756

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ConnectRedo.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OpenStep.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:236

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowSwitch.AAC"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4808

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\UnblockSearch.xml"
1⤵
PID:2860
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UnblockSearch.xml
  2⤵
  - Modifies Internet Explorer settings
  PID:4956

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\UnblockSearch.xml"
1⤵
PID:4188
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UnblockSearch.xml
  2⤵
  - Modifies Internet Explorer settings
  PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bbba9baa61ee2a51f599973c62eec807

SHA1
3c7b59ab92843d268d1d2f9738381d9162eb9984

SHA256
7c08475a876cdc63dd646a032e5848e535199f7d313fd5d2e75c6791d65744f8

SHA512
3e174779c520f8485786547b7cbff582d689ba3c2f2a1a3c88fc9d0614dd1ef59bbcf0d0bebc9322239d5820638461b36d8fd8473062d62b62410d2a9d0580b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ba93970cd95be6aab1133dd4d8cd9999

SHA1
40fa2ee6846f4480d13553c5d1741a7507fd1eb7

SHA256
e6f17e6c0f3b9d008ff7f268048e580533557b9e71a8034fcb319e96d63727ca

SHA512
06f1fb7f17215d01c185bc4d1d9f497e99719b42f8c6c278883a8036a1d89045ea4de7090f5bec94d02d4c2510077768ba2d85539554882c228ad39e2f98c21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0f9116c4d0c4e8a7d629c6e5970136c4

SHA1
e47623cc77c88d070f51e5fe814301d47ee55674

SHA256
4ff32c98d993198e49c5a69bc14b68561f135c73c53da1817b77caf39566a757

SHA512
8ae107e4c6a352cd20a19bc538c11d0adf70422fe734d7745c7bd6f9e24d358c6280b501f6e870a0b3c9ecd80370f4e1499bf4a706f1fb4879c6a0a56994f946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4a0802ac2e6abf56150e981f97ccd5d8

SHA1
46c67100491a343f5fdc693e4519420540ce5a47

SHA256
09b2567ff112787f62e8088e2881c950b625ea81be6e3c2bd1fcff62cc7df050

SHA512
90471169d8fc1facbfc91e8985968255b153955cbc44fc3ed6fa9d8cfca3c30e28eed94fb7f702f9fccb9568ea9703d4a15c5afc3dedc8236d0bb3d7e4b23a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5544c9ced0d6c2a451d5add8456f4d69

SHA1
3d405443891a89a02063e105d16f13c3dbb9b311

SHA256
2b74e8f9363d191e02ce3df270da8218156661b95056831aa907aacc5170ccea

SHA512
b9f2feee4f82d36130dbc83af6d6379f1b08629b7cd92cf888368ebf8c1a93e1ee6105a4ff25b24de51a217d97ddbe98fe6306f904c7522e6734b9b6cd1a6f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
23705be87991b3c152a2e9f24b6e91eb

SHA1
568fc3fe4859a66135108b9b8ab5372185b2b801

SHA256
c91b758150873aa4932494de720e79f06854b5dcaddffbb9e2e4650a4eb335fa

SHA512
3aae1209aae658605dfff1cf6e982ece75acc76591bd99e7e41b60670c7a25849400eed21916bd79b694065deae3f586e59374c578200f6c307a7a98f6472c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
55a00a5c94005c8d265db3a4e7927f52

SHA1
3979109e1b51db98b5f20794a15055dd461e391b

SHA256
3610ed058b9e4997d9abf7d6c9584e82b1a2ebbc3ebc2eec620527aa75110d0d

SHA512
82286beea8ad2de5f9728e61446731a9b859e680325bc7929318576dc1163be96904b9bc4ef135e08b6ef13abc98dec9db0139584e85cafdbedabc55a81870df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c778bc030c6b68cbfab43850520b3e3d

SHA1
04265526ff4678ff7368b45db1584b7de3dc5440

SHA256
4b1c043f3afb5f65c4e3c67ea40c9242954d6aaef4b04a25ccd0519bfbcd088f

SHA512
94603020eb8c3248a09ca9a12ed5313d5b8c32c8919235d9c000fe0bca1d011779a8efbb3bcaf0b63cbfd25e1c737c266808dd629c1433aa507a56729c7f0919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b45637a96ca8b3f7dcaaf505272e12fd

