Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 23:42

General

  • Target

    9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe

  • Size

    1.8MB

  • MD5

    fb715bbfab832a6a7b4e05fc94a74b88

  • SHA1

    b2f10e8bcd6e86d52d2e40d45fa79801e45cc4bc

  • SHA256

    9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377

  • SHA512

    448ff097de5c6bb92ed9fa4e09f303408729f14b7156bcf4fcb2d6fa8b5859aa04cbbaeb8791e9cbad6ab437cb5e86e582b715a07a13142215341a8ce8c3f9d5

  • SSDEEP

    49152:iFLxjtwooQXHsWuWelM0BqO1EeGqGC+AZ6k93xbr:iVxje+HsWuWSEeGqB+AZxx

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

c7817d

C2

http://31.41.244.10

Attributes
  • install_dir

    0e8d0864aa

  • install_file

    svoutse.exe

  • strings_key

    5481b88a6ef75bcf21333988a4e47048

  • url_paths

    /Dem7kTu/index.php

rc4.plain

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe
    "C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
      "C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe
        "C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2484
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 1012
          4⤵
          • Program crash
          PID:2568
      • C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe
        "C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4840
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 1012
          4⤵
          • Program crash
          PID:6772
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1296
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
          4⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:3440
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce268cc40,0x7ffce268cc4c,0x7ffce268cc58
            5⤵
              PID:856
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
              5⤵
                PID:1488
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
                5⤵
                  PID:4728
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8
                  5⤵
                    PID:4936
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
                    5⤵
                      PID:6088
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
                      5⤵
                        PID:6096
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4036,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4060 /prefetch:1
                        5⤵
                          PID:4788
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3784,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8
                          5⤵
                            PID:1140
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3680,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:8
                            5⤵
                            • Modifies registry class
                            PID:216
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
                            5⤵
                              PID:6636
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5324,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8
                              5⤵
                                PID:5576
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=828 /prefetch:8
                                5⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:6196
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                              4⤵
                              • Suspicious use of WriteProcessMemory
                              PID:1928
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffce268cc40,0x7ffce268cc4c,0x7ffce268cc58
                                5⤵
                                  PID:660
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account
                                4⤵
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of WriteProcessMemory
                                PID:736
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce25146f8,0x7ffce2514708,0x7ffce2514718
                                  5⤵
                                    PID:4976
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                                    5⤵
                                      PID:220
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
                                      5⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1056
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
                                      5⤵
                                        PID:1456
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                                        5⤵
                                          PID:5336
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                          5⤵
                                            PID:5344
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                                            5⤵
                                              PID:5972
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                                              5⤵
                                                PID:6124
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
                                                5⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6156
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                              4⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:5100
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce25146f8,0x7ffce2514708,0x7ffce2514718
                                                5⤵
                                                  PID:1836
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6550918550351869771,9728619728018517840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                                                  5⤵
                                                    PID:2220
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6550918550351869771,9728619728018517840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
                                                    5⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3124
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                  4⤵
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:4592
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                    5⤵
                                                    • Checks processor information in registry
                                                    PID:3928
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                  4⤵
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:3124
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                    5⤵
                                                    • Checks processor information in registry
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:3496
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c252a1e9-a2c9-4ce6-b8d1-f80af5e66ce8} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" gpu
                                                      6⤵
                                                        PID:1308
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d0f4f6-9eac-4591-b627-50a8de02082f} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" socket
                                                        6⤵
                                                          PID:860
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 1020 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab195fa6-9972-4f35-b576-8461a9d3dcbd} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                          6⤵
                                                            PID:5884
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3836 -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37fb6bc-3560-4c4f-a38a-065afdd98663} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                            6⤵
                                                              PID:5312
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4076 -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 3612 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1bd220-61b8-4b07-9162-453da86f570c} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                              6⤵
                                                                PID:4272
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4568 -prefMapHandle 4280 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30bb0c1-180f-4a90-a1a1-c0680d65e11f} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" utility
                                                                6⤵
                                                                • Checks processor information in registry
                                                                PID:6692
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 4 -isForBrowser -prefsHandle 5940 -prefMapHandle 5976 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ad0e24-2511-4e8a-81af-f17be35590e6} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                                6⤵
                                                                  PID:6056
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 5 -isForBrowser -prefsHandle 6100 -prefMapHandle 6104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a2bc35-065e-4dd0-a1b9-4fdf942dc254} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                                  6⤵
                                                                    PID:6664
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6288 -childID 6 -isForBrowser -prefsHandle 6296 -prefMapHandle 6300 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c516cf-4863-4e58-a226-7e1fb17c4841} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab
                                                                    6⤵
                                                                      PID:6212
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2484 -ip 2484
                                                            1⤵
                                                              PID:2412
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:5980
                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                1⤵
                                                                  PID:6120
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:7000
                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    1⤵
                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                    • Checks BIOS information in registry
                                                                    • Executes dropped EXE
                                                                    • Identifies Wine through registry keys
                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6052
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4840 -ip 4840
                                                                    1⤵
                                                                      PID:6948
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                      1⤵
                                                                        PID:5944
                                                                      • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1584
                                                                      • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1828

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                        Filesize

                                                                        40B

                                                                        MD5

                                                                        2c76afc5a2c5731743f37706c1fc87cf

                                                                        SHA1

                                                                        7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6

                                                                        SHA256

                                                                        77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6

                                                                        SHA512

                                                                        6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                        Filesize

