Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 14:12

General

  • Target

    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe

  • Size

    1.8MB

  • MD5

    5bfca15aa84b99438a129e0ecaca71c9

  • SHA1

    85105b5989d512fcc2e3b221ecceb1e71b6585b3

  • SHA256

    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608

  • SHA512

    55af92d4906f1c3f5e2156f4c7090996859514ea44d2adf37b2dcec8d12e03bfef3d366eb6fed55e96079f86c3e92f4a033d6a68aa810460113abbe9affd6231

  • SSDEEP

    49152:RwlsOTS+WEawXwvwfU/ISghvH6HO2OgDujjCEYdz3Q6y:63pwYO+hvH6HO2O5jjC9U

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

c7817d

C2

http://31.41.244.10

Attributes
  • install_dir

    0e8d0864aa

  • install_file

    svoutse.exe

  • strings_key

    5481b88a6ef75bcf21333988a4e47048

  • url_paths

    /Dem7kTu/index.php

rc4.plain

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 7 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe
    "C:\Users\Admin\AppData\Local\Temp\0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
      "C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1192
      • C:\Users\Admin\AppData\Roaming\1000026000\916e1f362f.exe
        "C:\Users\Admin\AppData\Roaming\1000026000\916e1f362f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3084
      • C:\Users\Admin\AppData\Local\Temp\1000030001\e83a5a7d6f.exe
        "C:\Users\Admin\AppData\Local\Temp\1000030001\e83a5a7d6f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1056
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1624
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
          4⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1772
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffca423cc40,0x7ffca423cc4c,0x7ffca423cc58
            5⤵
              PID:432
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1912 /prefetch:2
              5⤵
                PID:3944
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1772 /prefetch:3
                5⤵
                  PID:2596
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2424 /prefetch:8
                  5⤵
                    PID:2080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3176 /prefetch:1
                    5⤵
                      PID:5412
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3200 /prefetch:1
                      5⤵
                        PID:5428
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4016,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4028 /prefetch:1
                        5⤵
                          PID:6868
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4792,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4784 /prefetch:8
                          5⤵
                            PID:6812
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4732 /prefetch:8
                            5⤵
                            • Modifies registry class
                            PID:6588
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5140 /prefetch:8
                            5⤵
                              PID:6564
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5292 /prefetch:8
                              5⤵
                                PID:6436
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=836,i,17955473975995670984,1922106103395341656,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:8
                                5⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:6448
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                              4⤵
                              • Suspicious use of WriteProcessMemory
                              PID:3932
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffca423cc40,0x7ffca423cc4c,0x7ffca423cc58
                                5⤵
                                  PID:1904
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account
                                4⤵
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of WriteProcessMemory
                                PID:4480
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca35146f8,0x7ffca3514708,0x7ffca3514718
                                  5⤵
                                    PID:3056
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
                                    5⤵
                                      PID:3100
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
                                      5⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3856
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                                      5⤵
                                        PID:2200
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                                        5⤵
                                          PID:5564
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                                          5⤵
                                            PID:5572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
                                            5⤵
                                              PID:5216
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                                              5⤵
                                                PID:6480
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6520646249591142377,3950589832309380062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
                                                5⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2460
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                              4⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:2780
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffca35146f8,0x7ffca3514708,0x7ffca3514718
                                                5⤵
                                                  PID:940
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16546881696583460005,1387190003307850865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
                                                  5⤵
                                                    PID:2320
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16546881696583460005,1387190003307850865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                                                    5⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1480
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                  4⤵
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:116
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                    5⤵
                                                    • Checks processor information in registry
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:4740
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46fa85bc-e387-41da-ac42-3da37e0328bf} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" gpu
                                                      6⤵
                                                        PID:4900
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9e643a-e1e0-47bc-a76d-d6450bd6a4e6} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" socket
                                                        6⤵
                                                          PID:4928
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2844 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 2940 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12c45b37-16b0-42ec-95db-02160b98dbcf} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                          6⤵
                                                            PID:5500
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3608 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17dbe867-4cf6-4b11-9b42-4012e82ec292} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                            6⤵
                                                              PID:5768
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4016 -childID 3 -isForBrowser -prefsHandle 4008 -prefMapHandle 3636 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9414ffb2-73fe-48ff-b129-296af0bc72bc} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                              6⤵
                                                                PID:5940
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4952 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4824 -prefMapHandle 4948 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e14c808c-6c86-4751-a14e-1c7237876814} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" utility
                                                                6⤵
                                                                • Checks processor information in registry
                                                                PID:6756
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 4 -isForBrowser -prefsHandle 5936 -prefMapHandle 5920 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09934ff5-aa54-4b52-8fac-d1858c7d72b8} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                                6⤵
                                                                  PID:6556
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6068 -childID 5 -isForBrowser -prefsHandle 6076 -prefMapHandle 6080 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815b665e-6d91-43d8-8447-be3de35e0d7e} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                                  6⤵
                                                                    PID:6580
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6180 -childID 6 -isForBrowser -prefsHandle 6312 -prefMapHandle 6316 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41311afd-3c78-4501-a4e1-9b511c79cc1d} 4740 "\\.\pipe\gecko-crash-server-pipe.4740" tab
                                                                    6⤵
                                                                      PID:6604
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                  4⤵
                                                                  • Suspicious use of WriteProcessMemory
                                                                  PID:3280
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                    5⤵
                                                                    • Checks processor information in registry
                                                                    PID:3844
                                                          • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                            C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                            1⤵
                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                            • Checks BIOS information in registry
                                                            • Executes dropped EXE
                                                            • Identifies Wine through registry keys
                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4364
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:6128
                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                              1⤵
                                                                PID:7060
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:5812
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                  1⤵
                                                                    PID:1588
                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    1⤵
                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                    • Checks BIOS information in registry
                                                                    • Executes dropped EXE
                                                                    • Identifies Wine through registry keys
                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4868
                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                    1⤵
                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                    • Checks BIOS information in registry
                                                                    • Executes dropped EXE
                                                                    • Identifies Wine through registry keys
                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2872