SHA1
18fac1f705dc66b8a0b1ac03383bdf8bc22c6dfc

SHA256
bab0dda354e9444508ba59bcdf93c0b16b89ea9c1949da2a68eb561847c14f0b

SHA512
e108aaeb04e9a8f586cfabe76bbca9537bc8ed0825edd5f6760b42c38cf50e8df966c402edf678c060d288e05577b6572616c63bfdceb1901b9ce187dec88154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b74f8d7d25b867e0c48d1d03c994c71

SHA1
4a4e8cf924173d17b0e0c40d3d5d923b10c8cc42

SHA256
8bb27d5e1f0c9a8c4f57052126af2426728b8f5b01ee84a28b718546014de68c

SHA512
a2869af1f0a10167fb986e5a1dff4850ecc9da7d3b2c417527385783c18fb021aaf617a821bc4f0d4c3f7c76ec72c8f48ea6f9eb2eed28a50fc1f39a60566c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0942c86a10c1d26b00f5c498d622214c

SHA1
db106082532066b50a3143968432d6af494cdb60

SHA256
409778f8215a014af86d31165bd12d9bb317220970187743c810aa6e32bb4244

SHA512
bbd03dccc904c92fc9f1ded9129aef34a660890b60956492497fb33f47ff987c0ec7bad8b9db73f3d542661647326c70b09b9dfcaa8cb7c3db34d1c3dbd2d76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6929f1880984e41763b875f2eba0b0e8

SHA1
b9aaff4ceed4ea7f6b5861b0ad802c186f2e4029

SHA256
eae631c6413c56015f54c91542d368eaa6d9c102f9b16863d19cdbbf133f14ed

SHA512
63f2aabf327b79d76eba0ac00fe62ec291ae7167b5087e75fe560a8e3829531540bae92c1b7f29cc2afe0fe10f428d6fdebfa8eadb58e5dc64d77c4fb187bc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a62b5f93aea986b2cfcbeeb61b9dbcb

SHA1
f6fac4ecfddebc7feb73b2c33a77e50c97fc212d

SHA256
762958fc9894fc65363c4c9a5a24f185b1f1fb8f343540a2fec406f243142f32

SHA512
04af22ed8bf34ba9b3a678a0b190fa4cb3ef863418270e478cd7ba051ba07c4310954bc38f6eb6245aee0aa62d24bfdb5c14fb301ab391ffc8ab81bb9175eee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
704b83d783a9fead5f356518c5de8c17

SHA1
df152b8c06f74ba11fdd6293c326d84be9530b7d

SHA256
d5d66c51497a007ef161e32881842670c0d955e38494623efde6218469f30fae

SHA512
11bdaa87b1c221c1b4f0f6a9f57db7e9a143843c70f9ed72ea7ea35625d6aec6c555651729da717a5cf1961c2ea9fda1d6ccdd50450f71f3a6c259c8db18f550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f0e5aea65d2507e6eb8967e934a2fd2

SHA1
256fb7a41dad4bb17bec30c7858bace64b42ef67

SHA256
2cd461e995e7ddc51433eb6c99ca3b5e14221d67212f19738fe69599969cb877

SHA512
46e40d57b3d4600ab82b3957b77366fb12cd7d3ad8acbe14208fb874b65f8e7dd8977ae4692245cabaeddf1a02c3c326186b45334e24dc7e3fe6e0c8011a06d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ed8e44502d02b9e8ed4f0e483a863ab

SHA1
d85b938e3ff1a37b97619b9de0c58db0ab8dc226

SHA256
cf70da6063205dc29302f65ad790193625e3eb0428c45ea436115b0fd5788817

SHA512
0c1a4edf80dc69b75412c66301e087c792993e2d9f6021aa56b07496efa86b08daa0b7800541dc548e4536aaf845d156ff51f09899a6797863a1ce3756ff8a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
cf3357c8bc5ef7dcda2326c93feeffb1

SHA1
021cb7c2d10559374b01d6001818d09f6327a716

SHA256
a512c95c91bb5e072def2a561b0653ec2e69b77b00c0903c2c1bdba3c189d07f

SHA512
88bd98fc4b080d1ab076b6056dd45d6a77c238d12255c9bd6a815be3de0ea78a721f9ce20877cd16c653f0d483c8d75898d5f71eb71879c28ad2841a18e03e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
99941ea1c130b17a424e3d1d2ecdc1e9

