stormkitty | hxxps://www[.]upload[.]ee/download/17117655/59e9db9c78011f6f0bf6/Doom_Remastered_v1[.]0[.]zip

Analysis

max time kernel
844s
max time network
857s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-09-2024 18:01

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.upload.ee/download/17117655/59e9db9c78011f6f0bf6/Doom_Remastered_v1.0.zip

Score

10^/10

stormkitty xworm credential_access discovery execution persistence ransomware rat stealer trojan

Malware Config

Extracted

Family

xworm

george-reactions.gl.at.ply.gg:49394

Attributes

Install_directory
%ProgramData%
install_file
RealtekAudioDriver.exe

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
behavioral1/memory/4836-2053-0x000000001C030000-0x000000001C03E000-memory.dmp	disable_win_def

Detect Xworm Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4836-266-0x00000000005B0000-0x00000000005FA000-memory.dmp	family_xworm
C:\ProgramData\RealtekAudioDriver.exe	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4836-1923-0x000000001C970000-0x000000001CA90000-memory.dmp	family_stormkitty

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

4388 powershell.exe
1368 powershell.exe
3936 powershell.exe
3840 powershell.exe

pid	process
4388	powershell.exe
1368	powershell.exe
3936	powershell.exe
3840	powershell.exe

Drops startup file 2 IoCs

Processes:

Doom Remastered.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealtekAudioDriver.lnk	Doom Remastered.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealtekAudioDriver.lnk	Doom Remastered.exe

Executes dropped EXE 13 IoCs

Processes:

RealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exeRealtekAudioDriver.exe

pid	process
2828	RealtekAudioDriver.exe
3848	RealtekAudioDriver.exe
3780	RealtekAudioDriver.exe
3392	RealtekAudioDriver.exe
4944	RealtekAudioDriver.exe
1088	RealtekAudioDriver.exe
3816	RealtekAudioDriver.exe
5820	RealtekAudioDriver.exe
1368	RealtekAudioDriver.exe
5680	RealtekAudioDriver.exe
480	RealtekAudioDriver.exe
5152	RealtekAudioDriver.exe
5748	RealtekAudioDriver.exe

Loads dropped DLL 1 IoCs

Processes:

Doom Remastered.exe

pid process

4836 Doom Remastered.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Doom Remastered.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\RealtekAudioDriver = "C:\\ProgramData\\RealtekAudioDriver.exe"	Doom Remastered.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

14 ip-api.com

flow	ioc
14	ip-api.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

Doom Remastered.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp"	Doom Remastered.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709833474792850"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 49 IoCs

Processes:

firefox.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000097f514f2eee4da0172a9b9d0f2e4da0172a9b9d0f2e4da0114000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Pictures"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	firefox.exe

NTFS ADS 2 IoCs

Processes:

chrome.exefirefox.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Doom_Remastered_v1.0.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Desktop\6075d85297be8fc54e0a50bde2c2581c.jpg:Zone.Identifier	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

1452 schtasks.exe

pid	process
1452	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exepowershell.exepowershell.exepowershell.exepowershell.exeDoom Remastered.exe

pid	process
4144	chrome.exe
4144	chrome.exe
4388	powershell.exe
4388	powershell.exe
1368	powershell.exe
1368	powershell.exe
3936	powershell.exe
3936	powershell.exe
3840	powershell.exe
3840	powershell.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe
4836	Doom Remastered.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Doom Remastered.exe

pid process

4836 Doom Remastered.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exemsedge.exe

pid	process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exefirefox.exemsedge.exe

pid	process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

Doom Remastered.exefirefox.exe

pid	process
4836	Doom Remastered.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4144 wrote to memory of 1656	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 1656	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 3356	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 2864	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 2864	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe
PID 4144 wrote to memory of 964	4144	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.upload.ee/download/17117655/59e9db9c78011f6f0bf6/Doom_Remastered_v1.0.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fffa09dcc40,0x7fffa09dcc4c,0x7fffa09dcc58
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4532,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4700,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5396,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4704,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4812,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4992,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4796,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5792,i,7504473468345641794,8836183242057331813,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2676

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5004

C:\Users\Admin\Downloads\Doom_Remastered_v1.0\Doom Remastered.exe
"C:\Users\Admin\Downloads\Doom_Remastered_v1.0\Doom Remastered.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4836
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Doom_Remastered_v1.0\Doom Remastered.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Doom Remastered.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\RealtekAudioDriver.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RealtekAudioDriver.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RealtekAudioDriver" /tr "C:\ProgramData\RealtekAudioDriver.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff86863cb8,0x7fff86863cc8,0x7fff86863cd8
    3⤵
    PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:5160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
    3⤵
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
    3⤵
    PID:5952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
    3⤵
    PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7898803188492687327,18142711092959815578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4776 /prefetch:2
    3⤵
    PID:2192
- C:\Windows\SYSTEM32\CMD.EXE
  "CMD.EXE"
  2⤵
  PID:3472

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:2828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3276
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92fda6c-25cb-4f47-b00e-2742faba57bd} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" gpu
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {715012be-ac6b-4d9a-8c42-7ac9dd205287} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" socket
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2988 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73106340-688a-47a4-b330-d61e267ec063} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:3120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 2 -isForBrowser -prefsHandle 2820 -prefMapHandle 3084 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa8cf476-82b9-44a1-be89-8e34052f2507} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:2300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4604 -prefMapHandle 4704 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa55027-01a5-4163-9ec9-888d1848cef8} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" utility
    3⤵
    - Checks processor information in registry
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 5208 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dd956e4-43bd-42f8-9f9e-4082d3ba9750} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:3276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5520 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19b37f67-bebb-4834-a1e7-40a8fc6081d7} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:1128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beeedd17-5248-4cde-861a-a1a918cb08c6} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6232 -childID 6 -isForBrowser -prefsHandle 6224 -prefMapHandle 6220 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22015ffe-60be-49bf-9093-c8cbe05d5bf8} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6536 -childID 7 -isForBrowser -prefsHandle 5052 -prefMapHandle 3396 -prefsLen 27776 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4263fbb8-31ae-46eb-a856-b1e20937223b} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 8 -isForBrowser -prefsHandle 6692 -prefMapHandle 6640 -prefsLen 27776 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9686dfb-e58e-4efd-ab4c-6e821058e1aa} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6736 -childID 9 -isForBrowser -prefsHandle 4392 -prefMapHandle 6904 -prefsLen 27855 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa893e4d-52a8-4143-8853-a936c3fc1e19} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" tab
    3⤵
    PID:4320

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:3848

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:3780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:1148

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:3392

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:4944

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:1088

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5380

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:5820

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4108

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:5680

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:480

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:5152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:6136

C:\ProgramData\RealtekAudioDriver.exe
C:\ProgramData\RealtekAudioDriver.exe
1⤵
- Executes dropped EXE
PID:5748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\RealtekAudioDriver.exe

Filesize
273KB

MD5
b70330182cf0fb293e48c5ba89068e7f

SHA1
3c504b1943c7d3c0967ff6bdf4dba1eae9a85f1e

SHA256
7efeac4cf3fb6c50b3bd38c51e7c469ac395c20617b68ff63ff4ac1097006898

SHA512
516d403a2a8e506044600134ea3be1ae75f76035b200455a663b6bdd5f8900af4d95784af78459f964b8d1434f20bd4c4c8836be9eacba3068f75a6c6d945a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68dea4821371883bc62bcf1ca0f51970

SHA1
2e9c76c0c4bfa19cc641c089faebf57fdfed2cbd

SHA256
83fb55e4910724f1a4216778bb1bb9f1605adb1d6d9fce06e8e1aa709bd21c14

SHA512
7a13da1e0ac8604d13bb8303f870cc06f9ccfd004e4dc1f472a970aae2a9fbd071553e42399e14609ad95708b8ac5302ca1a2b22d216d01e1f04927146ef7e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5486c1e68715ea52c8bbf8faf11a0a53