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    40B

                                                                    MD5

                                                                    8443833de2902fb02c86c846d732af84

                                                                    SHA1

                                                                    1ec619adbd182f18925bc38a333a548033d82c46

                                                                    SHA256

                                                                    973d5f5d1fef1a275b7a31bdf41d1d62181de8cd5796ca1be0a2f201633d3026

                                                                    SHA512

                                                                    0134bcec90cf79714fc69f3b4aa87f1e79d4be0fb2995c841f479c851ece54b7ea6f51f8878e9fab70425a1efbff089377406460bee893363467f6ad3c0cd9a8

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                    Filesize

                                                                    649B

                                                                    MD5

                                                                    206e3b0d530e56fbaaa35fcdfb4ffbde

                                                                    SHA1

                                                                    4ac3ee23bfff6cc4fe81c2826b1b14e92e55861a

                                                                    SHA256

                                                                    c3323a5d597d1d81a2dc5a7a090ab4f8c28b00263dec10449f6814a834110019

                                                                    SHA512

                                                                    e1ef6fbdeb218be063066cccec66bef6e522b30fcb667356a9cc586317074555f862477078f84de1ed7806743bcd74813910334ad2c37cbbcc34798be1dbb913

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    552B

                                                                    MD5

                                                                    ea9f85983160cd2afc246166c3164d42

                                                                    SHA1

                                                                    4e4ce8314b9540cba2a5d8e7acad5a186e5d2d0d

                                                                    SHA256

                                                                    11be4ca46a89b55f3c4e98e90bda87a69f1a39c79d7b027ad2558fb576696dd0

                                                                    SHA512

                                                                    b7a80d07d3fd0c9f654cebdcff88294f8a030058a87001d79f94dfe5da6fcd270deeaf946084c5f5ed4a24f48082437877a327ba9ae3582e48ee4f349fcf33e7

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    79b85fe429338d0c08c2ad90e57ef643

                                                                    SHA1

                                                                    dba28cc2cb63e633e6d38287cb2c3325b1aae376

                                                                    SHA256

                                                                    d329a81c2cbd11b329269ac6a5f1cad82952b193874a72deff1fa8b97b87537d

                                                                    SHA512

                                                                    88deda7d995654a6216ee7a751879a02c4417ada071e989fa0a3e27803cd5e55d502e530aecb11bb74881418421826982ccef260624c8646925e2c137bfbc974

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    93ef23153fd382c292e51a9b24dffdfa

                                                                    SHA1

                                                                    e46682977049d65bad0e824ddadb168fc1b53c22

                                                                    SHA256

                                                                    75e6b2ea660f3750d1ee2c01234d557b8b03a1d8f3c3df559415aba330bf8fe8

                                                                    SHA512

                                                                    1e1a68d1e5384033ad5ed89f970bcf5102ac5b473a7aa5c3e982273561504c3fd7c334b7e637f80e73cfc21e10f0c5a5f41856fd5702e8d40449f58b0da3340f

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    e55f67dca2d40be80d6698936e597af9

                                                                    SHA1

                                                                    3bf86d5dc0427b2323cbfcf129f06a60a16441ab

                                                                    SHA256

                                                                    acc8ccdf011c4db17e902d5ceb458903add8fc3d7b8cb2f4794092f660eb2163

                                                                    SHA512

                                                                    a82caf195286e3d534b299a02dbfdf444c0d6ebcf47066363cb5940d6d3de2ffe351019a3a9d18eba965b4f76b636ff93a2ad363d9abaa783f13340c7ae2f7f7

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                    Filesize

                                                                    2B

                                                                    MD5

                                                                    d751713988987e9331980363e24189ce

                                                                    SHA1

                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                    SHA256

                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                    SHA512

                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    522B

                                                                    MD5

                                                                    4b3e80251cf4754fc5a8bbcc90e0fa15

                                                                    SHA1

                                                                    a46d46a7acf7499b114d446e32803ce5507c30ac

                                                                    SHA256

                                                                    4940415639f446fc9afca0a9e80643d2a84434c7f5f04ce5b3bff350315a47ff

                                                                    SHA512

                                                                    da36a80d503e6cf15f5c505d30d08cef6cfd21f6ea5cc268ac558f00595fe3e3ba1781a72142e05c143b49ad4e26631f3e2287cf29fdfcc466090417b152e622

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    520B

                                                                    MD5

                                                                    01ed495462787abdffcb6b3d4be593d4

                                                                    SHA1

                                                                    e26760e2e62938d05e2bd689728abd68179dcaac

                                                                    SHA256

                                                                    40aa626b02e4f371d0fe1301fad54dcce7c08e93ca52b2b230cf86d7381f6f72

                                                                    SHA512

                                                                    d699f67a371eb7f979ff94bcf6d06005d285924c55197e9504b43a0cca363724bc1e0c9f3c26631ca2b1da1bf7f2228a17d5a40c3a2aafeb2f3770359472853a