SHA1
fd698e13b97a2114e6830b4f6537a82d2fc8b7e8

SHA256
10980c325413c7dbd936c9245227ff21fb0c1cf0fb2fc4645f13e20933809005

SHA512
7aa3d5f2ff08ebd6a15ab6c32af4480a6d3af452e88ef7bd0b2e0e8ccdcdb33e726166c99b2b655dc14e8121e9a268334b6fd87caa274dae0311e41fa5af7fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
5cfc35350f8c4f0d8791aac1cf25c18c

SHA1
26ed89ef42cbbf4802399c9f22cde7bc15b4da50

SHA256
f991ea08aeb0b7ee41ecb8c9cfc879a8380d5ee005530a1d58bcf632e35da4b4

SHA512
9b117db06980ffc24c9a10a72d3f83007c1c49788e1e53c136132e54da05e599411acffd7a22737e1897447c6481bc408b42b4d3f4682d2e971b2a98da7d62e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a77fca6eb8b83553fa67bd803f55039a

SHA1
59589b926ad5f3b8dd40c1602a402ef921555852

SHA256
1034b39be10e97525713a0c0f781c3c6912b3f1d8b2a712b9aac7dc7982d6419

SHA512
2f84896fe1bf5c5a85ca1d184e7adaa35a77d2c5562027b360d7ce8912eb03e6e8ec4f9e2afd6329f3050873c85f3c94035ed3baaa5bdf81fd82bc1954419e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fbee2a21-d9a3-4448-8e14-62b31a5d17e0.tmp

Filesize
205KB

MD5
361ac8a9713905f10608518e381302fa

SHA1
45193b4a9e0de251961ab5812e50b22698a06694

SHA256
1cfcbcee99cd5a1d9e54ca8cb2fcbec40a3f398c961429b24937dbc7d8756be7

SHA512
303174aaf9327880c587a0606c59538fadcb62b15e3a617ea3b87297c1e55c226e20645fae8b0a210a24b5e5f3573bff4030135420a5923e9f9ae20fca6fdbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
414e47a4e0472f5ae3126745515a7494

SHA1
8755944c083bfdbcdc8de2e1cb69eb14321c517f

SHA256
4352258c1c167633924d2d7f226be6a5d14a84f3eabfe44068e51d32f455894f

SHA512
6b3591786b682bfdf18cfd8da0c74a74c23217cc4a70fbcf2c6648797a20dcebc36a165f7acb8e584a2efadc6de2b6ab18bd4f9d64236fa94282a9fcd24531a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71e4f19fcd756e93c156e4bd30c49fb2

SHA1
04c092baa8b3137b4a760ffb842e6257ea4efeea

SHA256
6a581776813bea66c36c354f050562959cb58b2252b228ce098eb0b615e5c9a6

SHA512
ac28e7f9caaeb7403f4509c73ec33ebaf7fad3bf40c27eaf26ab07ef5fc26f72afedffb204f7ecc89b69883b98126c5668430f71d5b12f5287f9adff23df4ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7771f0172bd3e8d3d40c110e4e00914c

SHA1
dc33efcd9bbe426c34ea5ae1b3f0a337da3164db

SHA256
2847488cc690b30d51f40e7325d96ee6670fcf5fe134ea4b052ac6f81029284d

SHA512
2b4c71a29e0c37f78dad351ee83a3f5346ede1940fd03b39d658e24e777f1587ac6bbdfde10dab51db3bb4824dba9bec6393027eb3db712a0de566bc19507183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json

Filesize
39KB

MD5
4b2f5d2d6ba48636b16899339c0783c0

SHA1
8b0843cedf21a9bb35543500517273bb8a0be087

SHA256
d9396264bffb7d01c59cfc63558bbb3f653f8f223abac911b2a7d2979e6cb9a0

SHA512
db163edf6d7c7f8e217ea17be81b6ddae609a8838ea0f178f3b965a9d7c3c991f735846ab901f4a1a1214cb27881e8956208a84814c36161e7afea827fec1cbc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\cache2\entries\C355D593D12E13371D28AAC0C8AA0485AD911894