                                                                        649B

                                                                        MD5

                                                                        455b59fab71095a28fbac9db4a55f378

                                                                        SHA1

                                                                        dde7828d86e2a1f6cad847e7696354cd02a27fea

                                                                        SHA256

                                                                        fdc3725c10cd5c447fd63bdea8dc1aa06196f63d27c7cdbec6b38b14afb800ec

                                                                        SHA512

                                                                        74ead52fad8ee5d26f48506562e29333a6254c5ebb03fb4ccbab8e1395a2740c3844763ac63357202071016d7cad5a61faac17365a090da5cb07eb7d17a1ffe2

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        552B

                                                                        MD5

                                                                        5c3f4d2cedf2f7fae344e382452d01c7

                                                                        SHA1

                                                                        92908f4b6a9d560fd11554f94aebf5d6f68cfd0b

                                                                        SHA256

                                                                        bdf890d87f564f90d6d0191d7f228947954ebb585702e076832a065b05e0f309

                                                                        SHA512

                                                                        1899d43c612b0f76cde08fa77b096db910480f7cb97bee8af9a713472e8229e06a3fc842a5c69183f90f33c14b3f81b370b00055e102e4e74f8b03940cafa8d1

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                        Filesize

                                                                        4KB

                                                                        MD5

                                                                        533433dd4994f70512cdc0381cc61afa

                                                                        SHA1

                                                                        3655aca63f178c3fd030acf6f2c6e5265d79d987

                                                                        SHA256

                                                                        8a9c08fdc081a3b78e50b948f47054b73a213a36bbb33d8074b3542c46489142

                                                                        SHA512

                                                                        7d8cbba221490e21e02266190c030b0cd6eb82c77d072e0731d07f5ee0dfd35c30534c4645e6f6f02a5ef02b454e33f831b4b3ac10ba1848829b7f4548deaa45

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                        Filesize

                                                                        4KB

                                                                        MD5

                                                                        5cb21ce0ff8e3cdfa84f21a9e556daa1

                                                                        SHA1

                                                                        b7263e67e7309f484865cc58ac5a6dcb2a45c2a6

                                                                        SHA256

                                                                        e8737f69588f5127d45288cc13dc60eb4a76b989f5b323e820249fdf63cf6bdf

                                                                        SHA512

                                                                        ef40f3c35a60ed13b6bee45d49ee760510f289277d3d9ab4384bd6d6e2f13ae5f7a8284583c5f8935de95ac07fdcd3eff5eeb743e2239a3b3a80f48c427993a3

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        d751713988987e9331980363e24189ce

                                                                        SHA1

                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                        SHA256

                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                        SHA512

                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        524B

                                                                        MD5

                                                                        dac2c18bd29b01b488791c90133b6a7b

                                                                        SHA1

                                                                        6c30c496ba9a527e59fc6312c4aa7590462b5eb8

                                                                        SHA256

                                                                        c2a48eb602d4fe8a761c709380b7cea89668e6cff03b11924df2f2b15c078469

                                                                        SHA512

                                                                        6246bfed1d8ebdd604a39c0997ca2a53ae1621be65f46001150fe2227b2b52041690db90e81060c02820d6923c5fad0a17d49fc1374a05e1cb67583d2f23cbe1

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        524B

                                                                        MD5

                                                                        8df8345a1e5f8aa26c0ccd70d8f874f5

                                                                        SHA1

                                                                        ac05a9eed4a0d81ee2aa81e6ce37b6263f5bfedf

                                                                        SHA256

                                                                        1430f70ba19274216eb23e20ce2a161e48de712aeafc493d8e4237e7f96be12a

                                                                        SHA512

                                                                        63a2c0ceb0a551a575b8622f9c95a8b9491c0091ef4f29e174a919c2f5074c6db989cabdeee6f248fdc19b267cd4a4a86caa9347233415827b79a4d4e7f70b68

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        6f4c14624b4a9e40dcb7ac0ffe5c27fd

                                                                        SHA1

                                                                        885bec8a8cc5189241f17d04c3a9060f36bf6db3

                                                                        SHA256

                                                                        a5623356a36b05263928e76add1e0db443e9cc289fbe9e65e8cfe8198ff13117

                                                                        SHA512

                                                                        6f7187805250019d6f2534601ebfaec579060e373b1733ed5eeacd76d3f4bf719c13f864fcd107d52ce1d9a0552cfad5b607166d8790bfa9fa1ea63d640d760b

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        f3e8d8e1917bebc94ab927078f85a65e

                                                                        SHA1

                                                                        2409978e437618342bc46e945ee83688f0380580

                                                                        SHA256

                                                                        08cd6b83a3301b066a1711c0cfce9dae18d4dbb596a8a281c4171545736ae035

                                                                        SHA512

                                                                        1ddab7300a59289ffe874406e91759f164227e5cee285a5ccf1e1834a7a631ecf867fde1684ff498b7a8cccd551ec2d8dd45d7fc216693137fd2f1530d538239

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        0a890e8b77482dfe5c2062f75f6379fe

                                                                        SHA1

                                                                        336a99bd32231ae685e775d723c94a4fe347fee8

                                                                        SHA256

                                                                        5ca2fd630df77d721c179381d508251f79c5d9703475894dd2ea80ab7ee43d88

                                                                        SHA512

                                                                        6aec83cc302d1528a47b8e2dffbf0ade72297f2785225eb5f78ba09b9c42df4c9f488dcd55450a4cbe105d2cd49b2ec6f78b9ae5d0ae906b75c82f63370cf3c3