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    522B

                                                                    MD5

                                                                    c01c2d6b11d70a376583a233b906a5ea

                                                                    SHA1

                                                                    fe9a999b768c138dab4321acc1b2dcefce306875

                                                                    SHA256

                                                                    e8f22f9bbba46b1a7a8be2bcb9098ea034d65919ce9ecac33474464f67aa3844

                                                                    SHA512

                                                                    2ee20fefbfa84198e0ecdededd07d544d61d9a9f999ffdcaffea209159d109419de197052349901a6692e5e747d77126330785bbd6975eaab0369cbfd75df9c6

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    0ffe543d3fcb2bf9b4993354f4295b0d

                                                                    SHA1

                                                                    e9a430a62ffd5915e462285a9ef5c81ea195825f

                                                                    SHA256

                                                                    48523d7f35fd5933c79f15280e97fd8fc6c2dfdbdfb98738b6da9ac8541fe84e

                                                                    SHA512

                                                                    4a017fe2ffcda8dd38adde0a43a7e12aabb6b6f6afb17f29dd81384cb1a0b8d4a14d9f148eba13e3c3f34db4a1efa8f003c2d289cfaaa4ccb205b5c26e511f16

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    a82d5f0d4615dd56e72b844a4208f17d

                                                                    SHA1

                                                                    8accec908fbe986fda10b4c89974940551a71946

                                                                    SHA256

                                                                    115255809eb9d3f3c69b83d8f17449dcd0eb3b1728af0135353b9f10eedc9b66

                                                                    SHA512

                                                                    ba16fee7dd55a7588f24d194abb7fa5b646ba054f6d99d5383b8cbd1910b6c71a5987a9c3d56d07541c63d2777e75a52d5e026f6aa11d85d694b9b4e60ac6739

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    9b043c927db6693432cf6352994f4c1b

                                                                    SHA1

                                                                    404395ec6b1af09e1b1c74f6a99f2c300ca78678

                                                                    SHA256

                                                                    73eab72e2f0be50320160cf71f24cca7ed84ff7fb9bbcf3cc4e8d0e78091b030

                                                                    SHA512

                                                                    c933325a526075304984139c72ac11ef9d28c3a07eb74c5f70a5040bc7315c309c98d44fae06cc80503103fa2141e3ede0e53297f63c0873fbfbbed788f278ff

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    30220ce7bac1991c6b16e6e2b95d891f

                                                                    SHA1

                                                                    91b22a4485b2a4db9f353aef6190f64ba2a9ff8d

                                                                    SHA256

                                                                    874899f2184cbf697c9998a9aefe759f4741ed71068cfd4fc4cca38435bc1602

                                                                    SHA512

                                                                    16281056323e75d4d656eea2438a3051773995b7ac6b96d2da89494652772bbd8b1f8c4efb48c09f85ac1d4b25a9fff1ac514c27722dec318f66a57b7d911931

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    16eb2ddb5ca406eff9cbac99c9f6e985

                                                                    SHA1

                                                                    c45fa48561fc385b89a100f711e7109f2eb83c72

                                                                    SHA256

                                                                    fddbd0dd028fa0121a96f59004d0dccf1f38b3e187ce6fb3aed3e8211cd7a4b1

                                                                    SHA512

                                                                    1d1fff1e42744cbc93705ac02d13c86afd13d1c8c450dc5056875ffd2dbfbeedc596f1145d4e8a5ebdbbcb681bfb6c0b4a3d4f312a97ba2b46a9ded461ea6337

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    a54dfcfd9a8b9506f9b1ac9988232891

                                                                    SHA1

                                                                    13bd939964a1616a830e98a0e47d935aa59c1161

                                                                    SHA256

                                                                    95d541619cbe25bbbdcd8cb4b60d0e89f6d3441f6d55aa2b982ef2dea2c164d1

                                                                    SHA512

                                                                    c02070f5a420c1d75cf583a2be3b348b56ded643d4888dd841ced301e0e15a50ea70306534fd155245ea0574ad658664b3c85accc5cd0108f08ab80aece64f46

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    748357c1f8a1ec660165e3a8387ba913

                                                                    SHA1

                                                                    9dbaa1b6b4d25d1798233f360f320b97d184d216

                                                                    SHA256

                                                                    c98fc2c9d8074ced112c68f88e15e8cb3454cc74a1fbf36987c4d0ad6d06321e

                                                                    SHA512

                                                                    4e27a7a1f68efec9e343f1f72c3dd000e94b7743ec062b3140bde880abdb82bb4d69fa8e9d97f19fb2bde669eb8c046f3fad3160fb31c9684fe8158e5035470e

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    3c25318f171b5b2e1949b6657b5aeb6b

                                                                    SHA1

                                                                    2492134ef2d416f156b615976ca6826d4761aa3e

                                                                    SHA256

                                                                    346217aef9d27b7312b7a9b640b0dea20523ae4e89123305fa49a82670e02aca

                                                                    SHA512

                                                                    856799503b12208663ab78300a7129b81db14d356b6311c0460e7a09d64ca9c120e13e71455a062b809f701b2c06f4a48b8d113e0516fc6d3d2f12ba887f55d0

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    e20fe2e3cab28d5153670e41788ba1d8

                                                                    SHA1

                                                                    384cdc82211f8167a2587bc2daa17f09c9e15634

                                                                    SHA256

                                                                    8f99571a566ee86f28af96f8c1bad9cf466bb0804198a828e1478530a72c8c83

                                                                    SHA512

                                                                    edd42608a3b427596da7dc1318372d06417cb090e78d9440a87d0444df2158e094428c36137a28c3ff6df6dc0be8931fc689ef0e97188a89507888e4e215b9d1

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                    Filesize