Filesize
32KB

MD5
01c2fce6a5a78821198c65d4f2e83310

SHA1
072b53ad4c963e5e157848e05d1a96196ac8c6ea

SHA256
119c154462b3451acfde526db04d2b94fcd71e6b23b3f908796b03b2e24f2b0c

SHA512
ea7b0baf632f5c5b47459a41fe6be4219140b0f0759d3ddacf9ac54a95a16a14ae3d605d5b7983f80d015a2d91ab43f875d3773a8e0cd3b024ea085a0441351b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
358B

MD5
d77e2210566edd93cf87222cb284c652

SHA1
cfd7af3b8e3cfd20ac8cc8d321dfa8f37188b895

SHA256
a47da6a4d12b352bcc47ee04a76a3085104efca20127da5d6e83f680bd8b8c84

SHA512
afcd2fe71d6879673b14cc6916fbcb042057d4193b4b0c69c7b33eabc250916942ccce0069a3d1706e063c1548f6388e72fd39ba8fd35d4c1494ae9f782efbcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin

Filesize
8KB

MD5
2aaf744f6e81f54a95067f92207d205f

SHA1
68b1b9661b29bbfb713b6914ae2892e9afdafe41

SHA256
53d906f5aeaf6c5737837ed12e1de9e6a8ab04556c3d59db0e7c6f6842e08942

SHA512
72dd0a859175d174f0c951ccba415f01efb3bd56fccf88c7c93839e0f60612f7aea14f7ef315dcdbdbc5f1f1531cf79eeb8dc9c7007822f6dadaa5f802c0b519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin

Filesize
12KB

MD5
b79c8c8d765d2216906f6d5fad5fc776

SHA1
249ceb4d76b361d04139d4d908612a9ad241d461

SHA256
0f8fd7d48d547bcb4ff94c563c0c07c5a137f3c04a7288e1ec5f785bb613ab5b

SHA512
25193aa11fd2ed38081c53792e2a1d5a531e7c974a4c059971ec7fa2b21db83dfe42d1a60b324ec1fd2bba2bdb65d5e744a5b713fcf7c8fad66a2253dd0dfbce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e9d03ed1e4a66f58187b3d4826a5fcff

SHA1
aa3f5093d9a61e5c114aeaafb1b83b7550481b39

SHA256
dbaea1ff23b37baa9ea14eee4fdddc7cc9390a7b53fb24905a3d8169f75e52f4

SHA512
975f5e8db971868a14010ef511c7c6bd0d90fafcfd027ce331839a50307c8fb3b92938508e9d31045378b288033cd691f2c845f1ab45805b8e24168ac910e97a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a27c099762872ec037131bb85da5dec6

SHA1
cbba9b13fc681aa4dfa6441f24b3814040e4f4bd

SHA256
c93190eb8c95c82ab169c0bd74740ed0331fb1563ddfb1d6e33654bbd957d2eb

SHA512
4a649910e13ff5242df2c498851469c175df1d7428b1f1320e174b3081f6033902f7fcc7cc60ce4e0b8fa849ebd3824c962f1c604808977ebdc95143a3e94050

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
56fcb5226f41959dbcc2a6629bed9996

SHA1
59bde4d319d6f19c83ecd0bf9677e6e8d48855b5

SHA256
f938624efaf01a653de5c68a0f264c9deb381ba4eca9b4c8a1195cab80abf009

SHA512
ed6188c53ce01eb649c45b94ed37c11cd3a97db040cfd5bd6d71b6663038fe9f9f2cc717fb2a1f748e2a0ef92c752ff88dee2319586d9ec48d596715ee2ff734

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\12f46826-41e0-469b-a8d2-e36ec8b69f21

Filesize
25KB

MD5
a41d73dc575101682acac1a47e9d7f15

SHA1
aea19ba18d6c483aaacdd666872a7f31184f431d

SHA256
d418167b40f3b01715be63f524e03295fcb25b2fca1b228c892ca909dee6b886

SHA512
ca2af60eb53494b7f6418f0a3c5430b8620e14f48cc10309b2d28c04ecf235aaa00f8ff2e690e53790b180e1af7b906ea2e78bca5391b9be7549468503bdb823

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\6943caff-ac74-4a00-8539-73fa5424a8c9