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        958008bdd5a81b979e3376a75b44c759

                                                                        SHA1

                                                                        a39d1fe5eb198779e96d2049ee8b28bcd06e0541

                                                                        SHA256

                                                                        7a477ebcf658a31d81eb64d728b939ce508b349796d68a2b72b7d51390df80a6

                                                                        SHA512

                                                                        f3571e20cc11b821e5cbb145fcf30123e21596af464162226b20dcbea8ce5651304f3df908078f2630d3a669d91f398543c372b6c6d514e3566ed375b5c685da

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        7030b043a7883c043bb4a5ae57648527

                                                                        SHA1

                                                                        ef5835f70c834a9fe2f8d6a098d75dcbcd3e8797

                                                                        SHA256

                                                                        52d4b08da561a49448ceefad787bd024b086e8dfcfbfa1736f4e59925cde382d

                                                                        SHA512

                                                                        eb06b03baa21874eed2c190c68075665a66af3fa9b23b40da738fcd3c7baa1c0a3c90e6346d2522b50c3fc9bb8953ddc193d34ba0bb7f0338eebb70729624f92

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        94cddc2dc1268e10ad375c14e1113347

                                                                        SHA1

                                                                        70bb0d146fd4ef7e1420bc03008990d19fa9c760

                                                                        SHA256

                                                                        866c2ec27567ac372968dac4a6b636395105531a948eb82388c9962b78d6e08a

                                                                        SHA512

                                                                        c9529e0711c3f2370259aea28cfd3e52fe0e22b05e68963b7272adac603abe963db55a453056a1fed91a21f0676a2ec7721e9fd9a1fe86082b921c3fd791843c

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        2b93a7b5fc169a7c012abf3fa2c5a082

                                                                        SHA1

                                                                        ec7f4d8d47f9c431a0d2deb2055be30d4710db74

                                                                        SHA256

                                                                        1b1936b08801fac65c50ec05cb7a31747981fe794d9456a3d1bf332d33f8628b

                                                                        SHA512

                                                                        c0c869637cb85c3a1c401f62187e2b9f9f16bbd24e192d5a807ddabc04aca1cacaac5df2397260c72750ed8b78cc4727afd993da78cd08f860c566135805b747

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        75cecfc564f40306690e01f7fd0a6806

                                                                        SHA1

                                                                        03e7c6ebb8d42fa5bc2bfbed0f16681bdb05987a

                                                                        SHA256

                                                                        125adc02fe7ff84da06c5344f35d0e3cacfb4f6ac10a54bed2b2afbb7ae12855

                                                                        SHA512

                                                                        e08ae0925747cb2808abe8d1eede531545e1cc02c7023b0cdd953b23349a897fdcfa0730badd103640a59bdc6abe98f778cf1bad2f0d0c9e7f2fc04da3535a96

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        cc242f8d9c66aa6b3c4c3f1f975099df

                                                                        SHA1

                                                                        21a0695963e37196c4faaa8d97b426d4995c7298

                                                                        SHA256

                                                                        27b0117c86471247f98caabde36238e809d587ed1cd6674cf011e75b9404d736

                                                                        SHA512

                                                                        cc9531d552e0e6ce1eb6b05d3213cd3a5d8689e840f5a7eeb4ac21c28f1f186c69037c78ae1ba40b4a55f19379256582e4f9b568df0df96b2ff271a10e0e7619

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        9428a3a8b95408ee9cc4ce8842ae3b5a

                                                                        SHA1

                                                                        bc742a853cce14bd32e43ecd8fd843b49dcf9d7a

                                                                        SHA256

                                                                        7418e2518a132c8349c91a4adb8aab336f672b67f26e85aac41270468cb35f3f

                                                                        SHA512

                                                                        3302e8ec2176f2c24172848495f970a22e4c8a88a1f043bd44bcf36be3f17a4267f683568c4ee079de495fd113de159b4251de7eb750f114779c688306fe2b2f

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                        Filesize

                                                                        205KB

                                                                        MD5

                                                                        7ec87c179dfba2e776dd7f76ebb05e08

                                                                        SHA1

                                                                        a293e642e87613a5b0fcce898cacdcc96950778d

                                                                        SHA256

                                                                        eff4f7b9ac91c71b39a7c364de5dbb9c5be790570cc9ef00c54d65e1b6c797a4

                                                                        SHA512

                                                                        5c3234cdcbc78c693ce4cbb845abbb8f62d3ce27229473d9e17e987c64805915a97b4547f8a416d606e57cd1d71b45a7496e4777dbaeb5e3c48939ed0bc09079

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                        Filesize

                                                                        205KB

                                                                        MD5

                                                                        ac2e22f0ebf026b15e56d9dedab9f8f3

                                                                        SHA1

                                                                        f0a75ba2c3f67e4021c41c2192dd86fdb81b4b1c

                                                                        SHA256

                                                                        ad8d82dbfbc194ac7b5c40caeac2d1ff45fc0b210af278f801058dbf3036e0b8

                                                                        SHA512

                                                                        32f3d2330df76d163ed7c3bca20fa4ceeda562e9dd9aab381491d5ceb9edfebef83145e6327cd408616cc2da96001a5a67359b2200e052cf3441e2b5cf80cb39

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        9b008261dda31857d68792b46af6dd6d

                                                                        SHA1

                                                                        e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                                                        SHA256

                                                                        9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                                                        SHA512

                                                                        78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        0446fcdd21b016db1f468971fb82a488