                                                                    15KB

                                                                    MD5

                                                                    c9901bb3550779656c957ecc731a2aef

                                                                    SHA1

                                                                    a2fa7a1d897023a1224c8bc70adac01fe91227c9

                                                                    SHA256

                                                                    1f835e3989ed004a549c95b15458d9cd044c1abbc454bdccd8613c6c71403728

                                                                    SHA512

                                                                    862ae46717cca44b0ab7e86933108071b356e48ea7aea047cb21b242808210a170e19fdae19aa97593a8e07149ec435053539765bdb59f33c6be2ce29c074896

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    206KB

                                                                    MD5

                                                                    d75c2058df1b1e46b4211746e6bd2b4f

                                                                    SHA1

                                                                    bee7e52585f69464ff5d34d7772cc8ddeb3e9d5f

                                                                    SHA256

                                                                    1ecd61d08535889ddcf574f9409339e25235e6144cfe52dd33037e48c16ee89e

                                                                    SHA512

                                                                    150cd1a08b3dc5d84538a86e1f36291aaa4d25b811a3aa4f61aa72a422c01b88b863ff35fbda9a77d0f872e218d61cf1ba5672b82a3041166e7979a572579e28

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    207KB

                                                                    MD5

                                                                    5d31c5bc54a07aa2c528417468286826

                                                                    SHA1

                                                                    dea2cb3827a277feaad17c5a25a49f01eaae8f38

                                                                    SHA256

                                                                    a3442946b71d9ef8cae20017883e941fdba7d84692b9618e44274876479fa91f

                                                                    SHA512

                                                                    77264a0ec30f35146057b70872e95179c55c243b7a5c932b7cff8e30c93e44e88420406b9abc8efeaa8257a157c6e3938a594a4a03e84a213c7a1d8f70329b76

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    27304926d60324abe74d7a4b571c35ea

                                                                    SHA1

                                                                    78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                    SHA256

                                                                    7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                    SHA512

                                                                    f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    9e3fc58a8fb86c93d19e1500b873ef6f

                                                                    SHA1

                                                                    c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                    SHA256

                                                                    828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                    SHA512

                                                                    e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                    Filesize

                                                                    51KB

                                                                    MD5

                                                                    f61f0d4d0f968d5bba39a84c76277e1a

                                                                    SHA1

                                                                    aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

                                                                    SHA256

                                                                    57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

                                                                    SHA512

                                                                    6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                    Filesize

                                                                    32KB

                                                                    MD5

                                                                    e6fd019802e4caf75cc550b3df828db0

                                                                    SHA1

                                                                    f8a85e905b071c3b4309c345e52ebd60f31778b9

                                                                    SHA256

                                                                    9a4d03b9c6e9951eb4b28e4d1137d395ffe902e82a5713c9e5179463d5351f25

                                                                    SHA512

                                                                    3439e2be3a5146362cc0ac40e9a5c1c55887be0177d7fe5c6b4cafdc3a17c52c72055247dd8bf7d6d0423f816fb2ec4df1b69d222a3ade8fe023fb8b3eaa5b79

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                    Filesize

                                                                    38KB

                                                                    MD5

                                                                    d2d2809abccb934fdaeb28495aad6cc0

                                                                    SHA1

                                                                    bb45cdb313bef33258c77fe2bc7a355b091bae61

                                                                    SHA256

                                                                    1140160bac9d000fe420508a039047da882dd4e754d87969ccae9226677ff312

                                                                    SHA512

                                                                    bc117aa72314a6cba24625b3ebfd8966aac7e70c026007130721b01321cf5b3b1a89884d713b7985f79602fdf3a8c11dd8190813df44b87914834be4cb95dc86

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    504B

                                                                    MD5

                                                                    d1d1f6be75e09a24bc6d8625f56dacc0

                                                                    SHA1

                                                                    9c38afadb26d4b38cba658da41e65e01c12e5e84

                                                                    SHA256

                                                                    ed7e1c9fc3b22a0ab078539a5fee15be65a895ea897e56b71393f808708ef9ac

                                                                    SHA512

                                                                    c5780641cd8268ca4650de4b19cc6294d952e7b4d3f2a78f918ca53e47683ed65279db13cc055bd2f6517ac48876f9e6844dd5b04a4bebbef090a9897c853401

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    2371d6f84a044192e0ef2f082a345ae8

                                                                    SHA1

                                                                    08affdc52f1417ad648b56f05577b5ee799aff19

                                                                    SHA256

                                                                    98b89956ae14ef2708f8a7703de7a90ce79a0442fa2e10787fe4a7a443a4edfb

                                                                    SHA512

                                                                    3bd123898812ea6ed614f442617937e3e26bf1819f3f47d6aa5b540c840e606a3245273d3c1c4b82b44e71216581ef46307c28bf0583da60023481c964f29967

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    153d72926a90a25f1c0518b72bf20bc9

                                                                    SHA1

                                                                    8e3de2c8836e409654ccf980a7a68ed78aba5c10

                                                                    SHA256

                                                                    d1e7a1e2c29d542673a21b258ca54648008a965d220f44a69561468dba6ef432

                                                                    SHA512

                                                                    0b8c968ad269f4261e1a9430da4d206e986f999f1e1f7d1f816326b36ed90298177e9263ee5001234a1a571f71b87ca855f2a638ab72d244ab7db617b3fd679b

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    d49746b1208267351add7364185341a3

                                                                    SHA1

                                                                    fc9799405d4b3b5fb2e066d0a5e7af4d3e6c138e

                                                                    SHA256

                                                                    59b74f05a73d6a98ffc49d661ef550e6dc9ce928f825bf8ea63ce104852608e9

                                                                    SHA512

                                                                    3b5b518621d8ae1ae7a7db302ecd3e0c72a1af884f872412f03ebfacbee0e41a436b3c47abb0234560d3a77add67a9f2e8cae3887247a7da85d84bc48f72a848