Filesize
982B

MD5
e5eb4f2fb0da7371e29f5fc625a822b8

SHA1
da95b596c96fcfb58d538d9088906f9c12ca4c3a

SHA256
1d0b7737bbc0c6f39df30ef74cf4ce6a53c187703ed2c61ddb883137bf07d68c

SHA512
6a74d7bdc33dba21395030c78411238c512f069ca4d502cb512e8df80094d2935cb7d30216911598c9fb9b511fa2d1cdfcbb51517ad82700fa6676c7eb1bb5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\ebaaa5a7-bdda-4372-b586-7dd92d2c2982

Filesize
671B

MD5
33fa63fa876e2be369c712a943edfd58

SHA1
d52d2b6e5164686433e1be7b6987d4857f54e19c

SHA256
7454586e1de8b8eb664a1c88e486c09c1dc931e531320f01615b92ed2d3ecfec

SHA512
651713e66346fe5057f46cff9265431dfdad2c9bd2170a04e23c2d5b571f90e93f69e44e362e3f082332c31e7ece4ff96d4774c694621960558ea3f70b932223

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js

Filesize
12KB

MD5
45fecde92da438b21c5d34f0ba7d6d94

SHA1
c6130a3216973699a6d29c1b41b420b5b05bc1de

SHA256
cfaabd5721b1907305ca4a3da6e15adebdf7b23794ea4bd262ec78ff54194901

SHA512
db4e43ab495f1f9647eb61ddffc9f39f0c5e571b959370f765eb9036415081f32dff6e05c8bfc534d663509804063fac1b76f55ac9d23e5c40c3fb276daf70c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js

Filesize
11KB

MD5
0500ec56f46a9ea3ca7bb8446ddcb7d1

SHA1
02c64e27e980c8b04e953cdcc942ab7fbe6631e0

SHA256
ed35154c1e007bc91d092552e9f2fc2d0c0904c970b20111fb9d99b66c50399b

SHA512
39b57610b9f5bc096ed8b4cae4bfd08b43bd94edb2947473351c890a62c99663898ddbce8be14b3334d2412a97f4ad114da84e1b24b77b087fd6d0e056a123bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
8dc3449d1e0cddeb6a4f0030799060b7

SHA1
b826ebfc6ce4fbf000f2581517db09131e5676d6

SHA256
a328fdccdd62d02a1c81b24d70b78d5264ab200aa7f9c4c75fe64f14a983146a

SHA512
56f37348ddd8698947745eb0448896827512c777d686af98330bd031fc76907e0f9eece10c84736db62585ac65d96662a2ff3da5dd05943ec0947fa82cc48668

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
7284acb0eb65d257e94ff212483d6211

SHA1
f015e4e0ba9f9c3619f1b25b1b3a1af93cb253d0

SHA256
5507d37d42ee0aa8287b021102adb14427612042db034efbdb338cae94be2bdc

SHA512
3e67de42cd995c0a2d642074fcf6661ea89466d961ff436898ff69b3839d143dcb1e8846579de0a5df7458a653ca3cfc8566ea1e56b133941d02aecc082f511b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
74B

MD5
a517e4caeee3f407466758de69336f97

SHA1
048e8df8888f6b9b9dc33d33c8b154e6ca625af1

SHA256
0838382a99def725bef2fe776cd21a124c4d03797636b5a7ab07006c16a52fea

SHA512
eff3620967548ececd0abf74bf4dc8d10fea1e57bd613a516f688ee4ca46332e534ecd434d1411cd95dd4fe0d0321db653bec58e4a743f69cd30fe0ab66dfbe7

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
565B

MD5
6700cba321ddb55c862a2401f3add7e4

SHA1
38d4669715518d1c6a884e79a7f57b4be60ded70

SHA256
1c28a17d4062f800ffcd6be86755e4d93645ffed105e003630f35940bd0ec638

SHA512
291191191d797b5d6ec287b2ed6b1c7bd8c9636f22f95ee4c60a554546a2db8fab004cfeb3d7fb467db8a9cd7620e89df4886bc4b09399f4d51e86f76a2ef865

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
522B

MD5
3146960d2f48ef48024e60e201f80e81

SHA1
6381fa4647d69f2a7b7893a5ac3a2f221e85838a

SHA256
30ad6b613336c4e7f7a5b5153dae04e9ca093bb68397dcd74441cce7ad9882a2

SHA512
c3cb9ebad04b1483757d3d1e4eab7f23247bd5d5cc09b11413963be52caf6f73ea4d925b3a497f8589ee1f81c2ac3ed8070010ad07433c411e43dbd66c9d461d