SHA1
36b89f2eab1b1d5fa76e9010f25dd6e9c0e0693d

SHA256
7bc2e48b99901caa5296404784f06f38e87715c50c37cbba9df300cdc2da62e9

SHA512
bffc725f25442afc23f837ae5bbc1c91011dd705eac7f36e3af03eb637030a1bd2a818cce0e7d778f339258201516f68c6f0057610561a696025e69f49b6b476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
214bc5d4faad92d9984a02e6e5fb9bda

SHA1
f82c7438e5aa5e58379c67e12f78a3a2cb4256c2

SHA256
b34cc945821f2c7b338d8a66ecda7739c0e1a5b4ccb40293ff5272809a18fe1d

SHA512
7c6ac4b5ca801ddce71268fc6b837c99876ae375d81b541294959fafda3ad1a7462a7b320ad04a50ab618883607469925eec76daefd1bd0e9d9c164372c36456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
daa79b6185b1415d6d8f15a29a8b9985

SHA1
6e5aca5b1397857d5d1ffb34dd96da6b7b3610b8

SHA256
5393287ac048a4a4b962c28cf1d181d64b4818df374bebf71ca170fd6500395b

SHA512
ea1de7a98e7335b1e25e9f73adeb422a89608f4dbf71242680865b65756a12945616a101980dcaf638ab9d6c02d06175636594591dbddc30b021e3a60d91bfa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_icxwd.edonhisdhi.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
acf3b383f47fd51e7d465c5d43b5a780

SHA1
8f63ac563a6f2515a631ad00c92df89496199367

SHA256
86af9556593c2dc871a9984da51c883cc6e631ce94a066903df7ecac802f5f08

SHA512
9977ab228a3335f1e68298ffa848e2b95a45e61b9da46488b1088c5a62d1e7f89d1fdb9b163612dd060120020a46f0e60fd78a2f9ecff0c169cdb63ebe087356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e1a8f38c4ca8d609fb76744a8e9af62d

SHA1
b1a8532e816c8173e1375ea92242be692d5eafae

SHA256
af1da2262c24b4bf9856edf85d4976467bc7916d6babc1393b95940a229d41fe

SHA512
31b701fe751f50f89b72b03f79ced94ed4562e7e8397f16a1780f82ad16355359d99cbbac3a501243e0d2da37384cc9460f9289ed20ad7390696e14f72494b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e95bf3cd92e5d1496b539fb42d1d76e

SHA1
cfe2e64c2776ad7d7d64d5fa3ab5b8f01f4096ca

SHA256
88806bdb8514e1ed1e9f55bfbad11796897be81a2939cc9aff5f7f0db03057e4

SHA512
61119202447b84342a7ddf8584b6073d20f21a9d12ea801ee0bed482e521a59f1ba2f3456ad602ca30d21559800765a513205115dbf8e269e0d431d76377eedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e50bd8338b311d01dec5f08830c3e1c3

SHA1
65ee896c4fa35d399bcca4e0eb81513cd8658c87

SHA256
7554e595960a1a6991a906825b4cc73e57e16cdf480eaaa1b98bc7b67799c6c1

SHA512
daf4e5f01615d4f57216250816257b1b0091d1087939821e364df9ef64b97101fd5f555ff7a4a0c912725d4224b0a9891091f9b9ce4f60f6c1142bc85679aae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d252cb3785677b1a7d197e18715ec79

SHA1
341a871a2a8a2c1d26fbb14df34a89ad12c050a1

SHA256
d9c04b2dcecc8621c300e40cf7042540c6b78a2bea08bf301a34e5f251a63589

SHA512
deb0215e3756b246192299422529a121819480690a350ab75ce7162af9a556364491cd68d70577a03152e6eaeabcfd0125773ab41cb124d70580c26afcde715c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b40e93a8e1d810e2a51cae16d13049dc

SHA1
10438be5ea467e45bb1227850ddd5e5b83873b4e

SHA256
426e3955182f3f19f40a01721762fb35377de20e3d42925e6a5f9a48af593084

SHA512
f259ca1ab9cdb11e969d1a1fb26474defcfc9ef079767f839ba8bff8927db53596d5175630c656924985bfca9729d49f14b53667752a809aa08fea0dfaf77961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
168148fbd0dcce0e95c8aa25b636260d

SHA1
fbedb9ad6e14b6113a8f50bd14e6bc8f3cfa9424

SHA256
5456ca4228dd28eb065aa05a9b6042411d06de244faaf4882c42c8ba958f5b12

SHA512
f493554532aea2c905015c848c680d0d3e6bdbacd5be4c13d93a17289b8bdc169a2a661fbb8446bdeb3e5a6cfceb9bf2bd9a26471a8dab6ae56eb0d97f762461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25353b72f96fee2f56272d13dba56723

SHA1
1ec248a22cf12452f4e2836069e2890763a1cbc9

SHA256
15865567f2b7ba11112042e116c284715d71be407eb05681c8b4241ae32bdb62

SHA512
1c550ffdfbefddcd2f339e80466b6ce34809bf2e491f8a42eff8a4ec25bb7cf9a1d6238ebfeafb24bc3108ab9d389c31399fb70bc7b2864a6935613d1a7f9a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0211a4e2bb0e80e55167de9a104be617

SHA1
fb8fd054b206002a1166c3a9e58908321ced1572

SHA256
f0907fa7f24b87f46555f828bd772b9f7842b359a46c2e8da0816df8bf695462

SHA512
164650e1ea08f2fc1d8cb99a1d7febb336519bbd093da560ec20d1b083c6e5eb10d9a4eced1cd6c3aa9e9f5daed004657abd6d4a7b32c360306ab39ac3e5ec8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ee512527be9224b0d3607cf3712c8581

SHA1
0c0e2a18ab1bfe75956590543aa83a2e6204f9d3

SHA256
1d674d913275d6bf0f42d2b08e36c30e952cc7571424285778dc6e084e1ab918

SHA512
6af23d5ab132b4ed820753d55f498b544acf92d24019320a575bce6795760d8e767b1899c9b292cb937746ebd966c2b4ae62367d6162aba1cba0f22947160c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
93d3f052468e426e9f26208335d07c43

SHA1
5e60955a59f44e9bf8d906287f1ea735dbe9a28e

SHA256
06c86f746bb5cd5374f10a5378d660bd2a7f13f6682457d786b4a25dbbc3aab7

SHA512
f6967c8ae61a4e89897e8bfcc182d537239590c967690092494b4207256f2280583a76b841005791401c521293f4e5ae2e14f7c3303220b3e58d0b800258603a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
204fe3da48f3f824b7fc3852127991ab

SHA1
6e8e6d518ee3e64afcdaaea03e5f2d3f7b406d6f

SHA256
d337c73a02d22819c7701bd1e348583df3ad657aa2f9e6e9d51a101e968f4b12

SHA512
c5c558e2429a0259bb8d5684bef00e6dd4e5b6502e05d36390ebbee5b7fac3ff48806f13663f0e214ae65bd08b774c034edbc9c33f3f584624853994fedda286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RealtekAudioDriver.exe.log

Filesize
654B

MD5
2cbbb74b7da1f720b48ed31085cbd5b8

SHA1
79caa9a3ea8abe1b9c4326c3633da64a5f724964

SHA256
e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

SHA512
ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fc5ef1e906e6825f5a6c4f43a55a434

SHA1
585866a855becbc7c03025ece735ef1bc6f952b7

SHA256
1a9a320420d77789a1b0f69cb345d83cfe51e8aa101d67c9dfcb17e2385772be

SHA512
6792abf8fa3338eb00f0e3e18102cc25122ac2baf11fd2da3e2f129dab1bc826e2b8d5c7c318e4b6a71d52eb59966b9f3f48c6d8d5690d5c4537337459a35398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c94f998f9ea82223c9fedf4b8c1ab2b1