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    eac459becaeb3e50be6c28a2debf2d5b

                                                                    SHA1

                                                                    08c1042c1da955012bb53497e19585aa1d7b7bdc

                                                                    SHA256

                                                                    d373f66fe698cb4f63ec9311c13bc717ab3150172b221808241c83471ef81b0a

                                                                    SHA512

                                                                    1a684af0455acf4de89301881ad1075e65846300bfb8273f8d9f02a79bbd83974ee267bf36462e967a6aadb23fb7b4a2b0aef3d0f979f0228942a26e9062d3ae

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                    Filesize

                                                                    539B

                                                                    MD5

                                                                    1cb5e33a9c2708e0c588b13b3fa20ab6

                                                                    SHA1

                                                                    fb5e166c67cc6875c5457bc49ff8f1eaa2f18c4a

                                                                    SHA256

                                                                    0904928bd033eb924bad68359d932f64638996dfaed87dc838feec8fb1faeea4

                                                                    SHA512

                                                                    9bc6dab6a9c1e8a4b9be8096978c47cfcc00bce749ea46a176e0349297c860e5ae90ea26d2a402c231feaa9b6c7d6edb814094aa432598f0116e1eb9002b6412

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581279.TMP

                                                                    Filesize

                                                                    539B

                                                                    MD5

                                                                    ed27e76b3541eb04b0d3e004bf635811

                                                                    SHA1

                                                                    28bb841d97a698778a5f7583eb09bd9dd0c26d0a

                                                                    SHA256

                                                                    2e481c03e40f3fa91256138f3a03248e1537802542e8a86aa22991ebc3383890

                                                                    SHA512

                                                                    298fcd3f9cc98d2a025e0ae3ee41b4549fc257e0091a3694736f504f6a6f9b133014ff2676d4dec4649b1cf1bddf33b0d64cd94fc8264f6dad60a50b9216c7ec

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    4af5fbdae9abbe5964efb1801bade7ce

                                                                    SHA1

                                                                    91727d0454b35e67476e7be7d412f2e1440c7ea5

                                                                    SHA256

                                                                    74a07178a702d247c56f0fa88c6cdffb7bafb4c55aed440303aeb00565badb7c

                                                                    SHA512

                                                                    96d5c4773d99fcc9252e49e5bbae7bacc846a2d5c3b5d3e5096c5fe6fd4d8f34874e994b5765bbace510f589fcd18a625e9a1df96c728fe32a1ae8383e2bce66

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    4a23204d534c6473337e48020682efe3

                                                                    SHA1

                                                                    9dd07bbf628625e5c91c41e65dd081d243920d93

                                                                    SHA256

                                                                    53df3e7fbdf349bbae855a836a5ce72f95e95f161b430057796ee22ada688910

                                                                    SHA512

                                                                    b0966563625c0793aa8d47c5f37bee72fd1b479c68357d4b1b6d279af3eea85b5f1764a59db3149f563e71e24860ecb6e6a83fe4c75c5fd7eae6ff04bceec1df

                                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

                                                                    Filesize

                                                                    13KB

                                                                    MD5

                                                                    bccc03df1c20d8f0f53583694d6de8d4

                                                                    SHA1

                                                                    2a6d07292fd02f7d94aef8215911763fc8e21c3c

                                                                    SHA256

                                                                    3791bcd30c128649ca48ce11c831ee37a37f2fb8429e519e49c156dce1e5de4c

                                                                    SHA512

                                                                    b1e39b75c1dfc23da3bb0ebb1726d479b4694be5d8ca4e701be5743c2256cff3436591656effe11fe57143c0fb4ac107c179a6d0b23f5fd19c1d0f12e8d97276

                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

                                                                    Filesize

                                                                    1.8MB

                                                                    MD5

                                                                    5bfca15aa84b99438a129e0ecaca71c9

                                                                    SHA1

                                                                    85105b5989d512fcc2e3b221ecceb1e71b6585b3

                                                                    SHA256

                                                                    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608

                                                                    SHA512

                                                                    55af92d4906f1c3f5e2156f4c7090996859514ea44d2adf37b2dcec8d12e03bfef3d366eb6fed55e96079f86c3e92f4a033d6a68aa810460113abbe9affd6231

                                                                  • C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1

                                                                    Filesize

                                                                    3KB

                                                                    MD5

                                                                    1f5ac0c26ba396b7af106e48db46ebcd

                                                                    SHA1

                                                                    5b504936cf427af26479bb1c0ec275a2fc77270a

                                                                    SHA256

                                                                    280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef

                                                                    SHA512

                                                                    65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_50pzgyvp.zdd.ps1

                                                                    Filesize

                                                                    60B

                                                                    MD5

                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                    SHA1

                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                    SHA256

                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                    SHA512

                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                    Filesize

                                                                    479KB

                                                                    MD5

                                                                    09372174e83dbbf696ee732fd2e875bb

                                                                    SHA1

                                                                    ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                    SHA256

                                                                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                    SHA512

                                                                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                    Filesize

                                                                    13.8MB

                                                                    MD5

                                                                    0a8747a2ac9ac08ae9508f36c6d75692

                                                                    SHA1

                                                                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                    SHA256

                                                                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                    SHA512

                                                                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                  • C:\Users\Admin\AppData\Roaming\1000026000\916e1f362f.exe