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya4808

Filesize
615B

MD5
7c8dc9fb9a061c5aeb5ff9a53a6d2fec

SHA1
0e4594175b51ba3ea3ed60258bb9e7fb04bedd9f

SHA256
3c2e56ba66770a8aa73f7b62777544875cf16b516fa46a8c9f36566bd3dd1a13

SHA512
17a43839c1424eec8eb802b5562255814587b6518821484a52a687fe638ea6af65c157a47843db72320a2635b7d43238f49cc48bd5c4345b1c595c95d4faef47

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
d2f6a316191a36c052a767adb629c454

SHA1
9d6e32b63a34498e6d4ad8c1875272567b1b0070

SHA256
c4e88ce5783589672d111f053180ff4315ff71a1dd6e210806738c09a9202294

SHA512
5754d4583e0b72381d20cbc8dbbc4d91db4e1948b8f7eceb1fbc7688db55bb81af8c26164c39bceaa65ca2f4ff1e2fef0e21b09ca450ec530527a0fc7e7a4249

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/236-1059-0x00007FFD61C60000-0x00007FFD61C78000-memory.dmp

Filesize
96KB

Download
memory/236-1099-0x00007FF772CD0000-0x00007FF772DC8000-memory.dmp

Filesize
992KB

Download
memory/236-1102-0x00007FFD48380000-0x00007FFD49430000-memory.dmp

Filesize
16.7MB

Download
memory/236-1100-0x00007FFD60850000-0x00007FFD60884000-memory.dmp

Filesize
208KB

Download
memory/236-1057-0x00007FFD60850000-0x00007FFD60884000-memory.dmp

Filesize
208KB

Download
memory/236-1056-0x00007FF772CD0000-0x00007FF772DC8000-memory.dmp

Filesize
992KB

Download
memory/236-1062-0x00007FFD5CA30000-0x00007FFD5CA47000-memory.dmp

Filesize
92KB

Download
memory/236-1064-0x00007FFD5C660000-0x00007FFD5C67D000-memory.dmp

Filesize
116KB

Download
memory/236-1072-0x00007FFD5B870000-0x00007FFD5B881000-memory.dmp

Filesize
68KB

Download
memory/236-1071-0x00007FFD5B890000-0x00007FFD5B8A1000-memory.dmp

Filesize
68KB

Download
memory/236-1070-0x00007FFD5BDF0000-0x00007FFD5BE01000-memory.dmp

Filesize
68KB

Download
memory/236-1069-0x00007FFD5C490000-0x00007FFD5C4A8000-memory.dmp

Filesize
96KB

Download
memory/236-1081-0x00007FFD57A80000-0x00007FFD57A98000-memory.dmp

Filesize
96KB

Download
memory/236-1080-0x00007FFD57AA0000-0x00007FFD57AB1000-memory.dmp

Filesize
68KB

Download
memory/236-1079-0x00007FFD50CD0000-0x00007FFD50D4C000-memory.dmp

Filesize
496KB

Download
memory/236-1078-0x00007FFD579B0000-0x00007FFD57A17000-memory.dmp

Filesize
412KB

Download
memory/236-1077-0x00007FFD57AC0000-0x00007FFD57AF0000-memory.dmp

Filesize
192KB

Download
memory/236-1076-0x00007FFD5B4D0000-0x00007FFD5B4E8000-memory.dmp

Filesize
96KB

Download
memory/236-1073-0x00007FFD48380000-0x00007FFD49430000-memory.dmp

Filesize
16.7MB

Download
memory/236-1075-0x00007FFD5B830000-0x00007FFD5B841000-memory.dmp

Filesize
68KB

Download
memory/236-1074-0x00007FFD5B850000-0x00007FFD5B86B000-memory.dmp

Filesize
108KB

Download
memory/236-1082-0x0000023EF46A0000-0x0000023EF5F0F000-memory.dmp

Filesize
24.4MB

Download
memory/236-1058-0x00007FFD5BE60000-0x00007FFD5C116000-memory.dmp

Filesize
2.7MB

Download
memory/236-1068-0x00007FFD5BA00000-0x00007FFD5BA21000-memory.dmp

Filesize
132KB

Download
memory/236-1067-0x00007FFD5BE10000-0x00007FFD5BE51000-memory.dmp

Filesize
260KB

Download
memory/236-1066-0x00007FFD5C550000-0x00007FFD5C561000-memory.dmp

Filesize
68KB

Download