SHA1
c78879828cfd5f5bebce182c69b4af608fd79243

SHA256
a227beb44f3191bdefe30a67746dca75b29d0a9abc5facd54dc4ba7f7fbe2fcc

SHA512
53b8cf4d0d7f7cf10c4615f708951e647337d047e098bee897ef66581e2b7ccd3a0af4f9f755a4b5444acb67db505ddd87e82edf5adc8c6caebd6e39be0d9704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88a6815a2da7855df5551fe2196ff4db

SHA1
9c5a40ec1e3b68768a5d5ea53b4684cd5973791e

SHA256
d0f6a668d14e16c991443cd8d7ddcc7507a7db2ed84b6282c2183818fe22753d

SHA512
72b3443293a84b1b71bbe3250262fdb7fae7729f00746d17f4f6ab9c81174b1684a3ac36d6f1f15d35b3ce5eb277d49396675f2b236b164b845fa0aedcd7c57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27f8bddc7c0c8cdf2551830230f3003f

SHA1
3f79629ec4cf993b9287f7192658a8cfcb1e028f

SHA256
5e5a5c039571236fee6afb47b1862d9faadb5010b656f626e7af34d76682ed9d

SHA512
5927c4dd4486056783b34c5816867713015d9810b4f29c28cd06b3c407b4538d58db2f4b59bd8431c69c68cdd69bae0815eb015d5d9e766b4fa02dadf81d6016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d30c8cce1a6fc7ebc294b79f0de38b4b

SHA1
d122354fd19283bf63f87f1bd7b0bbe90c1e8d5c

SHA256
0d1ac8407940bd89d4e04d1402205d28fb27d34f097f0cdc58f63e76fbcc6f93

SHA512
e1b267ead527b9e31c015e990335fada55246895e7ac198ae4111c52f6f960b2386cdf084f92e094b336f55a12bcf3b74d464c3aa92209bcb7619fe54d772c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ead9a3a6d2b4527689ce99f7dcc7b368

SHA1
408badde5b98d260e925bcc83d12e1db6a6e62d9

SHA256
38a06a1393f7bc0e42fabe4879ecfcb3398fc73bf44ea71b964dd84f70729e26

SHA512
00f6b769e56fc10ea2232017244b6dd26250461177f8f1f70215978c273011e288ee9bb94718735d38fead6c50339ab1b7077df4b59ad29ed8d174c8d8eacc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d18a6cfd7662e2c60aab1ee15779f68f

SHA1
0c222fdea1e7a01152d19818a3debe58996831dc

SHA256
a8b3cb8180ac52886d71aaac7ca5171a3809c900c52ec32a6e82ecb925fd1643

SHA512
2bb990e09fae211a28d63704b3d0cba0ad3cb913a1b497be4b3e623b3df2ba387fc777a6f65cb6d7659d02b4f1881257a52487588d3486532885e840dccb4e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
d0a4a3b9a52b8fe3b019f6cd0ef3dad6

SHA1
fed70ce7834c3b97edbd078eccda1e5effa527cd

SHA256
21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31

SHA512
1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
781da0576417bf414dc558e5a315e2be

SHA1
215451c1e370be595f1c389f587efeaa93108b4c

SHA256
41a5aef8b0bbeea2766f40a7bba2c78322379f167c610f7055ccb69e7db030fe

SHA512
24e283aa30a2903ebe154dad49b26067a45e46fec57549ad080d3b9ec3f272044efaaed3822d067837f5521262192f466c47195ffe7f75f8c7c5dcf3159ea737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
80707036df540b6657f9d443b449e3c3

SHA1
b3e7d5d97274942164bf93c8c4b8a9b68713f46f

SHA256
6651e5f976619cef991deef61776cf43d4c4b3d7c551dd2192b647df71586ab0

SHA512
65e41e9e730fed4f7a7d3f6f35875a16948b897f87c8c70b371fd0ac7f0951814f6a75e7698665194bbc65a3665a684e7be229e7e24193b50483ae7e55eebf4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
6d91463a0685a8cf1b630e57dd53fe98

SHA1
1e8c0ea129a940dfed62aa8fd89b89742d4d9412

SHA256
eb5bdbaff3ce1cceae5f3231b10a8206c4ad15e082a668b0f943ee93bdc96d9f

SHA512
b58eefc68161c3c362a4df9b909316b602fa1959e7bf3628f3b4b581beee10b8349efe361139360dbd5926401c1da869b9a56297c8477acc167c108832f820d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\1CA4E19667785D0296B4014EBF8FA44CF676A92D

Filesize
221KB

MD5
325eecd4140091dccc99e6e2e5097777

SHA1
a7aeb5b924c58b338bd039183fec7b97fab9505a

SHA256
51853ad4062f1dceeb24517d203577133fcd6c57e002f98afd3a30afdd80b9a3

SHA512
33feb51c3596d0ca7ccd45b498fff82e37536624aed76bbbdb81ac6b39cb7139075e72645198776f9e083f313d895a481d6cba2b83e53c04063f28f50d490a67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\674B3CF1013ECE5DF2EBEE4F5C839BD224DDCB6E

Filesize
404KB

MD5
9cadeb278c65e4d7b66c501dbc6fcb6e

SHA1
1a12a6c9c22ae88ff7ff31fae84192657fbf35f1

SHA256
15866515d2764cc1e1a87adaab152d524d21702282c924a35d1f0d1f8ceae88b

SHA512
525cffb4acdd85697a11635d65817568cb47b866472bb79ceddd7ff0cbd104842a79fd19214ff2bf21dfd1746a5b447c0835ddd98fb7be980b9f9b498b26175f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\B181F239BA05ECBB8B40CF7462DB9B094D91D9F9

Filesize
16KB

MD5
2fcdc309eae98fc173ee1be4a6a05942

SHA1
96a888751ad8e82729a1d44cb4527257228c6e37

SHA256
e4d7812527f2a528476fe857049a4ebce397a439e9fa6085bcff60098153dcf1

SHA512
9a384f4e9dd57b69597c536bfc35915ecea25a3c332558b78dee35d55d6ff4bea74d6d01b28f0c07542ba55c1d01fad94990b870ea659f367c06d0da75edd60f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\jumpListCache\82PaEDwG58S0wpDQ01ZvCUWXlkiYpW7figa+sd53KoI=.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gn544uq2.cgi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2656.tmp

Filesize
100KB

MD5
1b942faa8e8b1008a8c3c1004ba57349

SHA1
cd99977f6c1819b12b33240b784ca816dfe2cb91

SHA256
555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

SHA512
5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0EN0LE36D00WI3TEO67.temp

Filesize
23KB

MD5
361cb4dd7627edfd04f84c3cc26b96e3

SHA1
94b1de375a8c617f101370f46ba662032ffe0ffd

SHA256
0e565ee4b6e7fbcb2431a512f8b61b5dc619087a65419941fe61c61e35671ee9

SHA512
f17aa534920cc87266327035e6b654488bec77001225a6c568fd9fe7f3ec75bcd6a24cbe1c125b37df3c5fb29ba9ee780158e853797992e553c6d7110458bc61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealtekAudioDriver.lnk

Filesize
727B

MD5
00102b607253df629ea47a7993a278fb

SHA1
a03b9ec498e75fc0190f0de27e6ca7296d166341

SHA256
ed815480b5b0250e604208505577110f31e4dbe27668e66f32194b83bacfd830

SHA512
5733c3ddf75697509fe20181771f0d655071716de554666e59e2bfadb78749c1bf67f6722d36c714ed3bab00be799e07e62bc26bb8c433b7c0294c78778a3da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
21KB

MD5
bd184483d0cd9ccb5aa49370225218fa

SHA1
2763480e9a5c92733b0f9a66a2e9c13918f241cd

SHA256
561d0abc92b9a92a7020251735ac53fee6f26cd7e95d674370bf98bb03e14a79

SHA512
43ecfb64825823f33b41cf32c56efebf8cd277fbc06d4614a66d889bfce29f068a200ab25a1914d171f57721cc653064b7c539fba37a3bc7bcdb79e7b9340c38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
8KB