                                                                    Filesize

                                                                    1.7MB

                                                                    MD5

                                                                    9f2ea8da04f80eb3da5aa70a8b0dec4f

                                                                    SHA1

                                                                    512b90952420f05ba4e9bbc373ca739e62a09d39

                                                                    SHA256

                                                                    f5117e607da6f40b945427386ad04ced62b3473351008eed049c3e9653222826

                                                                    SHA512

                                                                    c05467a56476014fe6a4866e74ab0a716bde6213ce2bcf6c0eddc9b4702e5dc83d797722f4fe2adfe5bff1eee1eaae435c89113ab53935fbacb9fc760795d497

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

                                                                    Filesize

                                                                    25KB

                                                                    MD5

                                                                    8ddb70dc6d5db498e1ece314d9a24ee3

                                                                    SHA1

                                                                    c622e8c09cdd3d077aaf783370fceb15883ff5a8

                                                                    SHA256

                                                                    ac2129efdcbf0e74659ff8132dfda877e4ff94ae62728cf7eebb1bedd1f32286

                                                                    SHA512

                                                                    06c614118a464c16c3bd719d50d163c9abbb52584691825288411019bd69045ad3c48f4136502e29802789e95b87f49feea5448bd37fe16e63df8a598c9f6e69

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    0cb49553e94de10ebcbf192514a5d73a

                                                                    SHA1

                                                                    dc0edebe73a4fed891fe71d0a66742689b6de616

                                                                    SHA256

                                                                    8eaeaa895ad251d7ccca1457ff3de12f75ce1390ce1e3acb6536df2a48758609

                                                                    SHA512

                                                                    31e7f462eec253536a16c4f630e568dd9cfe8a8436ab544a7b261b1cd6de22cafa756bdaa99a91b52f2ed31cbc19f04ad12673df1db5c5f64be4fefb96c184f3

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    b5570ca77bff9757b07ead67b399de47

                                                                    SHA1

                                                                    e3876be377526c1c80faca30e94e6fc981cd977e

                                                                    SHA256

                                                                    6954ee9d532fc0a9036e36b2b690ace4cd4ee77a5e509bbb0d00dc04c61a9568

                                                                    SHA512

                                                                    0be72d588349c51eb2b22e860b655d3c771d3dea51c1a2475c56fbb9c312335e727d1b0757a022a75ee00d8c8a4a2e2d9c5f3ac16a70ea5edd767dbd9fd4d42f

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    3c1c7e822d2b0f382e11394c571dd20a

                                                                    SHA1

                                                                    45fff5810562b41f8baac6416f8c6f20fa15bb8b

                                                                    SHA256

                                                                    88641e642d77b38323a514aa0b11e5a5afa76adcf2756db564ae361429110317

                                                                    SHA512

                                                                    3fa1f42791b7c2fccb201ff0192eca1953bff7d6526cf879c4a909e281bacc079fa46df6419f42904aafa327f0298f74dda69d20dc57023eb1b5cffadb532dc9

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

                                                                    Filesize

                                                                    22KB

                                                                    MD5

                                                                    412cace1e5b1345afefa35c27a403e6c

                                                                    SHA1

                                                                    e2f59c7fbbe165f96298446fad991e1192e47f97

                                                                    SHA256

                                                                    a8e6508dfc215dd6363b95a97dfbfe0c82db105d188fb044d5cb0815aeafa76e

                                                                    SHA512

                                                                    5bacf3bcf41b6e8a14bd82b3970dc1d9236bd704a880820669035b4d6263c2529e33196329d3f15418618a5d37d40bdffdc16bc0ff12513dba1eb9a3eee24f04

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

                                                                    Filesize

                                                                    14KB

                                                                    MD5

                                                                    8bf0c44c74426984d96a6dd356af6650

                                                                    SHA1

                                                                    71b61c8a679c77bb78a77958033028a532b9eb47

                                                                    SHA256

                                                                    c3d7379ca467d3621a1093cfd9260d5a38449b2ae7801ce2caf7d3083f1a6ed8

                                                                    SHA512

                                                                    72b2520433c8273595c3ab28eb8e701cfdc580716e5427b23b5db18b8a78d3a8ccd692158dfaabaee6791614c9342eea3e24f4f521c7a1a0fb88da6dc1095c05

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    59102156f4441f2bf2419380e3cced50

                                                                    SHA1

                                                                    0b140c3696cf82d10f051b92fddc1a958974ba82

                                                                    SHA256

                                                                    5faaa044617104f3aab41c2967aa72bdd27f91465df9ab6eb07d0675dafc2aa8

                                                                    SHA512

                                                                    372eb90820a1289669d71b941e573a23bf0e550610fe4bf9fd14d120acdaed3bcc0ea53dda9e370b09fcd8be930ad3bc5a7109b445ec5de4a692b5d76a732b31

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    f36847b277901dd44a43f203b7efa7fb

                                                                    SHA1

                                                                    6ec627950478d15ad53369f3dd1090faad7f9dbd

                                                                    SHA256

                                                                    ebb7d34a32237e7a184fbcf08517126f328604f6334e52045005bf90693aac49

                                                                    SHA512

                                                                    8fadab6abc5c324464e38509cfb451d8ba3577835dc796d7e953b56f3a444514b1225a88d7207d4d693d8b0cab6275b0e90584c74687b5a69af9cbe75b0ad323

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\45cb7ee5-d0fe-4742-89dd-a3085f352fed

                                                                    Filesize

                                                                    982B

                                                                    MD5

                                                                    723c3585021b2e0c0ec00762e9f54eb6

                                                                    SHA1

                                                                    af97d6d4d9f6a57dafa90d4d8a78760393c108d5

                                                                    SHA256

                                                                    507b8c9f969cecc1444432e216c7ce7702855ee5a78cac8628fb10116c10584f

                                                                    SHA512

                                                                    ab8ab7149b6552839b5ad55720837c1a8eab4987eb4b236846528966babf2af431188f5513ef5e11a56c07d35594c9945cea6571b3f92a25777971e61cf0d447

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\a436edb2-1b87-4d27-9c9f-8c23aa950dd0

                                                                    Filesize

                                                                    26KB

                                                                    MD5

                                                                    dfcf64c6b8af254666eeeeee6b89f724

                                                                    SHA1

                                                                    a1e56264438af64afa0a3ebdc0b976eedeb6ecc5

                                                                    SHA256

                                                                    66694120d9be1c8857d58eca06287f4ecd67e204e6a9ea6e6f08b98a888fa004

                                                                    SHA512

                                                                    15cdccfb0359bda92b481fed2b6a069ebcfd61d67e80e2b8c6f63d26174d280b4bd4820f074356ecd0dabfa6d0f05b7ee5b73c6be1a91c00935a6df04aa01a96

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\fae59404-5a27-4e41-aa08-bbc7ffcd2b48

                                                                    Filesize

                                                                    671B

                                                                    MD5

                                                                    9ec87c57aa7c03e3bdbafafec8f0c4f6

                                                                    SHA1

                                                                    bb8ba8f1a418d125fe508a6a5a2b18561a8d4317

                                                                    SHA256

                                                                    23b8a578f2b68f68fe8c2c930ad5e4612f920d7ae457d7c52af38bf2ffff6ede

                                                                    SHA512

                                                                    6164c930ab8601ae99e1f5ecebf0c4c4bfcd25dffa065e18716a9f2c67d2cc08f1f5fc4c0db0afc204d13b64fc48e5e7ba50655627d523aad80989a976e4f9c8

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                    Filesize

                                                                    1.1MB

                                                                    MD5

                                                                    842039753bf41fa5e11b3a1383061a87

                                                                    SHA1

                                                                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                    SHA256

                                                                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                    SHA512

                                                                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                    Filesize

                                                                    116B

                                                                    MD5

                                                                    2a461e9eb87fd1955cea740a3444ee7a

                                                                    SHA1

                                                                    b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                    SHA256

                                                                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                    SHA512

                                                                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                    Filesize

                                                                    372B

                                                                    MD5

                                                                    bf957ad58b55f64219ab3f793e374316

                                                                    SHA1

                                                                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                    SHA256

                                                                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                    SHA512

                                                                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                    Filesize

                                                                    17.8MB

                                                                    MD5

                                                                    daf7ef3acccab478aaa7d6dc1c60f865

                                                                    SHA1

                                                                    f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                    SHA256

                                                                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                    SHA512

                                                                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

                                                                    Filesize

                                                                    13KB

                                                                    MD5

                                                                    050f2213a46550868bacf32fb38dd68b

                                                                    SHA1

                                                                    68096f69729937934eb7ef688b1f081d7422d350

                                                                    SHA256

                                                                    cea55f9f2e1cdaec7a027669e7a98a1544e97503d21a5a2b0465face625fa2f8

                                                                    SHA512

                                                                    2f28e99bc9f4f15cae881ded50263fabdf01ec1ea55959ac31974e0cdd6652e767b17cf12e4a775cd9fb47b05e876215ccf5a13ed20abc8af31bf9ca6813fbdd

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    362b984be70e9c7a4e536f52e85a6367

                                                                    SHA1

                                                                    004efcc9f0215fd416937a2b52921f888ca1f76c

                                                                    SHA256

                                                                    35dd813a5e629a138b3e57e18cf63e317bca628e7bdc9243882ae16904d577cc

                                                                    SHA512

                                                                    d9622f668dd32db5565ba8d78dc76350cf7e7a6cbed6a1ef0b36ed32d2bb95fb5e5c1d065263ddaf4b7ef8f128e7a52a9e36b2bd20e3e5c7f28fae56d616a6ad

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    afcaa3af1e6d15b5122b0e1413e8f536

                                                                    SHA1

                                                                    529cd9184988fff2c7d0ed94710912f3b52624f0

                                                                    SHA256

                                                                    bf5789bf9930683c85f8e8841818dc25f807f105dc4af1813d89ffcd267d6d95

                                                                    SHA512

                                                                    d389c9e0cadfcbdde94ddc683ac92edbfdf7db1a84d10aaf4339d9be3319723398bd338e506992148711f1c230720014d3719de19a24fa780a6fb8a4c3a56004

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    de6510b27d65c5176882730e57ccbbb8

                                                                    SHA1

                                                                    7b2fdea45db854f2de0ae6c98527db747a720992

                                                                    SHA256

                                                                    25304f7d11880e3afb1cefb7cf91d68491beb5574dddb4e7346b315ee6b7a638

                                                                    SHA512

                                                                    5e91108c342c99d89f7ba879e486fd6d4c4a6baaf65e0f9cc7bce7e99cda19d13e7889ec66cefeb4f64deabe2ea26bc26c437f730a5ea8589f11923b1ba774d5

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f9603e23de6fd26f059722bc0b0c55b5

                                                                    SHA1

                                                                    e121b510e03aae336754702f2f13f1a6c61f3b63

                                                                    SHA256

                                                                    0b84dbafde8c546778c1ce121ce98bfd12f50425e97e201401a73a9790827674

                                                                    SHA512

                                                                    d283bcc888aa980dc125ce4bf4f92ff09d30bb71c7b78bff38c008bddcf01d65627b86f36db7a479c8bb0ef3d0503d37feb7bdd133fe80d2196648f7bd7ad744

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    36c0c02bd9a14570213233f6d14c980e