                                                                        SHA1

                                                                        726b91562bb75f80981f381e3c69d7d832c87c9d

                                                                        SHA256

                                                                        62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                                                        SHA512

                                                                        1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                        Filesize

                                                                        51KB

                                                                        MD5

                                                                        f61f0d4d0f968d5bba39a84c76277e1a

                                                                        SHA1

                                                                        aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

                                                                        SHA256

                                                                        57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

                                                                        SHA512

                                                                        6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                        Filesize

                                                                        32KB

                                                                        MD5

                                                                        e6fd019802e4caf75cc550b3df828db0

                                                                        SHA1

                                                                        f8a85e905b071c3b4309c345e52ebd60f31778b9

                                                                        SHA256

                                                                        9a4d03b9c6e9951eb4b28e4d1137d395ffe902e82a5713c9e5179463d5351f25

                                                                        SHA512

                                                                        3439e2be3a5146362cc0ac40e9a5c1c55887be0177d7fe5c6b4cafdc3a17c52c72055247dd8bf7d6d0423f816fb2ec4df1b69d222a3ade8fe023fb8b3eaa5b79

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        504B

                                                                        MD5

                                                                        3852c39d13a465d226f228d432ef6ce2

                                                                        SHA1

                                                                        03bff3c52b25a2a1b96cba995e6a019b42750d03

                                                                        SHA256

                                                                        a1ae11399462c973160c412818015a6314441f54c72451caea45a0ab39ace852

                                                                        SHA512

                                                                        47030eb369445da1bdce4c12f7acae01bd84461ecbb9c69f0baa663abb1a87b140cdabb2b41071b8aceb17b6f91fe63cd52e1ca09a1c0e9c304902c421fbd6a3

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        635c8f83fcbab12727af36d2ba8f4bde

                                                                        SHA1

                                                                        a0f311134e8a5885fb465f984c49f59fba75876c

                                                                        SHA256

                                                                        47df5920ace9feafbecb65b2e3530aabc41b13b7f63093018204670ac6bea2c5

                                                                        SHA512

                                                                        37101a8dc499ddc83b717aed41407f61eedc0376728e2a8f355ab165fdaa2b639729af6d2dc0a2371e83704bc4371fd18efca2db61563d7ad3d308811e5a07fd

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        2e50e8466da82b925de4ca856b760d21

                                                                        SHA1

                                                                        6df00fea304843cb708c66346294582e70d1068d

                                                                        SHA256

                                                                        ea59d2066871d383f5945e7d1bf7345e5487c89bc0af70237efbca76693f727e

                                                                        SHA512

                                                                        29a4a7d113d54661f50daeae2baff6af94a4d142f3249d9d61d1b9043a69449506bc0d11cb60c28c60320cd40330e957c8531c8f110cb57235742b8d1c862a44

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        fa67212cbb8ae1fb4624c735ed0bbfaf

                                                                        SHA1

                                                                        274468a7cdc5fb7af64e80a9b2674c7aea336cef

                                                                        SHA256

                                                                        bbf5393bb2ed6a7dcf40abb71986e01dc3a457780eb92da4b941a4c273f36956

                                                                        SHA512

                                                                        ce5f16ef1caabbc356e4e2f855c15876fab117fd4e5110e3c5ede59c043fbfce90e9af5323c9557d22ee7ab4814c149232e22810eca120fed4fe800c71524cec

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                        Filesize

                                                                        7KB

                                                                        MD5

                                                                        44f85613d02cb77fb07c1612929b8ead

                                                                        SHA1

                                                                        d8b9a4a29716ec68012449864abdd0d2a8f661f8

                                                                        SHA256

                                                                        b20b1efb809fff9e33d83f5c60b0effd2a9d72b4bb71940514a1a9ac7c17e40b

                                                                        SHA512

                                                                        96d358ed55d5ce4612bb0b6b0e8b6fdf653994502abf9b4ff3a6f91184aa4630fe61c97274a845ae34ccec2b6147c8deda83e0720d208e1ea978e3bade5ccc3b

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                        Filesize

                                                                        539B

                                                                        MD5

                                                                        d5c96895e79cce0431c31475c557552d

                                                                        SHA1

                                                                        19641f650929f1070d1857d2f7acb28aaa6ff244

                                                                        SHA256

                                                                        8a3c98e1bc25259df1ce40ff0be90f64acc7ee54c2aaf62f948d0c6a263b95d7

                                                                        SHA512

                                                                        9e63fcd336f21b534f2512147e07707bc755741cb2e399da294f0a0f13928de72794d7807fce62ca67011b3ca1693b244ad20fe4d7c1e0435a2cdcb09558ea09

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590788.TMP

                                                                        Filesize

                                                                        539B

                                                                        MD5

                                                                        62c387d974d8ce9947d4c9a099b329d7

                                                                        SHA1

                                                                        f6646a5025fdb9725f7cae468657468dce1c9d44

                                                                        SHA256

                                                                        1c9163a0791418a0595eaf773ec45da0e20a2e3e3480c3811dd2d60ef963c0c3

                                                                        SHA512

                                                                        770c27bfd37d0057ca6d804842fcb6fb7cfa2f6956f558945de3b00b31e8d5d6691239de7ff890c71d6fed5be387d91df9ff29fa3c53348dd6d28df58b2dee87

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        e1a079b8d09a117b3ccf494d4d871bef