MD5
810cca8ccfa5300ae6974be1cecb012d

SHA1
765af85ab5b543831dc10211cc72ae96df1cca12

SHA256
aa7f6d44cae96f34c815a95f4f80f57427349ed49b37f6698a9aae6ac16cc490

SHA512
8bd66f997e493f56e055ff98de77d1ecbf9d80c1960aa35354916346d333c71dc2a9d43547b270316cbcaf636c13869a65f51b3c0cfd351f527f252a48100872

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
20KB

MD5
cd2ea1b00745e88982db35f1a65b5002

SHA1
14a613ee5a9c9e13094053807c554db1257494cb

SHA256
151749442d167ecfc93f74af67fd379a14676f03468541ee669d8484b7fdbaca

SHA512
e5fc9110841365f8c7b4f2309b5d6a680314ff228ef2c0b03142320f70b70142b9db902e26ea2047502f01c0e53ed4c54c6d8c2ad233f5217836c9fd67fed54a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\cookies.sqlite

Filesize
512KB

MD5
aa3edfeb7a34f8d9823aea354afb7edd

SHA1
939439607df2165df371487061593c3e12d77d69

SHA256
abb605b37c004fcf009ab5553cc9ee10b43970f6bedcc16fbbcbe0e0c2ddefc3

SHA512
193775ea57754674e9c9f2c7cbea334acbf5763e10a36290d89325ff213af3e7a2769a7e66961ad405e462d1c6c012276cf53570f55a2ee24c0cd0238fed6fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d7fe8abd699212de1ba19cb0923c1be1

SHA1
ce8d4ab229a05cbc227324fea8dfaeef523d183e

SHA256
a0e422fb71a985545135afaf3a5afaf9bf6a34162830b015a55cf9c5bb1353ac

SHA512
43d3847f0f4003dc4b030d5185cd6df7c275d40f5e8486c3e20c1160242d10e28df06fb9dd7b9b81b87d9589c3de873c8f2deaeeee32a0e8d051dc1071ede535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
51KB

MD5
dc866bd77f12dd95c50c40be56b80118

SHA1
a597f5416946bfe951c274fc36e0be831b481841

SHA256
4a894fac146135617f6d15737fe4b7790a79c159fb93d5aa62db05afbb0b563c

SHA512
437a518d6a63dd311703ee46672ffec4e2d0ac8afab0db132ede1573911f1ef6c0af91cf70b11e425119ec2f8c0ab467f02ef9fb3a0e79595fefb4e12b83ab5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
97KB

MD5
620935aa92fbbd36fbb3593da209bacb

SHA1
a568da7b5a5b467312a552502875f9302f05acd6

SHA256
c0f29be46518d3809955267f28e01bb8bc89ac5d29911d3d0403b939abf05a21

SHA512
29f75d7b64b82107a06edac956a5c69e31ca7325e6863cc55d7e1278d3e8ff7c1a0efcca404adbc3513189e091c50bec5933f7172aa1b7365e856794355cca0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
71740863eb230498d302a8bef4055f25

SHA1
d715313d9716d4ce853879853b7ed28f40093b7d

SHA256
5928e565eec0fe48343611440dc288a5d834af274a00b80a00ae22d415550ab5

SHA512
cb4032544300bb5ca60752fe22569d36153fdcee5a951836ef446857855464f88695f47c11dd441b250cfea07b6804578d1d8e8819878b06d3c57250185875bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
971cc293f0a0febe1e410928ac6dc874

SHA1
2d442eb29e70679ce0c6ea7879bf79cb1bb93473

SHA256
d50761f10b8e8e10b8a12b02629adb66d367f00523bcb26a602aacadc38f72f3

SHA512
c9f6b9365a8d598a3968c837b0eb09cc1b0c33150de58ec0ff53c506782937afc958759663e15dfe28e4874900a4d32645c3604b1cded77db89b9537f2d56c2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\05ebe52e-f82f-45bd-b742-735779fcd607

Filesize
671B

MD5
302f4a0f4e6d147c848f7e88c90fa277

SHA1
bf97eeb6ea5505f4c7437b3141976e4fe793df83

SHA256
8807f6cbbc057874e922121011e1c733e3d1c3decead2353ad5d9135e98646fa

SHA512
b8071d17a1b527a863cd9a1a692f347cc1a5ea8655266858bf129533c5bbfcdf9244235c5a7fd78dcdfb5e8f69b1080f3b28cb386094c6b0ce6ce7b73bf4c649

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\a52de78e-51b0-4794-83e5-c9eadf1592a0

Filesize
982B

MD5
6fc306dc78892164fb88f622c3d20c3c

SHA1
70b0fcfe9234cbe74dcbc11b70a8fb04de6a22a6

SHA256
c56c4be2b29c09fd5e25d6a0ff9d8753ec58e8cf737ae88d645c901acc48a94e

SHA512
7913cc390ccf7c35bfba1f329cb41aad053b8e82f59403ec62b3c37855d6044894a3d26986355676964414c671ebb1932326b71616821826e159772d10cf4f22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\fa0dd8b6-1765-4097-82cb-8bd3d2239771

Filesize
27KB

MD5
7896894dc68a8568418f764651fd4f06

SHA1
bf219e6ae6023a5a009840e27e05fcff5baa9fa2

SHA256
6c9f793e0e329d72b2480252f645e232138d71b8562d6a30bf6426416eaec851

SHA512
6ff5d78796f90bbef3f8829f5f1325564e0ba50972b62f7e3335c55e5166838077f07aa52c4df2d73d75777d6e5950075bc65cca59638ef9b0a211aead8a87e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\places.sqlite

Filesize
5.0MB

MD5
ccb331fae318db7dc2c0d1ad73e1cd03

SHA1
7bba66d16b50b1ba275168358f39db27fab29354

SHA256
54926001668695d6482ef2821ef954aebfd78e7a4200f797cfd01587668b458f

SHA512
c40598e27928418dd79dc5c416337c830e6856748785057da8c79c84c87fe9061e9bdf79da24a9dad8395be46503ee86aba79a99fae9ac18a6b8d90bbc012630

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
11KB

MD5
4b163c044cb550423920a263e19ed08c

SHA1
36ad48ecb9ae8e6a59f7ecfca8691f63a7c76220

SHA256
0c7b75904b7efa22c4b78f05943d7ffabb8ee3ea2270ebc1f70550e3950bd2ef

SHA512
7a6e4d7a28ffff0bd070fdee8da151f7593b7669b0177714b1a2f683edfc150e22471e51fde063f30a49ee4de7942675b6b0472a21a17aedb88d475d49817a3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
12KB

MD5
087da1623f86e7f527c0ad73f4af6e6a

SHA1
d6fc80313f39c061388f17ac0c2ef07885018374

SHA256
a86fa37c6ae983a558a0e27efbf4eb7dc158d0b7f96fd7e1baa8e8e9efa41d4f

SHA512
84410857705cc4a37c053c5cbcd7e38b3e042c9e9f8de22d324b08d1848af361eb6ad7cdb0960f3773cbad2498b8620fbeaac1a702d7a9c077704f3db128db8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js

Filesize
12KB

MD5
f46f638d19d32c35d43725c277a7c691

SHA1
13995a2767a55de226e97ac4bf1b7fc12e4c86ee

SHA256
2517f801b9a84efc11e9670bd04204fef7895a27860a68928a9a761df5c3f476

SHA512
7981979cb6a946c45bd6163885c5246f9fad7bf8f5521200ba5b82840b92d3b1fa3f0d004cf2a7ea8bb9a6f14fbc45072fd2a42bcda873a5014908fd13b8361a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js