                                                                    SHA1

                                                                    1d4d24d82b627afb6ea5cfee91faa3463ccdeedd

                                                                    SHA256

                                                                    12d9213ad6edafa37e49d6d4127cd8875dc55a961d143d9d1393ae9389770475

                                                                    SHA512

                                                                    04f99133e72a58780495e603e67ac8c90544a92b89573b4f12aa7ecaecb0052c971aa75f391163a807801f94308523fd5e9f3987b42ccbc1f73ca62a5dacc4f7

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                    Filesize

                                                                    1.9MB

                                                                    MD5

                                                                    c571bdf983c7b2d22d0b6f9438a4e2de

                                                                    SHA1

                                                                    e254d12e16fc954aba39c912a177d41c15d39a75

                                                                    SHA256

                                                                    2e0146083395ae20292b3016eb022d53e496849d1ed57400a5ae71d63b92a850

                                                                    SHA512

                                                                    80f36c8d523099799687f5e53f965d7d9be19ff737fdc5f429d84ee3da42f8f6e8066cc9a031322730d18967bba74ac03b24f097434dfd5647c645af359be5db

                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                    Filesize

                                                                    1.1MB

                                                                    MD5

                                                                    8eb3b92c7a359a0eb92570b3289b91bf

                                                                    SHA1

                                                                    aed3f0f95b94d088ada4bfc87d3b780d7c155969

                                                                    SHA256

                                                                    c85148ccee433a69ec7d1a7f21b0936f6552ff2f41c2bf7e4b3df75efe4119df

                                                                    SHA512

                                                                    26ab65a4d0cf38e6b78c6022167cc717e9a3c1f4a071af7e6bc368c0b7c8bc00b63b8d3bd78a4aad8ebb9561e34f7c00fea18f8ea4dc7d847005bf3bec1eb067

                                                                  • \??\pipe\crashpad_1772_WXPFEENOKTOIFFVI

                                                                    MD5

                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                    SHA1

                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                    SHA256

                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                    SHA512

                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                  • memory/1056-70-0x0000000000490000-0x0000000000B13000-memory.dmp

                                                                    Filesize

                                                                    6.5MB

                                                                  • memory/1056-56-0x0000000000490000-0x0000000000B13000-memory.dmp

                                                                    Filesize

                                                                    6.5MB

                                                                  • memory/1192-1478-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-16-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-1897-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-21-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-55-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-2936-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-19-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3096-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-86-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-84-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3028-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-2347-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3040-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-20-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-778-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3075-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-724-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-399-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3051-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-1055-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-66-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1192-3050-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1624-67-0x0000000002920000-0x0000000002956000-memory.dmp

                                                                    Filesize

                                                                    216KB

                                                                  • memory/1624-96-0x00000000078E0000-0x0000000007E84000-memory.dmp

                                                                    Filesize

                                                                    5.6MB

                                                                  • memory/1624-95-0x00000000067D0000-0x00000000067F2000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                  • memory/1624-71-0x00000000052B0000-0x00000000052D2000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                  • memory/1624-68-0x0000000005570000-0x0000000005B98000-memory.dmp

                                                                    Filesize

                                                                    6.2MB

                                                                  • memory/1624-73-0x0000000005C10000-0x0000000005C76000-memory.dmp

                                                                    Filesize

                                                                    408KB

                                                                  • memory/1624-72-0x0000000005BA0000-0x0000000005C06000-memory.dmp

                                                                    Filesize

                                                                    408KB

                                                                  • memory/1624-94-0x00000000067B0000-0x00000000067CA000-memory.dmp

                                                                    Filesize

                                                                    104KB

                                                                  • memory/1624-83-0x0000000005C80000-0x0000000005FD4000-memory.dmp

                                                                    Filesize

                                                                    3.3MB

                                                                  • memory/1624-88-0x0000000006240000-0x000000000625E000-memory.dmp

                                                                    Filesize

                                                                    120KB

                                                                  • memory/1624-89-0x0000000006270000-0x00000000062BC000-memory.dmp

                                                                    Filesize

                                                                    304KB

                                                                  • memory/1624-93-0x0000000007200000-0x0000000007296000-memory.dmp

                                                                    Filesize

                                                                    600KB

                                                                  • memory/1796-18-0x0000000000950000-0x0000000000E06000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1796-0-0x0000000000950000-0x0000000000E06000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1796-1-0x0000000077404000-0x0000000077406000-memory.dmp

                                                                    Filesize

                                                                    8KB

                                                                  • memory/1796-2-0x0000000000951000-0x000000000097F000-memory.dmp

                                                                    Filesize

                                                                    184KB

                                                                  • memory/1796-3-0x0000000000950000-0x0000000000E06000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/1796-4-0x0000000000950000-0x0000000000E06000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/2872-3063-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/2872-3062-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/3084-65-0x0000000000A20000-0x00000000010A3000-memory.dmp

                                                                    Filesize

                                                                    6.5MB

                                                                  • memory/3084-37-0x0000000000A20000-0x00000000010A3000-memory.dmp

                                                                    Filesize

                                                                    6.5MB

                                                                  • memory/3084-47-0x0000000000A20000-0x00000000010A3000-memory.dmp

                                                                    Filesize

                                                                    6.5MB

                                                                  • memory/3084-46-0x0000000000A21000-0x0000000000A35000-memory.dmp

                                                                    Filesize

                                                                    80KB

                                                                  • memory/4364-92-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/4364-87-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/4868-2300-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB

                                                                  • memory/4868-2310-0x0000000000530000-0x00000000009E6000-memory.dmp

                                                                    Filesize

                                                                    4.7MB