                                                                        SHA1

                                                                        bb6386606f6b0baedb975db6b2299926b9f98de1

                                                                        SHA256

                                                                        07652b10805c1038e3a61ce374b9116d3a4a64a57c4da090a8d31eb120ccf86c

                                                                        SHA512

                                                                        a3651239dc969ff16ce21db05d932a21d0a64aa4cbf825d87c8ab6567071972aafec20a546e0191dc3cbc52b8e71a5c40abf25d154c8cff8962c21a8734dad3d

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        553121bcaac45951d956c58785780005

                                                                        SHA1

                                                                        5a8aa1e97958eb6ea8fa34ab65727e560240c202

                                                                        SHA256

                                                                        a5a394f58fc819f7a7f8ea4cf3cc1eb47570864b343e7efe0ef14ff41f7bc563

                                                                        SHA512

                                                                        3bc47e448dd5b17744ad4876310b8fb438eff9d1c481b8494e8442fe949ba1b1bac2d717d32efc98b43cf4a5b5f2c1734f9c12721bad89664e2e30bb79e8329e

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json

                                                                        Filesize

                                                                        17KB

                                                                        MD5

                                                                        9d6f1a414125fa53c37a5c22a7f837fb

                                                                        SHA1

                                                                        df1c8fc84298cc4f690bda7bc609d331ef0be1fa

                                                                        SHA256

                                                                        50580113c8eb459527304d8cf02f727ee4371d609cd8cf86a3ba8e41c18ba38f

                                                                        SHA512

                                                                        5390fcb39d013d9050f45ba15a443afbab4a880ccbdb5dcd046d33bebdd22ed380e7f492490e4bb0d5f934e7f0f609e4367c67689131b46eae00413e9e9989cb

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\3F6BAE390F7FB4267066C23DBD35348B57989359

                                                                        Filesize

                                                                        47KB

                                                                        MD5

                                                                        dd5f59ff378185fc2586116ed3b6e38c

                                                                        SHA1

                                                                        6eaf3332c410c219bde6e64f13aaa6cd8aecc8f3

                                                                        SHA256

                                                                        2963978d2f5d974d02b62f9212efe9a854ae52bae247f2514324c95c3227e72b

                                                                        SHA512

                                                                        7202a5932474bb39fa9277346fe8a841a005b3bf22b7357ea368ef67aeb9c738235bd898c63eeeec1612d342e45a85c2448e195f61208ad80d2db8b1ec39bc1f

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

                                                                        Filesize

                                                                        13KB

                                                                        MD5

                                                                        146f6f89d6510f9eafe48a2070a12ed0

                                                                        SHA1

                                                                        8b5f741df4c1e4a5011a1493669ebd47c7905f79

                                                                        SHA256

                                                                        e01f2ee158763258fe74bb8006e04f79d4f58d8f2e02175e65bc11426b7ee27d

                                                                        SHA512

                                                                        f57d42ba4ca486b34d70f0fe717ee8603329b96e99c8314801fe60c964055a7d7232e3ec8fbc881e02379d6d1ac77fe57ab59556749d30fff414a525470fae6d

                                                                      • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        fb715bbfab832a6a7b4e05fc94a74b88

                                                                        SHA1

                                                                        b2f10e8bcd6e86d52d2e40d45fa79801e45cc4bc

                                                                        SHA256

                                                                        9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377

                                                                        SHA512

                                                                        448ff097de5c6bb92ed9fa4e09f303408729f14b7156bcf4fcb2d6fa8b5859aa04cbbaeb8791e9cbad6ab437cb5e86e582b715a07a13142215341a8ce8c3f9d5

                                                                      • C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        1f5ac0c26ba396b7af106e48db46ebcd

                                                                        SHA1

                                                                        5b504936cf427af26479bb1c0ec275a2fc77270a

                                                                        SHA256

                                                                        280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef

                                                                        SHA512

                                                                        65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mdjaavv0.oiv.ps1

                                                                        Filesize

                                                                        60B

                                                                        MD5

                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                        SHA1

                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                        SHA256

                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                        SHA512

                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                        Filesize

                                                                        479KB

                                                                        MD5

                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                        SHA1

                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                        SHA256

                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                        SHA512

                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                        Filesize

                                                                        13.8MB

                                                                        MD5

                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                        SHA1

                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                        SHA256

                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                        SHA512

                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                      • C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe

                                                                        Filesize

                                                                        389KB

                                                                        MD5

                                                                        f47cc7dc355ae01926f6065316c3bd68

                                                                        SHA1

                                                                        6b575930185f216e4fa5116fdcc8906eb9f53af9

                                                                        SHA256

                                                                        25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794

                                                                        SHA512

                                                                        cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                        Filesize

                                                                        25KB

                                                                        MD5

                                                                        4ecffc4e27e885c2e80de3ac34db87a3

                                                                        SHA1

                                                                        d5799cfd1d2d3b0becb0bdbf2d2091c9e6303fa1

                                                                        SHA256

                                                                        a3d378caaab4e9cda0c6bce0905d890980e6f9dda187529e287e8d5c0afe928a

                                                                        SHA512

                                                                        3fe6e63cbd9db3861f45e458896cf70dfb82cf89609ffdcb98cb9c5033672897ff43a088547ea1101a44d7b39fc328c36522eef4312ee2653b03c2a6303a846c

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        043b1567d4fac1f8f2cd12bfdc35a071