Filesize
10KB

MD5
b167634cf32bd80330e145ab7d38c91a

SHA1
f943a99d569ccf906677e1af0bfbf8a7b7fa2172

SHA256
7e310bbdec232e622461aa5a274e1d3a9706829a0e87e9c18e773f8ecb1b1dc0

SHA512
78cd509cafe5505c4010f0cd4ce96245926851afc53512bfa4b9d3586f4b18c9b83118fc4d5fa3fa625f19b5e9412f828488bb422443728593f889dededb15d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
84a4e4f2c6eecd59794e92aec0ec049e

SHA1
d315add5b90743ba804ea2f8d08c08d0a78d8c49

SHA256
27d419b186f8ba82f4dccdba16691cf9d3ea4017aa6b74dd3cf1ec70bd3ebadf

SHA512
673cb2b67d3770b43bf6bb96eabfa7e369488693124daebb1d4ba2f5c6bbc85bd807c038c1cabadc88b76f57f2d24927998494bb53f124e82e470b3dfc9ae517

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7760bdf6f9a9537c2284ef4dad8b76ee

SHA1
f0093e9c6f905f9342fd1d7a94968fb2fe49bf5e

SHA256
4b70077a2885ac867646321a0348b6a049739321a3331ad04fc3a46f45802b13

SHA512
96359d07d13a9320869466fc305af726a19c1bd4854b4c4facbd4a6f3911e5146369647618c2f80ab7073f683f444952366ed27c07a7647646deeedb4557f107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
92KB

MD5
7b4b92468892a2df0ad8a0612504452f

SHA1
143a1b202d72ca4b39735da9a3fa3f497dd9c00e

SHA256
d5c46045094e47703745e92229dfe1f6b64baf1c307d0454b0d95e8b1dfa57b6

SHA512
5adff70a0ae1e9db19069d43d088625bdf5ece1d7c107db31ff0d577444332279104908add18a35a2dcae48274f9ecd0c541c8c82a157112f1b1f526744f81d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
ada1484e175e11d2fc164c5d0ed6807a

SHA1
a898c5999d26f46113c5f12dea1638e40d8330fa

SHA256
73f756a06c3d7bf68d94c9ef00f09be2a0d96b65a80d17e47323647ab29cc176

SHA512
2f838ef6a2861843bb82ab5a82aa1d6efc40bb1da286edd82dd044c5a174ead1fb00ead4c06c0a63bb1498bafa2025b8bb3990a8e13ccaa23f0fb79216876e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
34d3cc2817baca025db6a86f28c3c0f1

SHA1
2a66ac396870c7010eeb6c9e9662279cc1112e5e

SHA256
868e5aec405ddefb33135460cdbe9d60f83275d998ee4b4a7ecd62ec4546fae2

SHA512
67dc5d3f64b7fdeb7da1bacd7b9b26e010db8d16f5d469ef90dc2db0de64f44344657cdbbe4f0333fafb41c7a6c3ac9ede0b1c47705bc349ee89cdb3b2b18fc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
79KB

MD5
315fa0d859ec00536998fd83bf6eb26f

SHA1
66092fb8d5d8b35cd031127190eb59f1d5d97987

SHA256
0a2fbcf0f3caa804bc0fe51b96a13f5bf84978174388726036327594312e911b

SHA512
9a91082b70657280cc83c0ad1bab82ce5b51f5b6a43cfbe85bdff7595a1bc02a90bba0482160ebf9b8199c6054fd34cb900e0ecb0fae510533b001b96ffbf8d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
02253fa9225cf3cc3a22ab3e20d19dbc

SHA1
2810441424620c495dd26f1cff02c0eb02d41f4b

SHA256
ae7b7e0a66ded228febbf48f2e534c01ec7a9224d62ae2f2d4d74a4bdd4d1bb5

SHA512
9678d9ca1f394856afcb176f79817312bcb6a7861e8e524d0b39f2f0b60885745d48ccbc9c4c0c3fef36e774bceef7a40e13a5adcb5cc846da6a2ebf09ba9b98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
6313a8f1a9cac2197c0b698940090174

SHA1
7067c6ad590b38dce576a81c4b084ffcf194d904

SHA256
e38bcf44abbcf071175d1b57170ba34aec1ddf092b8725ea9017ff7094571071

SHA512
a106fb88c4e5071825d2233948bb5313afce4e74e2cb609153a5d71fc4919bf597e376fb1be2bd1cfe5b532e4ec3aa68f0a476209b4a37b753c1419b22769402

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
5270963925bb09e5812466b13acfd703

SHA1
a44f4981c5386d6bfb90c731fca4734656daef69

SHA256
c1197174588ff76951dea554307087727d51c04069a7b2617bc84edc59875d03

SHA512
6c57435a3db54c186df502a4db523b4a52d090dc20f2039d57f9c530bad50cdbe68bf0c587c8d294a1ce9c8a3d974cd4560540c115f0c8500b78655ab9125aa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
0c703ff813d4eba7e5f3ac4d002f196b

SHA1
460be0b289d7625afdbb07239214001250c47021

SHA256
517f30862b8f015b853c79b2f6bb956afc5d65087496e015705b6dc6c10421f1

SHA512
b20a3f7b85532533e39ecbe101fd7f5fff1110e85a50e283a13aac90c9e59f81b4a33921eb70db52fdb2e52f8e39e793883cef615bfa2cb61e03f2835db37834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
110KB

MD5
3727670eb0f2c9358643111eeb8bed3c

SHA1
b91ff10eac4f34bc0741b2064f2d01452da0f0cf

SHA256
58b780d9ebca64d5c8cb164d6095423ea86dfc23b363e72acc116f871e874d2d

SHA512
d480922c559ec58099641710cb037a00beb2ba0f1b9d4bb2578fe7292d46bdc2e383114357fbbd5af31ae271d4624fa2b52f432a859d6ea5c717363d2292128a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
e0c7f12f9a8e2a4346b94ebcf683f930

SHA1
3647a5060617b3576d8f7e3b54b5d37ca74bd6ad

SHA256
d203b857fcf9421baa0f0f90b42da987c20955d2359c61b75538ea3362b5d338

SHA512
8f7a458493e6b48351b4c57c6de296739ec8bd73e307e4b83d35c28ce8b974179262d358cbd935a72c816f052dc89461bc9f94b8a32439e8fec40b5397e99631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
d12a67e4e5c9efc299008f8529f203eb

SHA1
ab35ed446cbcf1b8cb1c623c36c65a5ba2b66b88

SHA256
45d40071da7301a6ee600009fb6bd0e1cb6a796ac50697a2d03664a049c9fe14

SHA512
f104c7fc4763b7adbd7db7b9fd8d0307e429e979ad3572b2a4d2795cf843318a6cb4b345009e06323d37f31120d99cc5e5970fb0225427763806fe0acea0cd80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
8fea606662d22ebaf33bf86ac4b593eb

SHA1
25eae441f909b2f460853ef498534f5afdfb2b5a

SHA256
8ee3acf297e2e6c42c2268f1bdb982adcafccbf6bfbf04bd687672d901067eb4

SHA512
3d558e5f744e7a24d6ae1eac51ae41b047da5e567aa546a597bb02e92442ede5b595ba66ec9615370ca19850c64a9718d0c056731dbb83a57adbb50f30cf1499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
4a66d7cc58c0de75209248726b3d9f07

SHA1
d0ec84509dde1e14100aa3e50225f3a807393fc5

SHA256
764ae1c6a11f1e069982f3e12a62e2c436bce1d9bcf79ff72cc041c1692a67f0

SHA512
c15942fc195b206cd81e069f857637ad30a51f9a566ad8d5590c1269a3449066389735476be01deeb5d797d4e08e5dec150c53c0c4b45c9bdd95fccadb49025d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
eeb7fc9303213876c2a2b4879ac12a25

SHA1
c6f30d0d2fb5606a482cc38a2269f1a0be67e4e1

SHA256
969bcba29650b97ad85efe17baebf96d6f930d07ed9b095965856214f64edd59

SHA512
1e8df36bbe5f8060c9e6433f313e76406812177d319e2da378c9e848b4d207eb01f87ebd4cf7eb1d0b1176f70af64e8582b0a308512d64e78524491edf3964a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
5a9a4edd93f13a5dd4fa36f0cf48622c