memory/236-1065-0x00007FFD4A3D0000-0x00007FFD4A5DB000-memory.dmp

Filesize
2.0MB

Download
memory/236-1063-0x00007FFD5C770000-0x00007FFD5C781000-memory.dmp

Filesize
68KB

Download
memory/236-1061-0x00007FFD5F330000-0x00007FFD5F341000-memory.dmp

Filesize
68KB

Download
memory/236-1060-0x00007FFD61B00000-0x00007FFD61B17000-memory.dmp

Filesize
92KB

Download
memory/236-1101-0x00007FFD5BE60000-0x00007FFD5C116000-memory.dmp

Filesize
2.7MB

Download
memory/2372-1039-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-988-0x00007FFD29130000-0x00007FFD29140000-memory.dmp

Filesize
64KB

Download
memory/2372-1040-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-1041-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-1042-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-987-0x00007FFD29130000-0x00007FFD29140000-memory.dmp

Filesize
64KB

Download
memory/2372-986-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-985-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-983-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-984-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/2372-982-0x00007FFD2B530000-0x00007FFD2B540000-memory.dmp

Filesize
64KB

Download
memory/4808-1166-0x00007FFD57A80000-0x00007FFD57AE7000-memory.dmp

Filesize
412KB

Download
memory/4808-1159-0x00007FFD5C660000-0x00007FFD5C671000-memory.dmp

Filesize
68KB

Download
memory/4808-1169-0x00007FFD5B840000-0x00007FFD5B851000-memory.dmp

Filesize
68KB

Download
memory/4808-1168-0x00007FFD5B860000-0x00007FFD5B871000-memory.dmp

Filesize
68KB

Download
memory/4808-1153-0x00007FFD61B00000-0x00007FFD61B17000-memory.dmp

Filesize
92KB

Download
memory/4808-1165-0x00007FFD5B880000-0x00007FFD5B8B0000-memory.dmp

Filesize
192KB

Download
memory/4808-1164-0x00007FFD5B9F0000-0x00007FFD5BA08000-memory.dmp

Filesize
96KB

Download
memory/4808-1163-0x00007FFD5BA10000-0x00007FFD5BA21000-memory.dmp

Filesize
68KB

Download
memory/4808-1162-0x00007FFD5BDF0000-0x00007FFD5BE0B000-memory.dmp

Filesize
108KB

Download
memory/4808-1161-0x00007FFD5C490000-0x00007FFD5C4A1000-memory.dmp

Filesize
68KB

Download
memory/4808-1160-0x00007FFD5C550000-0x00007FFD5C561000-memory.dmp

Filesize
68KB

Download
memory/4808-1154-0x00007FFD5F330000-0x00007FFD5F341000-memory.dmp

Filesize
68KB

Download
memory/4808-1158-0x00007FFD5CA30000-0x00007FFD5CA48000-memory.dmp

Filesize
96KB

Download
memory/4808-1157-0x00007FFD5C760000-0x00007FFD5C781000-memory.dmp

Filesize
132KB

Download
memory/4808-1156-0x00007FFD5BE10000-0x00007FFD5BE51000-memory.dmp

Filesize
260KB

Download
memory/4808-1151-0x00007FFD5BE60000-0x00007FFD5C116000-memory.dmp

Filesize
2.7MB

Download
memory/4808-1167-0x00007FFD579A0000-0x00007FFD57A1C000-memory.dmp

Filesize
496KB

Download
memory/4808-1155-0x00007FFD4A3D0000-0x00007FFD4A5DB000-memory.dmp

Filesize
2.0MB

Download
memory/4808-1150-0x00007FFD60850000-0x00007FFD60884000-memory.dmp

Filesize
208KB

Download
memory/4808-1149-0x00007FF772CD0000-0x00007FF772DC8000-memory.dmp

Filesize
992KB

Download
memory/4808-1152-0x00007FFD61C60000-0x00007FFD61C78000-memory.dmp

Filesize
96KB

Download