                                                                        SHA1

                                                                        aea07623240184f3b80d75c6d49ab9a8ea07ae5d

                                                                        SHA256

                                                                        1b42927e121e3c718602346163e446e0f6d9b82acc4ee04913a639823ca69e08

                                                                        SHA512

                                                                        c9fa423476ebae8959e473bcbd3b4769f82518521d3631ac93f0b3dd7a098058a1fb052168edb326ede5b6ecf84a38bffa5ca63a0e51d1bd93406169fd712f10

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        bc2742adfb0d073037c32f1bda1825b1

                                                                        SHA1

                                                                        6bbff91746228cdb7fa5e9d61ae00930be6722e4

                                                                        SHA256

                                                                        257e79b3fb943d5b8c62fdbe6a30178c88a108dce217a5c4a6f041cf59b4371f

                                                                        SHA512

                                                                        1b60199f1f3bf6ef8074410daf42275b38dc4221fbd23e861de2e6a39ae9de429e2a26ec7062edb42115319fb5e71af49845319940a6b5faf05bb6b59bc78963

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                        Filesize

                                                                        20KB

                                                                        MD5

                                                                        9b337ff5e9234825dcbae629af4bb3a5

                                                                        SHA1

                                                                        d83d6dc4d8805820b933cbbbf2c6f9519ae7cd5b

                                                                        SHA256

                                                                        fb05240884a97de5cd65f157951eb3091479786b6f27cbd4803a7a10110f6eda

                                                                        SHA512

                                                                        39f40633421826da5e0c4453cf78178d2e16dd1e59ecd4fbd7099984ac5abe937f64c564a0eb98f4aac17a0c6d0f002f5cebcd0d3a3355ba0c98b93ba60421b1

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                        Filesize

                                                                        23KB

                                                                        MD5

                                                                        5595c6414e68ea83eaf85592f85305a8

                                                                        SHA1

                                                                        ada86ec6f64817cce40a7aa169f55ed39c36f336

                                                                        SHA256

                                                                        90132f789079d863219d9b2a4633e3f08953addaf28f9fd89338f1ac926ff7ee

                                                                        SHA512

                                                                        d1c3dfbfb86d56b7daadb26f5347b0726817405bd006eb771e593a00fec0d33f949aaccc144b1b6424f56749e4dd903e6ecccf8ee3cba2aed9d550be5f8a12a2

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        14KB

                                                                        MD5

                                                                        cbae572bb10570b2d3f9a310f53f55da

                                                                        SHA1

                                                                        b3b8c7ead5082b13ccec321aae78bcf7ddcc8675

                                                                        SHA256

                                                                        5618e93c2888880b8fe4fff698fee9dfb7b8b68a410a444ae1bb3b571ec4e607

                                                                        SHA512

                                                                        0880600a9c253501184aa80b82366e749204d4afee91b44e1067b05285aac23a424eeb3b0615d5dafd46b9a647b33b6f1ff0cc962989cbfbcc3d4693ada94013

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        14KB

                                                                        MD5

                                                                        6663c4bb235e6253bc224f6434ea9b93

                                                                        SHA1

                                                                        2d7eb240e0b983928ba1c71cc109fd15d3798a01

                                                                        SHA256

                                                                        0edbcba9983efb48cc0bdf5826e58e4663c594cddb3cf1a2c3b8b8bf23e85bc5

                                                                        SHA512

                                                                        b993ea6281be2ff9c03635452aea53f419d8485f2fcbeb91d2c4bc92516f9cfadc9ec01e6682a1b80161ad37dc0e0ce7725c51c567f96e67ddb6caf2dbecfe9d

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        307a98f85fc562a888c4bcfbdd30cc04

                                                                        SHA1

                                                                        86aaee71a988f98c274103ae42cd294bca99f5f9

                                                                        SHA256

                                                                        89197f021c6a11bf2b39207264c9f4d69c8225fb205ef38097cc2493a0a71883

                                                                        SHA512

                                                                        25fd2d2a7b82c5fed7365413d1ae0bab1e48a4e2ebec2e1238ceba15e4c29a4856fae647a4af5319ec923117038262ed8ce8fc14116af59a52f56ba8ca9cc99b

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        bad1cd68e4916f3387a54f94270dceb9

                                                                        SHA1

                                                                        44c514d110e96ae08aa120f999055e8d67e6aa8e

                                                                        SHA256

                                                                        5b8b6a9de558df1c3137fdc1a5ae94308c77c58ca153facf62268793051b938f

                                                                        SHA512

                                                                        f332855e70d3165a2fac6fed8adef480d936c0983160fec6e35d19939408939eb49a340279bd05edda652f2e90253565274c2f31324d266854de5f9967740302

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        3f1f271a2d7d176708856351006db17c

                                                                        SHA1

                                                                        3ceb1071cc60a79c4b2c3c1f4a05f690bbcb3699

                                                                        SHA256

                                                                        bd82da91a1b960967ceea3b552252172affe02463e4dce82973a88c57de25f13

                                                                        SHA512

                                                                        79edde7d6265c7545b6cda04a2411b98f09c4756c522d33aa8628885ac12d601b8f42558dfdb60c2db363326a717baa814c8726a85d4ae70eecf9bf3912c8372

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        44e5237219391d709ae1d383e50cd4eb

                                                                        SHA1

                                                                        e9401a17988717c1d650bf2af5e1fd8db4a4054f

                                                                        SHA256

                                                                        d1f70f3247420742e2fdfb8c79b2acbe28a624eff6f8620baebc5ee848d12aef

                                                                        SHA512

                                                                        fe368eb6a9fc4a5d728f64c4af47ea6c27ebb4e56a48dc58c826f4ededd32d98d0bc597600f1983e9eee5de6c5bb444e8117b25bbc3afd8a4283e79e7150934e

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\1ed23821-0ae0-491a-bb41-8c5df1c8fa77

                                                                        Filesize

                                                                        671B

                                                                        MD5

                                                                        d0b0873ee4043c18069096d213011d19

                                                                        SHA1

                                                                        1a800701871ad00766a96cb84f0a5d630cbb8949

                                                                        SHA256

                                                                        4c2ef279f0e5390762ecdfbfdf59a37ed3714d67bb9356337ccc4b16b0043315

                                                                        SHA512

                                                                        9c6ce269b95a8feb68a5128227aa748ce3740a6e16725f17adffea690811e91292bf03beb256c3debc812c87054709e0accb266c6364090dc72789353950750a

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\6d355a2a-4351-4e9a-aeb5-8db6c5a2eaaf

                                                                        Filesize

                                                                        982B

                                                                        MD5

                                                                        d8c7ee92da4b9b68fcc7d043a912f25e

                                                                        SHA1

                                                                        48bc4d626c6154b4e382b65bef08572d8d06063a

                                                                        SHA256

                                                                        6203ed34a9da7de16899ad9561554469915fa06d3c5b6acc6bf74da515262f39

                                                                        SHA512

                                                                        dbba81e8fec809b1a5a441d2f74d03bf1029ebe1bd404806b384e4e0b9d983881b5e567241fb03801a4da2a7180aee173b92751b85aa99f7ec2add6c72269389

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\7a7ee295-cd2c-4342-9ade-24efe0d31ad1

                                                                        Filesize

                                                                        27KB

                                                                        MD5

                                                                        7eb6248deccd462455e2b84ac92782ef

                                                                        SHA1

                                                                        98a830c82608c8007f484d20ddff8226ed3eb04b

                                                                        SHA256

                                                                        5ce2d155655efdd7280544fb1e0e9447b68178987f81180069381c13bbdd2cb9

                                                                        SHA512

                                                                        176a2b1d62e3d94978cd6f377b3bc4da0910487af9ba4bdc712ec5027f5dda064bcc854ac9a29c7d6207d55bf695158a00adc784f8a4fdadc7bd873083c9e19d

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                        Filesize

                                                                        1.1MB

                                                                        MD5

                                                                        842039753bf41fa5e11b3a1383061a87

                                                                        SHA1

                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                        SHA256

                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                        SHA512

                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                        Filesize

                                                                        116B

                                                                        MD5

                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                        SHA1

                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                        SHA256

                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                        SHA512

                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                        Filesize

                                                                        372B

                                                                        MD5

                                                                        bf957ad58b55f64219ab3f793e374316

                                                                        SHA1

                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                        SHA256

                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                        SHA512

                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                        Filesize

                                                                        17.8MB

                                                                        MD5

                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                        SHA1

                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                        SHA256

                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                        SHA512

                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

                                                                        Filesize

                                                                        14KB

                                                                        MD5

                                                                        bbe025544bdddf62a76eca40fbb62ee6

                                                                        SHA1

                                                                        4e790b4184eeaa03d084be5ebab4be9d3d8fb534

                                                                        SHA256

                                                                        84fa115c6dc5dbac5e2b01e1463a58f4a0b0c08ca96611987551e722f20f39da

                                                                        SHA512

                                                                        4699e2fde808e5e15e40c129daa04b8b3d689358cce4a1dd1333f542bc2c2451b00f57fca871949f0f106691ddce6f77ea70b8b754367e556b4008e798625612

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        c15e6b15c1e98722758ab6e1cf5fee3d

                                                                        SHA1

                                                                        01aec7c3d6a550cc40383a6a5357f6f885accb00

                                                                        SHA256

                                                                        4457369bf975a3f8943a979cf84be1718e7b7d3f42322bce7f281e5e0a2ef6db

                                                                        SHA512

                                                                        7800c15e222e36ddce10560c3ce691c6e5fffd283a9f4d13c0faa83a5a01cbe3d8ec8ddfaf6a260503e282cd7358f999cdf1440f6b8d7b6f90d76653b8ddc3f3

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        5f82d6e42bbd81e681b35a907483002c

                                                                        SHA1

                                                                        7a9366d2c2cbbff64b0187267c46a248e428d10e

                                                                        SHA256

                                                                        19d2bd7bcc8850ec39ddb8c6a524e7aab883ae66f3fdf16c3b11e9fc3a73162a

                                                                        SHA512

                                                                        0398d938a32c1d18391fcbbaa595b11c504cc5ac5179ab56c63ce906591cac248a17e3000deee26dcb7e367cd077fb155f02f8c21fedacd2037cc428e2b69e18

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        bd82d40dda99f9c488ed28397a15f47e

                                                                        SHA1

                                                                        4a1ea3c91b94635e67b41d5de80088359b173aa1

                                                                        SHA256

                                                                        2c6258552253a90755a0e06686068c94eec798e1a1ec6368a64ab40be788bf78

                                                                        SHA512

                                                                        d75835b774eb5778f576ff76aa338306183c9bf25b4fcac52c935305996e3784de8dd3401b3a890290df283f8c623573c3dcdabc4ebfe865ff55996b9982cd71

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        43cab902c4e0a1355b596a3d3105ea23

                                                                        SHA1

                                                                        8b38eb117d565cdf44138932de7d9cf325eeab6f

                                                                        SHA256

                                                                        610ab6326719939d36da9965b909f2bff24a3891d5d7f3e22e803c357d0d03de

                                                                        SHA512

                                                                        0f7a5e36c22c0de401791586f18467e078cbca6ea1d2599cfc15e269b0cf5a9ce4b0c1f3801478f4f209353f038633727fc5055098edaf73fe201eae22bb9b56

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        def044dabcfadc323a1e330e11af5fa0

                                                                        SHA1

                                                                        85a53129afba7f9c959c796637ca4950eb7d489a

                                                                        SHA256

                                                                        78ac5e685a152d7cb9ba8771763eb20a992006681565ad9a4cb62069b0eef9c2

                                                                        SHA512

                                                                        527af85b953381f0d029ac3519b6c118348345051f1d0884202ac381e6495b71c674a2a2bc56a3ad9101f5c2e7f99385cbaa6b3cc45b18a526731a7b20df1cac

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                        Filesize

                                                                        376KB

                                                                        MD5

                                                                        338ea86ead3bdc42f13d17d0619b999e

                                                                        SHA1

                                                                        a4c8ca6f61301241b6b46be310dbcbca0a117d59

                                                                        SHA256

                                                                        056b4d1953862455ac36ef76bc5269d837dfcf366aa99fced53976807131198c

                                                                        SHA512

                                                                        aae9f2cb132e27e0673d87661fba902a816892cdaa225645a226cf0f7b15a1f19168c99f133daf096f15dd267a2eb7f248aa3f80adfefc914cce0c495e0982e6

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                        Filesize

                                                                        1.1MB

                                                                        MD5

                                                                        e1c78baa219ca5cffe2541c855948b32

                                                                        SHA1

                                                                        5ab5f26696147e8b73cfe317dd3f1809140c4e0c

                                                                        SHA256

                                                                        00adc62d2be34cca56d424dd0ac8634299e38a61021157f2d40989e73ffc1908

                                                                        SHA512

                                                                        63ed76fa616be8f29085f87027b184d3f7b558253bd0559da9c3caf5cce4118db20878ba3bf3d727e8dc0aaf629731ff6ab2364464713ed48c7465f0650221c8

                                                                      • \??\pipe\crashpad_3440_FVITBRKYTFMXILSL

                                                                        MD5

                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                        SHA1

                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                        SHA256

                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                        SHA512

                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                      • memory/1296-60-0x0000000000EE0000-0x0000000000F16000-memory.dmp

                                                                        Filesize

                                                                        216KB

                                                                      • memory/1296-77-0x0000000006040000-0x000000000608C000-memory.dmp

                                                                        Filesize

                                                                        304KB

                                                                      • memory/1296-61-0x0000000005150000-0x0000000005778000-memory.dmp

                                                                        Filesize

                                                                        6.2MB

                                                                      • memory/1296-62-0x00000000057B0000-0x00000000057D2000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                      • memory/1296-82-0x0000000006F60000-0x0000000006F82000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                      • memory/1296-63-0x0000000005950000-0x00000000059B6000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                      • memory/1296-81-0x0000000006F40000-0x0000000006F5A000-memory.dmp

                                                                        Filesize

                                                                        104KB

                                                                      • memory/1296-80-0x0000000006FE0000-0x0000000007076000-memory.dmp

                                                                        Filesize

                                                                        600KB

                                                                      • memory/1296-83-0x00000000076D0000-0x0000000007C74000-memory.dmp

                                                                        Filesize

                                                                        5.6MB

                                                                      • memory/1296-64-0x00000000059C0000-0x0000000005A26000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                      • memory/1296-75-0x0000000005B30000-0x0000000005E84000-memory.dmp

                                                                        Filesize

                                                                        3.3MB

                                                                      • memory/1296-76-0x0000000006000000-0x000000000601E000-memory.dmp

                                                                        Filesize

                                                                        120KB

                                                                      • memory/1320-17-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1279-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1006-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-19-0x0000000000E81000-0x0000000000EAF000-memory.dmp

                                                                        Filesize

                                                                        184KB

                                                                      • memory/1320-1148-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1238-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1266-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1068-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1071-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1235-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1086-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-358-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1138-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-732-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-91-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-768-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-1118-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-412-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-21-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1320-20-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1584-1088-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1584-1089-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/1828-1268-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/2196-3-0x00000000001C0000-0x000000000068F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/2196-4-0x00000000001C0000-0x000000000068F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/2196-18-0x00000000001C0000-0x000000000068F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/2196-0-0x00000000001C0000-0x000000000068F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/2196-2-0x00000000001C1000-0x00000000001EF000-memory.dmp

                                                                        Filesize

                                                                        184KB

                                                                      • memory/2196-1-0x0000000076F44000-0x0000000076F46000-memory.dmp

                                                                        Filesize

                                                                        8KB

                                                                      • memory/2484-78-0x0000000000400000-0x000000000247A000-memory.dmp

                                                                        Filesize

                                                                        32.5MB

                                                                      • memory/4840-554-0x0000000000400000-0x000000000247A000-memory.dmp

                                                                        Filesize

                                                                        32.5MB

                                                                      • memory/4840-639-0x0000000000400000-0x000000000247A000-memory.dmp

                                                                        Filesize

                                                                        32.5MB

                                                                      • memory/6052-531-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                      • memory/6052-514-0x0000000000E80000-0x000000000134F000-memory.dmp

                                                                        Filesize

                                                                        4.8MB