SHA1
598b2ae4806a972e177717e5e42f07ce02076f73

SHA256
6ac4a8377a9b83dea67cb170f86e91ee9dfb738b116f93b456d4441a316b1f58

SHA512
c7672bee011d4d2586c128495a4130496a089d9bca240088015865d8f66ad19b6f7958ae8320b893bdc732067aa3359a83fa4fdbb940fae34c272765794bc9a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
5523b81c21b5dff87e53763b9103eca2

SHA1
1efe33bf0a8a9d59d9c7e0c235e648cfcc16200e

SHA256
f0cf2c1126c89b0ca804c08c4d5707f3375ef4f7ac6829d89c6cae197e208fd0

SHA512
8e1234b7fb38c1e976499cc8debadef1ae7d43fc769a5525212fe3a0715977d14976beb0e24e9d60fdb860649405ac321c30e717629a2e7858d04b642ac82080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
c29a470e8b365bd3726b119cd74516be

SHA1
a6d4d63c42acceeb4ba4b26112f24587b0914736

SHA256
a8576c61d0a5e10a60aece00e809b863c842710bfe17be47922b6177ebad94a1

SHA512
78da930f2233ce44c7727b02404be9d01e829afdbb79ce6767b56faae1396c396c89d926a5ab52b7be92c03f8926c1fbeb9c76e28b225b6731d5eea196da855e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
86a8c8f40871bb5cb40b29d9790d87b1

SHA1
dfd40f8e1b37210b32f32d2065863709ca4dc9f3

SHA256
aba338bdfe52ec118c848660b49ac1604704778f139bef1a0fcca4e7222f16a3

SHA512
0262fb82525f644a0dc5427db5ab348947c74254293765f231d42e434e12db441786c931cf779ffbcc95be6476d45f89f0388f3e39b53bac60959c65909dd906

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
192KB

MD5
07d9c74c5391aff0cf650811f8ed150e

SHA1
f32765c114b87b1fbe5865ce0a90829c42e08ee0

SHA256
298a41685bb7607b9de57eb5fb01a776d07f8f4a5e32cd9b38478e3431a9c481

SHA512
455b641fa32e09ded74a8a644e4860339947d5d45b41b835a6164005a75f4afe79565e96e49d49b5a1b0de1cc0b51d4c07b04120bafe3cb9459c820562380d98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\default\https+++www.pinterest.com\ls\usage

Filesize
12B

MD5
a87e3627b77a3dab75f88d5cb3d3e4ba

SHA1
5d661a6ecb1a250df68fd2265734462d1d335012

SHA256
5bda9e8a4bb312c3a42b3be0e6bf6590d474e757ba120a44e534cef7619029c9

SHA512
a0d4136bc3aa9ac240ffbc7c0c7386500ad4619a4e9f33d62287578c55c596f470b36ab3d44d43bb3ca1b46954ebe28a0e5294c5a9c0dddb6840a0defe7f4197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\default\https+++www.recaptcha.net^partitionKey=%28https%2Cpinterest.com%29\ls\usage

Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
20d534a264f4879b78f42b1b0837c5f2

SHA1
c1abbdaf1fa6d4308fa547dfc00089fad2c1ea1d

SHA256
b8508e5a3c27f78e5a0b3c59629faccac390c7bcafc5f29a6dc875cef0d2f970

SHA512
201f1e80b5b4002c2d52d1d50b13e537ec743bad2c083cd033705742d3fe3e174c43e3004609c045ebd7c71d321656b864d226702a131de53afe22d0c23d321e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
3061015ccd7cbf856d5d39d2e4fbe928

SHA1
ebea48009f1ed533f45b598bdd995f6da73987db

SHA256
2e249462a9a31b58b2291e22a03479840bf7ddf6d5f04f9aee49f6c1c4ee26cc

SHA512
c9a5fe521cf213d1cc8d5a952807936958bd944cd770ffa50845e54fbadbd9fe69ab125290089d15cc0cea5f467a28705594c196eb4fb41baeb8f7a0bf8da8e8

Download Submit
C:\Users\Admin\Desktop\6075d85297be8fc54e0a50bde2c2581c.jpg

Filesize
60KB

MD5
f1715a8d8cdf2cacbb47687d761696f0

SHA1
f9f0552f30df09dcdc2ef02364fc4d042e168316

SHA256
dbbc9e0a314f81b0b16e72ea592a995d138c0d181217326e4654ed9fbf5784b3

SHA512
ff89e199b52a4355acc68446d108703c059c0ef4ddd240cc44ea86341687fd0750ebbd12edf5321c334ae4f7a3ac2df7877b4287e5991d7265db299d30c74e64

Download Submit
C:\Users\Admin\Desktop\AddWatch.hta

Filesize
1.2MB

MD5
fe9c90bdda0d45121b96c59fd254ac3b

SHA1
b9194fce270a5a4e64c7faaed475539b12ce8e6f

SHA256
c8c60d63d43837eee51f4357aa94844d341d8836314281d17e3eec2ff17061a5

SHA512
5aed7be642abc5d1b9dae8fc687d6df70ddc5f917570490d127aa276c43988a6c1eb3b4857cb7f9460911ead3f502afcd55cfc824687d92f2e50ae186c897616

Download Submit
C:\Users\Admin\Desktop\AssertSet.mp4

Filesize
1.8MB

MD5
f93ea7762937313bee9683ce1eb1d918

SHA1
80ad3216bea5b7416f520d1f4d992996c163c3ee

SHA256
605f4d190f52b6b314fec14124de89b0614bafd07eef8d25e6c09cfb0dbb890c

SHA512
987a2592be118bd414549177882c901dfedb67b8240714ce980019265894bdf4249171480d762cc6de2ec9be659cd5a0e6795575ac79daed459478da84402cf2

Download Submit
C:\Users\Admin\Desktop\CheckpointAdd.pub

Filesize
639KB

MD5
49e8ce4953963fd635dada0037b71848

SHA1
521a4a9185d46118cfd4c465479c14577fb1d615

SHA256
96b1dee936de0eff6d943a82868d43b572afbbd894fe57fcb8c7f3a3d1eee248

SHA512
c979bca8f9777cdd6141443d2b39634251061384321193d4eaf1f025c54c0a8d4f0a47dcd2d209e1386ed4da9801f11a7e78e01f1fcd5a1095d695446dd07d66

Download Submit
C:\Users\Admin\Desktop\CompareDisconnect.vstm

Filesize
1.3MB

MD5
8107831bc1de19aeb073fbc3d1d05c0b

SHA1
4293f3b464b5e1b0d5864ad4cd24fc8d40e1f61e

SHA256
5f6980fc44af55760164e2150f3e9911d79fc20621e77f2982697bace8d6a0db

SHA512
c7a894c4086f23d7532ede8f4efad49ffa05c55850f98386799df0436a9c69172a970f2ae8241b1c0a7020b167bdc17009baa8c62dc6e31a4019048a5c5a6a15

Download Submit
C:\Users\Admin\Desktop\ConfirmLimit.xlsx

Filesize
13KB

MD5
4e551b19377133c7023c7cf3443adfc6

SHA1
2aac80450949384cb19ef663515067db0cbd5859

SHA256
72994d96bf764bcfe88559aee4f8f1419ed96e055d7719f60cfacd5b43fb9c49

SHA512
256248c0d4166ff7b53b4b961bc11af2e6df05ce9ddc7c5bed705332ca3387312326c1772c8cd7fb8cc5e28a7358183e9075192b62f80899ad07cbaf287df063

Download Submit
C:\Users\Admin\Desktop\ConvertToRead.docx

Filesize
16KB

MD5
6d944bf46fe9d699b227c9eb48b28a8b

SHA1
b47d2f448e9526ab9592bc0908ac4ed01e2ca02e

SHA256
a914d50e0b7c9b8f585b7784d6f1fdccc92cb77dfd6579ef7768e70befd78985

SHA512
f0472aee2952f64b2ef889a5cebb83e3e0acb71c5b23ef340d7be2d626a2f79f104c0c8a3579179d47a202965b8779e30ddab61288e36a8d034d5e041beec455

Download Submit
C:\Users\Admin\Desktop\DismountMerge.xlsx

Filesize
11KB

MD5
03931842bc31c536d1fd3d264dbb54ea

SHA1
5bc6f6ca98a7f62b1f2ba7a54c936dc63047565f

SHA256
065f47572ec9b70568733aaf913f15769b22dcaebf26569d584b47e91e37c89a

SHA512
58952fe4241aab7b44f392d30dfb75925f928437754869861cbcc311a78b72128536b761429567e3704f109acb63df8946515565ea1fccf172cd9f4bed07b7f4

Download Submit
C:\Users\Admin\Desktop\FindConvertTo.bmp

Filesize
507KB

MD5
2e5064ca72b37db205daadbedff36210

SHA1
2aca97b4582182105ccafbd37a57f369e50fb24d

SHA256
2d0bf7c1ed70b6fdc9eea9de0fe44ea0823da95d35b4a91ff6abf0755ad5adb5

SHA512
0806adaab7fb7f56003b1ec3e34b7a68316cac9930c893ab2c7ad4b87c418ea698b59ef7a892273b4d4210b53546a985aedd75c0108f1b39c6de1aed198b74fd

Download Submit
C:\Users\Admin\Desktop\HideRestart.xhtml

Filesize
904KB

MD5
7c0d1a5aefaad6a89acb7f751781dd69

SHA1
d531b3b21d461f6e1a7c8f2d12042187b21b1657

SHA256
8537807995ea8356b76ccb6765b82b155fcb00ab441d39126e723a683887f11a

SHA512
1c62a586001daf0744ef237b3510f5b71fa8bafc3f1b7900d5633052663abc80c2a91b83e3c578b8640fbfacf066c17d565947ebe945770f983b9296d0bf5d0d

Download Submit
C:\Users\Admin\Desktop\JoinInitialize.css

Filesize
816KB

MD5
7bfdd097621ede73bbab93b12ba15aa1

SHA1
253ea0134de6ec17c785b033bb7cfea4763d6651

SHA256
6087bb98399dee136b6b93489fdb5341e61df853fbd892770ec336043d161530

SHA512
d9542ce7cb5ec37f058b8a593ddd89faf5fb2b733fffcb3a7b5d8280665b6c011ab5752a8eaad032929328ccae15787787da7c28a5221ca56ec3e95ee6446a24

Download Submit
C:\Users\Admin\Desktop\LockUnpublish.gif

Filesize
772KB

MD5
a84fc5c338599802b4e60ed3b26e8e08

SHA1
74e2b1615ba5bace50a1d900e64e11d095a85944

SHA256
2137dc068058f6c507a0421072bc3adb4c5ed9a8f4a3f8b269d07245546e6aa4

SHA512
3841712744ad11d074b1a43e3ac0d8234ea4be6cc8a921a43604699f765f7702b1cb43a0da9acd08ca017dc3443841c0200c993e48e226f0af5a4774d517bd4c

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
a48b1c74f6054bf3275e482c6830151f

SHA1
04c9dd81f96782e32bec23a1e2fa9015616ad256

SHA256
45b056271ad79b60268484ec8a32ac6eb0a5ce7b50c9c330ecf2b07a52e916d8

SHA512
69cbed9829b2a1053287f7530dc9d2ee59fc4855ca5c7988897cda92d0ce6215b92b9993e5cb3f7947d81d55ef8b2d481f1a7950d05764c36752746f202220d3

Download Submit
C:\Users\Admin\Desktop\MountRepair.ps1

Filesize
860KB

MD5
a941489d7b1a6daa7a8d673c323f9bbc

SHA1
d7928f34578e78e62412635400fc21183820ed29

SHA256
85613388171645a43cfb268724692ea44871093c472310b79293bcc0ce520b66

SHA512
a320716f451172bab41604b808acbab4afe1cacabd30de20b825868a13a09a8f527cff72abee6be0b3e61f6a08d2e7d8d6e29729a48b42acb3f327b7ac4e1aae

Download Submit
C:\Users\Admin\Desktop\NewRename.fon

Filesize
1.1MB

MD5
fb3365b2bb429a2950803798392f7f69

SHA1
59951befceb175d9376edd387fb1cc8f2ec67e81

SHA256
a319b86bc88338b885da10d4b28a011ce2a23c7b96c013877f2d9b5fb4b740e7

SHA512
3887b14850884b597934f110d1e8c63b25a280bbd70ae84fe7105cfea12a27f7db00b4dfd93dce1fa54b3f79a0acf76c8652de33a3c7d6d048bfeae51d6437c5

Download Submit
C:\Users\Admin\Desktop\OpenUndo.aifc

Filesize
1.1MB

MD5
a3f4ab3d268980c63136da1ace39f4bf

SHA1
e9152b44dfed52c7c3172d7d14f7d92df7682604

SHA256
144ffd163f1b5bf54d042ea944a093967cd8792780cbadee210902ddb9d70558

SHA512
1283574f2f365340cb2fae13b637383b13eef65ab3e6cd0333ac0fc19377534e7c79fa9a1a516c6a0d8d12fb8c961933e1da4521525594d3ffee9f15c9e198a1

Download Submit
C:\Users\Admin\Desktop\OutConvertFrom.cab

Filesize
992KB

MD5
3d247a418fc715f966c6c8e8de091104

SHA1
0e4aac79a9fd3079c546c15a4983b863958422e3

SHA256
bc2838bc518ff61e198e6cfad798a2b788bb2faae1b6a8b248b8a0a3c4556f36

SHA512
dd20c013c9c961925c0e1a1ff035f265d3651223049dc6c260fc97849cd963e1664c14a8feb44d4cddcc3d82879dddebc390ac803b2b728b74df42db76b86774

Download Submit
C:\Users\Admin\Desktop\ProtectEdit.ini

Filesize
727KB

MD5
d750ca44ce6bb494506a3bd7adf7fdc3

SHA1
b2ff6529e614bdd2010d27a5d458471c8f9911fe

SHA256
8a9af2f740f2805914172ef525c3e98155aeb8587497d18adcb1068dc7980c63

SHA512
7e44bd4a91ed38e5210d0d1ebd5dd4f6ed2786b7903155603ef0f9b11d49a1e0e83b16a5324cad944dc3f2e61d7a96cdf052e9307679e62a351aea5f6616a7ea

Download Submit
C:\Users\Admin\Desktop\RequestConfirm.wma

Filesize
551KB

MD5
e06d4011c11aa038356cdbf631e35d6a

SHA1
4e4e353d152bdbc26ee9846cad39fd8b4e54d85e

SHA256
8dc8539b33ea9a04351dfd27a10be3bdecdadd3e2f25ae0ac5b575ef1a5ed091

SHA512
53bda62cdba678c677109addbcee38227616a0545f55c08a34291a647a52535c23c5be403ab48afceadbf108697700eaddfed0f3c332b6926c5668152a544f84

Download Submit
C:\Users\Admin\Desktop\RestartComplete.jpeg

Filesize
463KB

MD5
ae66c3fd7cb7dfd174cb5f8779be4e64

SHA1
9937eea472d3a63e4c52dd2ac17f8d38df3a6b76

SHA256
f979a8fbe7b1f7f76d910c30ded927f8923ffb137674d7ebe19a7bfb40ecc268

SHA512
612c5693cfba143d36c59181e2a62fe40cfb8f0cf7b81c7fdf8985146d8eb3a7e96c5b540d01a1ffeed7d8542420080f98b908c48678d24d5ed1ee2d6c580d88

Download Submit
C:\Users\Admin\Desktop\SaveEdit.dotm

Filesize
1.0MB

MD5
1020d38a89aef2b05b3c2fe0ff9b03bc

SHA1
074b8ff9f7e97ee9cffcecba10a9a527d3d70b67

SHA256
72ea29bd48cfcd91ea520ae0e135c6c4f3b61ced81e5591c3fc7f96034a7997d

SHA512
ca5c62a40a27e201cb2c8b6785ea869616b1712e3176070384cc100a01089785024be6e30cf220ebae020f8cbed23524a0d0876caa8200373d6e7014094567e8

Download Submit
C:\Users\Admin\Desktop\StartSet.i64

Filesize
948KB

MD5
6fe1a6c6c7f6d930c193b3fbe0b72272

SHA1
456ff9b6bf341f7da680abdadf8c1c651a505372

SHA256
dd553c8e932204f01193e7c97283740c585ffc6107c4e2e9023add782758dce3

SHA512
8325464b05c1c76f710dd2916e1a7c9f0296cf34c71abad94e6fcce1658b5df22da4d7e822a68d59bca2018326dbdb97a287fa6586fa0a10535c3a1b63768269

Download Submit
C:\Users\Admin\Desktop\SubmitCheckpoint.mpg

Filesize
595KB

MD5
51a29f02e52294e62822e9d40bf354a1

SHA1
502f65883cde0a01fd3d6f29e1e7231bf9796452

SHA256
5e90efc1eb53b11b9aa0b9a0273481bc41d84ccca1adb87b2f1c664dc5520f53

SHA512
804836f28be5bb532dd04e142d0fd535b1c37ae3bdcea5da08e4e621d69e8e06ed1a2d349613542dde4ddb641b52db466741a4b64dfc98eb1ddd5186454490cf

Download Submit
C:\Users\Admin\Desktop\SuspendSelect.3gp2

Filesize
1.2MB

MD5
7446b21c6258d088dc170d087e77c5b5

SHA1
049fbc0b8af7e07be8023ef80d83a0b69c92529f

SHA256
51c2cb0f71c0c3db3575460e0fc741bcbf01260307d18097ceb4b6d5675d95ab

SHA512
6ab394ceeaaa3b9d38b4518eef10ff156e67cca3009915ce4d3314113d3243c92d70bcfab57eda3f204475698559149c02e1fdf79902a89c9a90856533845207

Download Submit
C:\Users\Admin\Desktop\UnblockSplit.tmp

Filesize
683KB

MD5
50fa123f7e44ce1533ae5eebfa906bab

SHA1
92f81e325bf2c6b0c1defb71dd386b9e6e48175a

SHA256
4633132b2c68fc795caa4db7fb18fba5ce97d19860874ae6f63ab533e905702a

SHA512
855496b4600e8c46d56390fcd4673e451b42a37deef6d168176cf2dfc5d7157aa096d5b0595563f8e20ed1c332d2952eecaf0396005c7442f84855cf7cab16ce

Download Submit
C:\Users\Admin\Desktop\UnregisterWait.mpeg3

Filesize
1.1MB

MD5
b60f833f5f4c9af47b82abdacf070683

SHA1
f7923f593416ea63025f0d99c6d374724785e380

SHA256
42920e687754ae5825f1b6d97a4ff23093be29fa8674bebfe439dcaa3498653a

SHA512
6f067a7be1a9620a23ac73fa7eadd4997bb9ab2939c4b1c5ba46ec3cf823b323f8c825d79731fe7f74a7a4133088d7b5e4f4f784f9481591747db8172ab7bb33

Download Submit
C:\Users\Admin\Downloads\Doom_Remastered_v1.0.zip

Filesize
203KB

MD5
2ef38502af338d8256915d45916cf1c5

SHA1
fbcfad55a186e125209b1defda989c15d1c02fe4

SHA256
a9090855a9e29bd9289d5c032c1fda4436efc3d9dae5af4cc7116acdbb450ac2

SHA512
09c5811f9cf4e754024a7e1780f03853cb30a8bb274248ca941f2b7539a75d02f44acd3ae1d4c55b0cf4db87813744e78ed8a91166537e412588042f72053e3b

Download Submit
C:\Users\Admin\Downloads\Doom_Remastered_v1.0.zip:Zone.Identifier

Filesize
216B

MD5
a179184b34cfce9011ae26c095e40411

SHA1
671a9144deacc46cd55965613c721248cfe29552

SHA256
f4a5d8a9a7e0c062cff7eb43d0289bafe0f5ae2b8cc0ca5a12cfd55c33ac40eb

SHA512
03bdda116925fb7341e7ac4993b7d548780884ba5dc0beea96673d260bc32e09e363a87aa920e3be4d05c000a62e652a957efcb2bac3805285ea32e9b83fd3c5

Download Submit
C:\Users\Admin\NTUSER.DAT{2fa72cf3-34ca-11ed-acae-cbf1edc82a99}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
437fa50fd2b222ec6c46b7c690aa266c

SHA1
dd9dcf472d3f73890b8bb82398c61c75e08e50ea

SHA256
329e7c7960e9dbd651c40d7a5b772b8eeb4f47799f27bda6a608f095cb81476d

SHA512
47dfa0ff74ba371c4f4b962730b85e95a8c37ec36e4416bf3e64a17b45de16bbb842ec2568ad021b62d8ac49d16a8278beac782e7b639e037e19c1515dec46d1

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
4a146f881b23fd4eee8b6e15b09f0468

SHA1
44a13d9157b98ec876d3fb2a5184a873b47db7a1

SHA256
352a5771e6745548556358872648fc97ac9a522b0f586607b91af0feec0c1699

SHA512
dc3e50df5a526359675d15b123135d52f1a7095128fbf1ade9e44d79063da52cc952daa3420488981b3b0565b85ffd258170e6dae53c8ee3087af1def3d6dca1

Download Submit
\??\pipe\crashpad_4144_JLQCZPQYJXITSLUX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4388-273-0x000001F792A10000-0x000001F792A32000-memory.dmp

Filesize
136KB

Download
memory/4836-315-0x00007FFF8EE30000-0x00007FFF8F8F2000-memory.dmp

Filesize
10.8MB

Download
memory/4836-1923-0x000000001C970000-0x000000001CA90000-memory.dmp

Filesize
1.1MB

Download
memory/4836-2409-0x000000001BCD0000-0x000000001BCDA000-memory.dmp

Filesize
40KB

Download
memory/4836-2053-0x000000001C030000-0x000000001C03E000-memory.dmp

Filesize
56KB

Download
memory/4836-314-0x00007FFF8EE33000-0x00007FFF8EE35000-memory.dmp

Filesize
8KB

Download
memory/4836-2442-0x000000001BCE0000-0x000000001BCEA000-memory.dmp

Filesize
40KB

Download
memory/4836-316-0x0000000002930000-0x000000000293C000-memory.dmp

Filesize
48KB

Download
memory/4836-267-0x00007FFF8EE30000-0x00007FFF8F8F2000-memory.dmp

Filesize
10.8MB

Download
memory/4836-266-0x00000000005B0000-0x00000000005FA000-memory.dmp

Filesize
296KB

Download
memory/4836-321-0x000000001B700000-0x000000001B73A000-memory.dmp

Filesize
232KB

Download
memory/4836-1886-0x000000001D7D0000-0x000000001D880000-memory.dmp

Filesize
704KB

Download
memory/4836-1887-0x000000001F100000-0x000000001F628000-memory.dmp

Filesize
5.2MB

Download
memory/4836-265-0x00007FFF8EE33000-0x00007FFF8EE35000-memory.dmp

Filesize
8KB

Download
memory/4836-2118-0x000000001BE90000-0x000000001BE9C000-memory.dmp

Filesize
48KB

Download
memory/4836-1874-0x000000001C770000-0x000000001C7FE000-memory.dmp

Filesize
568KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads