Resubmissions

07-11-2024 02:24

241107-cvwp5atepk 10

06-11-2024 12:51

241106-p3t8gszhkf 10

Analysis

  • max time kernel
    345s
  • max time network
    353s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-11-2024 12:51

General

  • Target

    wt.exe

  • Size

    23KB

  • MD5

    9cbcaed1a71dca5fa2fcb5fe41e0d083

  • SHA1

    699923b980e8b8677ab29137dec889cb4c7a87da

  • SHA256

    4a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808

  • SHA512

    bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f

  • SSDEEP

    384:I3Mg/bqo2f+B3kXSP1/pYVvobPJ/r91C9zBq92BewD9:2qo2gtxpjh/r9uzs9WewD9

Malware Config

Extracted

Path

C:\Users\Admin\Documents\read_it.txt

Family

chaos

Ransom Note
----> Chaos is multi language ransomware. Translate your note to any language <---- 당신의 모든 파일이 암호화되었습니다 당신의 컴퓨터가 랜섬웨어 바이러스에 감염되었습니다. 당신이 원하지 않든 파일이 암호화 되었습니다. 당신은 당신의 파일들을 저희의 도움 없이도 해독할 수 있습니다. 파일을 되찾으려면 어떻게 해야 하나요?: 복호화 프로그램을 구매할 수 있습니다 복호화 프로그램을 사용하면 모든 데이터를 복구할 수 있습니다. 파일 복호화 소프트웨어의 가격은 $1,500입니다. 결제는 비트코인으로만 가능합니다. 결제는 어떻게 하나요, 비트코인은 어디서 보내나요? 비트코인 구매는 국가마다 다르므로 빨리 구글 검색을 하는 것이 가장 좋습니다 비트코인 구매 방법을 알아보세요. 많은 고객이 이러한 사이트가 빠르고 안정적이라고 보고했습니다: 코인마마 - hxxps://www.coinmama.com 비트판다 - hxxps://www.bitpanda.com 보낼 비트코인: 0.1473766 BTC 비트코인 주소: bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vpt9x0

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

  • Chaos Ransomware 2 IoCs
  • Chaos family
  • Downloads MZ/PE file
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

  • Drops startup file 6 IoCs
  • Executes dropped EXE 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 35 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 12 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 63 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\wt.exe
    "C:\Users\Admin\AppData\Local\Temp\wt.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:2532
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1544
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2212
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2316
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:548
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4544
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1828
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc58
      2⤵
        PID:1412
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
        2⤵
          PID:4980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
          2⤵
            PID:3916
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
            2⤵
              PID:4172
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:1632
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
                2⤵
                  PID:408
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
                  2⤵
                    PID:2572
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:8
                    2⤵
                      PID:2620
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
                      2⤵
                        PID:2628
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
                        2⤵
                          PID:4492
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
                          2⤵
                            PID:3016
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
                            2⤵
                              PID:3344
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
                              2⤵
                                PID:3676
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
                                2⤵
                                  PID:3940
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
                                  2⤵
                                    PID:1628
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5144,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:2
                                    2⤵
                                      PID:4424
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3676,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
                                      2⤵
                                        PID:2432
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4544,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
                                        2⤵
                                          PID:4848
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3448,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
                                          2⤵
                                            PID:3456
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3272,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:1
                                            2⤵
                                              PID:3544
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3496,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:8
                                              2⤵
                                                PID:784
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3508,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
                                                2⤵
                                                  PID:1244
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:8
                                                  2⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  PID:4968
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5552,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4404
                                                • C:\Users\Admin\Downloads\Decrypter.exe
                                                  "C:\Users\Admin\Downloads\Decrypter.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:3668
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5192,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1
                                                  2⤵
                                                    PID:2680
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4612,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
                                                    2⤵
                                                      PID:4460
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2984 /prefetch:8
                                                      2⤵
                                                      • NTFS ADS
                                                      PID:3720
                                                    • C:\Users\Admin\Downloads\Decrypter.exe
                                                      "C:\Users\Admin\Downloads\Decrypter.exe"
                                                      2⤵
                                                      • Drops startup file
                                                      • Executes dropped EXE
                                                      • Drops desktop.ini file(s)
                                                      • Sets desktop wallpaper using registry
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4876
                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                    1⤵
                                                      PID:3164
                                                    • C:\Windows\system32\BackgroundTransferHost.exe
                                                      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                      1⤵
                                                      • Modifies registry class
                                                      PID:1292
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:2408
                                                      • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                        "C:\Program Files\VideoLAN\VLC\vlc.exe"
                                                        1⤵
                                                        • Suspicious behavior: AddClipboardFormatListener
                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                        • Suspicious use of FindShellTrayWindow
                                                        • Suspicious use of SendNotifyMessage
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:3316
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                        1⤵
                                                          PID:1224
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                            2⤵
                                                            • Checks processor information in registry
                                                            • Modifies registry class
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4052
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e819cd4-1b07-4643-b059-5830d90b341f} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" gpu
                                                              3⤵
                                                                PID:2332
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df577be5-b4f2-4628-be73-869dd87124b7} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" socket
                                                                3⤵
                                                                  PID:812
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2596 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2730d83f-df0b-411d-a932-6e94e5cbc3f5} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab
                                                                  3⤵
                                                                    PID:1532
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3016 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9ee7f8c-b6b7-411c-8196-ff9268e320c0} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab
                                                                    3⤵
                                                                      PID:3044
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4696 -prefMapHandle 4664 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c65047-487a-4293-8c50-cd4abb1084b6} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" utility
                                                                      3⤵
                                                                      • Checks processor information in registry
                                                                      PID:2824
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 3 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da44bf7-be6d-4a45-a5fb-1a93c5046d57} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab
                                                                      3⤵
                                                                        PID:3028
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61da1a36-0cfd-455c-a9fd-1b6773a31032} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab
                                                                        3⤵
                                                                          PID:1052
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7b801b4-cf1d-450f-91d4-11b6b3221880} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab
                                                                          3⤵
                                                                            PID:816
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                        1⤵
                                                                          PID:2580
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                            2⤵
                                                                            • Checks processor information in registry
                                                                            PID:844
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                          1⤵
                                                                          • Drops file in Windows directory
                                                                          • Enumerates system info in registry
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                          • Suspicious use of SendNotifyMessage
                                                                          PID:5172
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc58
                                                                            2⤵
                                                                              PID:5212
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=1944 /prefetch:2
                                                                              2⤵
                                                                                PID:5624
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=2064 /prefetch:3
                                                                                2⤵
                                                                                  PID:5632
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=1672 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5652
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3248 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2628
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3288 /prefetch:1
                                                                                      2⤵
                                                                                        PID:3384
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=4604 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4048
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=4740 /prefetch:8
                                                                                          2⤵
                                                                                            PID:6072
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3272 /prefetch:8
                                                                                            2⤵
                                                                                              PID:2848
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                            1⤵
                                                                                              PID:5180
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc58
                                                                                                2⤵
                                                                                                  PID:5200
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                1⤵
                                                                                                • Enumerates system info in registry
                                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                PID:3892
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffeff4a3cb8,0x7ffeff4a3cc8,0x7ffeff4a3cd8
                                                                                                  2⤵
                                                                                                    PID:3668
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
                                                                                                    2⤵
                                                                                                      PID:2736
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
                                                                                                      2⤵
                                                                                                        PID:5112
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5136
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:6000
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:6012
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:6788
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:6796
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:6892
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:6924
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:4396
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:6224
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                                        1⤵
                                                                                                                          PID:2892
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0x48,0x108,0x7ffeff4a3cb8,0x7ffeff4a3cc8,0x7ffeff4a3cd8
                                                                                                                            2⤵
                                                                                                                              PID:944
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,15330507663179090677,4861048646168252504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
                                                                                                                              2⤵
                                                                                                                                PID:5728
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,15330507663179090677,4861048646168252504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:3
                                                                                                                                2⤵
                                                                                                                                  PID:5740
                                                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                1⤵
                                                                                                                                  PID:4988
                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                  1⤵
                                                                                                                                    PID:6236
                                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:6336

                                                                                                                                    Network

                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                    Replay Monitor

                                                                                                                                    Loading Replay Monitor...

                                                                                                                                    Downloads

                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                      MD5

                                                                                                                                      b5ad5caaaee00cb8cf445427975ae66c

                                                                                                                                      SHA1

                                                                                                                                      dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                                                                                      SHA256

                                                                                                                                      b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                                                                                      SHA512

                                                                                                                                      92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                      Filesize

                                                                                                                                      4B

                                                                                                                                      MD5

                                                                                                                                      f49655f856acb8884cc0ace29216f511

                                                                                                                                      SHA1

                                                                                                                                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                      SHA256

                                                                                                                                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                      SHA512

                                                                                                                                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                      Filesize

                                                                                                                                      1008B

                                                                                                                                      MD5

                                                                                                                                      d222b77a61527f2c177b0869e7babc24

                                                                                                                                      SHA1

                                                                                                                                      3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                                                                                      SHA256

                                                                                                                                      80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                                                                                      SHA512

                                                                                                                                      d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                      Filesize

                                                                                                                                      40B

                                                                                                                                      MD5

                                                                                                                                      405dd156f0b697f2d0702afedb827b80

                                                                                                                                      SHA1

                                                                                                                                      41e7bd95b48a39edd67e751abf94c92b6617271a

                                                                                                                                      SHA256

                                                                                                                                      a764eb30b54d11ded5b23807bca8dee0a2a36b921de032d8923b11b5eb835e77

                                                                                                                                      SHA512

                                                                                                                                      981f35b0c8c9261a4ad7c6c4cf01c5e062f510c7e58affeea3d541510a8bff28f124a0a0142ced89502b4540b50161d201e61a5a0ba08b7504cb6560f5627d4b

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                      Filesize

                                                                                                                                      649B

                                                                                                                                      MD5

                                                                                                                                      271eee219f909727d01814ccae638c79

                                                                                                                                      SHA1

                                                                                                                                      4e1e59cf114d58b594041e0480f975fd26b80584

                                                                                                                                      SHA256

                                                                                                                                      bda466ce771c65e8c90682fac2ba13f365a42cbbf986a087f1c2c16937b14481

                                                                                                                                      SHA512

                                                                                                                                      83388808df9d634f597b96cd8eb6614b261432d080a1e34503b0d021ce2f4ec67dbdb760325fbbe29c5439019f3e919bfba18c8033efdc8742ccf4b04dd39270

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                      Filesize

                                                                                                                                      336B

                                                                                                                                      MD5

                                                                                                                                      341494ef8e5d46aec40e32688af0c8d8

                                                                                                                                      SHA1

                                                                                                                                      7b896989f4e2817e26d2523ce36435f0b0e9278a

                                                                                                                                      SHA256

                                                                                                                                      d9338703e3e23874bef7045e715b69688c0d4b3d053d0a589ff659d651cae0db

                                                                                                                                      SHA512

                                                                                                                                      79c3a4dceb01a7c664f3dd731d24ec248b2dc6372a6bf5a38ce36c52fb5e62b6f3386d7b0785222fac8242041a87382cad9ebaa16280c9f4d8b25eca19575c9c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                      Filesize

                                                                                                                                      264B

                                                                                                                                      MD5

                                                                                                                                      9043c36f91f4757d3e9a5a2c879d6fe8

                                                                                                                                      SHA1

                                                                                                                                      eeffc323aa466e9881aa707a18fc9afd5c7a210d

                                                                                                                                      SHA256

                                                                                                                                      e1c01f474c214fe76a2c5b349aa4dbbe409717ba7bd272f5e145acc9975e06b4

                                                                                                                                      SHA512

                                                                                                                                      68514d8aae3ab6da56d9c48d225b2be550a4e8748f669e1d82b1ca5fce7ca0c9c4a37f5927bff79506d0b6171a456c1ac8fd3af9dad2ef732d8928c43b9279aa

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                                                                                                      Filesize

                                                                                                                                      851B

                                                                                                                                      MD5

                                                                                                                                      07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                      SHA1

                                                                                                                                      6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                      SHA256

                                                                                                                                      6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                      SHA512

                                                                                                                                      7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                                                                                                      Filesize

                                                                                                                                      854B

                                                                                                                                      MD5

                                                                                                                                      4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                      SHA1

                                                                                                                                      fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                      SHA256

                                                                                                                                      6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                      SHA512

                                                                                                                                      939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                      Filesize

                                                                                                                                      3KB

                                                                                                                                      MD5

                                                                                                                                      c515f0c1351eb710665dfdb8440d27a7

                                                                                                                                      SHA1

                                                                                                                                      a3864e09a1e263f9c7305d24983f02a1f1fda3cf

                                                                                                                                      SHA256

                                                                                                                                      54c0a737710d40e75eb5c7b4f4e2acd54bd08fac26f6796c2c6378f477b2fafb

                                                                                                                                      SHA512

                                                                                                                                      bc7e27d6dda7ba7d39ae0b58a4bb919971b35bb81a6844bbb45023ec1a0e0543b153ee97d57997ddab73a3c7ed21e03572867a440ef300fd0ad911619173755c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                      Filesize

                                                                                                                                      3KB

                                                                                                                                      MD5

                                                                                                                                      fa301c25bb09cbb989fa6b24a4b4af90

                                                                                                                                      SHA1

                                                                                                                                      acf77aeeff0c750a55ab5ffc9c507ed116d92f5b

                                                                                                                                      SHA256

                                                                                                                                      dc18883eb4c4ef1d4d2a8b72de95356e54727b99fec628793a6868f3fb6859b3

                                                                                                                                      SHA512

                                                                                                                                      64f69f7210772f0fad09ff6de7074c736d812d1fd81f5fbe9003ed6702fee3a876092eccad855b5b7b57653829a5ad7895586f5d8721d7a7a6e2608a3d747602

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                      Filesize

                                                                                                                                      2KB

                                                                                                                                      MD5

                                                                                                                                      7ca936239042610c4b876491cfef0d69

                                                                                                                                      SHA1

                                                                                                                                      09074fec80ff3772ad6cfdc3ef765806c03a5dcb

                                                                                                                                      SHA256

                                                                                                                                      e3f366cc62421d93b901a934c7bf847a7efda4a33427f15bd340711fd119ff6c

                                                                                                                                      SHA512

                                                                                                                                      476ca54ad7236e1e2ed6ae9a7601fb5ba9fa661f083e4ee16b629ea09f3a97946984bc76093ceb3eacbe0a24684bfd494fa9c9809d7ad534834234e0294161e5

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                      Filesize

                                                                                                                                      2B

                                                                                                                                      MD5

                                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                                      SHA1

                                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                      SHA256

                                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                      SHA512

                                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                      Filesize

                                                                                                                                      688B

                                                                                                                                      MD5

                                                                                                                                      f34452295caa729304948a9d77d28aee

                                                                                                                                      SHA1

                                                                                                                                      bed46f22c6f8da5477feafaba83add077170d07a

                                                                                                                                      SHA256

                                                                                                                                      37c0650a7c98eb261b5c13d0b5855f0dc78d919b54aecbfd96d8fae55ea83810

                                                                                                                                      SHA512

                                                                                                                                      3441c0064656379bebc93487df2de5c56b082508588be40ba943992ea2c0cce07a6f53bff1984c9c1c495e90a4fe4e6fc5b59aee1e6d9bae4ab7b0b9726cfe4d

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                      Filesize

                                                                                                                                      354B

                                                                                                                                      MD5

                                                                                                                                      3811f6b723f6aacf37247c8fbb6fe09f

                                                                                                                                      SHA1

                                                                                                                                      a6a2e604f1784ec47791332ab76a4ccb4f16b836

                                                                                                                                      SHA256

                                                                                                                                      6e26799cdbc9374dee9f22c9fe1f90077a74b741275b4d61088a43ffbd8b9ce5

                                                                                                                                      SHA512

                                                                                                                                      9cca3cf5f7f41acf68b98dbc0086fc318a149b13e1f6a75ad47dbbbeaed9eeeb1ba64bbfb0772dc36da02ef83a3d5a2ad6d5be8c74f93e9b47cdf0748726b371

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                      Filesize

                                                                                                                                      688B

                                                                                                                                      MD5

                                                                                                                                      1f345625cc17d30216e5750620a43f42

                                                                                                                                      SHA1

                                                                                                                                      060f712ee5141df03857f9630b1a614332b0498f

                                                                                                                                      SHA256

                                                                                                                                      68d1854ddcb5e4b44e0a79e9806037c60d5dd2ac38850c64dcf2a848b1aa211f

                                                                                                                                      SHA512

                                                                                                                                      45485beb1cb45bcb4dad379a9d2b4b31d505ad14ec51b7ba8734051ebb635cca838d5b0cf2555c87af252fec0c38472035cf1ee1c6088aa6b42e207ed5be93a8

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                      Filesize

                                                                                                                                      688B

                                                                                                                                      MD5

                                                                                                                                      685b380fee59cbf8b521c4aad8101836

                                                                                                                                      SHA1

                                                                                                                                      863621fcd4d51a6379329dbf6296841c2b4ce47f

                                                                                                                                      SHA256

                                                                                                                                      43caee4f0ea7f71f59803d34ecdf71d9aab1609f5577a2f14b1876388ed3193a

                                                                                                                                      SHA512

                                                                                                                                      49ff112316b2047274b878174e7ade7a8d380f3bc6a744aaafd0d03f32d25aebe2b4bde0bb8af5f5afdbea450f4516f5b1a323c1ec540cedf1e50ecd45751e1f

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                      Filesize

                                                                                                                                      688B

                                                                                                                                      MD5

                                                                                                                                      f3337062d0b5d43a33a9265dc2c93f5c

                                                                                                                                      SHA1

                                                                                                                                      0b2cd38ecaa5be2534b370f9270920cdd4283e04

                                                                                                                                      SHA256

                                                                                                                                      c525f69e453361010bb6ba7bb157d594cd3ae34c00fcba6172e1d97c647e1abd

                                                                                                                                      SHA512

                                                                                                                                      3161b9bbbf62e35c85fe6f298e7eb0ff67c09ff03c2dfd2f0de930236e9a55884346dc28b91bd3981408a22c30563d2cd398e6f20bae36f1ce85357b59c5eb4c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      6c3bf5355cb8a44684ab38b6174965c5

                                                                                                                                      SHA1

                                                                                                                                      a202f2db05e529ddfe2ae929aaa1e38c24d99611

                                                                                                                                      SHA256

                                                                                                                                      e2406bd57b440ef1869b33209d5c6a3918e97181c994adafc3db05f35328c9a8

                                                                                                                                      SHA512

                                                                                                                                      8a6ad1fcfbe678da8de90a09c316aa6cdfd1b3b8e69dcd7ff93fbe248cada5ac87672d8ab3e25c96ed0de7791eefb057f02a0d3e2bb4bc783be9cb684a844c31

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      10KB

                                                                                                                                      MD5

                                                                                                                                      85828003c01eee7f532dc192dc5d1657

                                                                                                                                      SHA1

                                                                                                                                      5a43a59cc67753ab46f98dbea982c05ab0fe26c7

                                                                                                                                      SHA256

                                                                                                                                      2d5f13464e99fff91862751a1a3806b19bd18f3069687308e68461bd0e0d71b1

                                                                                                                                      SHA512

                                                                                                                                      149e741c05498102c306dc587e8de43e9842e0830b1401c0e157d51bc8f296856d9f293ae1352a7aaf96a30d0cc8030feca5b669b16025ba637d2d61e6865e51

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      7e0324174a14263d5e7d22caf2306d0d

                                                                                                                                      SHA1

                                                                                                                                      72701f74f0824dbcc21654534235eaa3f245df4f

                                                                                                                                      SHA256

                                                                                                                                      99534b174f5328560c9d901420417c2fd1df3e2934237ef75bae88732724064b

                                                                                                                                      SHA512

                                                                                                                                      c51949ea0d37cf0888fcfba870981d009f1555058bfdb05be217038cd1dd94eaa8a055895471504ecdeec1773d203b210644e0b46ab23b400996a1054ffb13b4

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      ef9130e71e0431b32443a6f3a0004e3d

                                                                                                                                      SHA1

                                                                                                                                      ce10a69b78c2e3e7795826027180389394f413d0

                                                                                                                                      SHA256

                                                                                                                                      80ec3af296c7ed7ea82b72d578a4dec9a124b7928af1a039cc45b1b94df773c4

                                                                                                                                      SHA512

                                                                                                                                      0723b0eca482175a23327fc15e086ba23ea52460b494bf1fef16b744d14bc2e9289058f6f27e118ec30243b309e922c5cc7fc8551a844c1201a90abb18c140fe

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      b1340a607edc898d690d34d9967e4aca

                                                                                                                                      SHA1

                                                                                                                                      07d0e5677cc9e99d9ef0acf5ce4eaf5f8401ef06

                                                                                                                                      SHA256

                                                                                                                                      14737a54a985137b663eb1fd9711e919d215e0533b543879b8282fec50364f7e

                                                                                                                                      SHA512

                                                                                                                                      42dc478d2060bc14df8738c106369d82aa5e589fb7183327530f0160a02d913aa058729ded32187dd15b587d8e6297dac8ff04965a75d7351539974cd62296e3

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      82a45f5edbeeda94c08d7e2917e847d7

                                                                                                                                      SHA1

                                                                                                                                      445c41ac705a87e48a1c84a5679529ca22f2fb1b

                                                                                                                                      SHA256

                                                                                                                                      bb29b7130947e64613507cee5c9fe3ef772a966fd0c4f7c71ad1181887833ea4

                                                                                                                                      SHA512

                                                                                                                                      32f2ccb4fbf48fad48ab9fa7f68ee5df4552f7e5bf8e751a59cb578edb65dec0d1caa64bcaa9382f928819dfef634827b1ccfabe0f2bec86a41bc45104851ba2

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      329a4aaa9f34f1760f3442ce2643f87c

                                                                                                                                      SHA1

                                                                                                                                      4167863549f13b6103dccae09dd7b4112b3f2f65

                                                                                                                                      SHA256

                                                                                                                                      8bffa54ffe71e59f4e85ada26ccfb037d1dded6f9ce28c39b9a8459a401a0c76

                                                                                                                                      SHA512

                                                                                                                                      536cbb5f2ae4ac021e6709f41c22681bd04f2d8598e08e919733245bd1b832251a74d93fdb6e12dd7b6229e3f055fdfeb92d9dc1ac783515ed696542102109bf

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      c02d299e9ee6ea0035a5ba30b11cea65

                                                                                                                                      SHA1

                                                                                                                                      70e031e67dfe5047ba14880beb90860135c81bbb

                                                                                                                                      SHA256

                                                                                                                                      e65f40e40ea3838e88c40d12c6e3e6628d6a1806ffb54b61856e6a9e35c69927

                                                                                                                                      SHA512

                                                                                                                                      17efc7eead9d8e1437d8562e10732cf3b68d7d4d1380b5cce2139e711e536344af0bffbb4751910d5dcae2b30a9474811286949017e71861aeb3dd0a7b4e30e1

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      815e73342083e78827c8ec8af2d18c2d

                                                                                                                                      SHA1

                                                                                                                                      c798956efafa252aac65149d396d635af34d8520

                                                                                                                                      SHA256

                                                                                                                                      4f53504164ba4e6cd1c89e437c67d2c0d5ac45194c3ca09a932eacb4f2e945ca

                                                                                                                                      SHA512

                                                                                                                                      8b5e09c957c4b6fc9fbb1387d9f1538348c516c6c0f8f6916f33021a9f7a8083da5eea2d544dee3e1cafd162ef68a11e653566f5d6c7d6689a6f77252f96aade

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      26628c9b5e49aeed93272d126c55afd2

                                                                                                                                      SHA1

                                                                                                                                      07c73b0927e277d977f414d0ca7be01afc51c654

                                                                                                                                      SHA256

                                                                                                                                      2354ca56412bd4a5c82fe02df88725db96a7aa72614a290e698438c166a74f88

                                                                                                                                      SHA512

                                                                                                                                      b335d9b06bff27e6039072c6f578153b5f5550ce67cdf52eeaedb281149a03d72690217be2243942e607650be9e98f7622d1206938a3cf1d801d5e1cc3add18a

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      077ccbf65bef0309fc3fcff8b742fe4c

                                                                                                                                      SHA1

                                                                                                                                      f8b155ce195dcde86fa1751d1e99af1e9a6dbfcb

                                                                                                                                      SHA256

                                                                                                                                      17722903d16dad819e821f4ef3b583471eb193bc7cdf5bbc44165dcb3f4eea01

                                                                                                                                      SHA512

                                                                                                                                      0c8d825b8a9d841d9f1ebb7a414e777c6bc3ab3051b3778e20b2ee622912d2a7c1f8cc46fb7b197049df4797e8b26b049371a210f82a5e6b2bed48121ba85bec

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      aaae5a1ccb81a1a24bb5c81613e0adac

                                                                                                                                      SHA1

                                                                                                                                      13e94ffe07f09f7f886ce430b96ec0562174b335

                                                                                                                                      SHA256

                                                                                                                                      07c7ea212e230f7ca402d781f60b19b51112746ac984dbebc50791e710a92e9e

                                                                                                                                      SHA512

                                                                                                                                      f50013245aa486d67ce70af332bacfb2089d94c00702305dcc01a8912f08d4c7e339a5c7f8f23ac36c40635d9f14013e077fa8a8845540f40dc1a086da794276

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      454e9b8b31102161f1d41298ab1ca9ed

                                                                                                                                      SHA1

                                                                                                                                      b33c5fb95be00b3837117886b3c39a671a54aaaf

                                                                                                                                      SHA256

                                                                                                                                      605e57d515c607dd1f3bc12ed28214468f4e7add0b923edcf2f869a60c42b5f8

                                                                                                                                      SHA512

                                                                                                                                      4d8469b8f98347e2e1f2d2cb52cf778c0fe49325ad6e92924e0b714136d3ef9ade32d7223e1baab1a0ea495953c7b7b1768c0dd4dc7d36d7cb64ea01b1190c3f

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      10KB

                                                                                                                                      MD5

                                                                                                                                      fad4c350fa98096f67701a6075fc2b98

                                                                                                                                      SHA1

                                                                                                                                      79d90eca1f34d9c843b75d14e956872cdd621878

                                                                                                                                      SHA256

                                                                                                                                      0dd3fd653181a235b46ef5a49deb15a82738b666366b7a37920cdda7b27e7c2f

                                                                                                                                      SHA512

                                                                                                                                      4dae56b6bf94a23511878b746ec8c251e8f7b3a89f5c13110a574b7f810a442a01dba3eab331416ad9a62612ffd795957bbb6774bad24a6b338a46a52ea592e6

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      651e6747dff07edcf2340c87bcc5d6b3

                                                                                                                                      SHA1

                                                                                                                                      64a21634b9f86aba853c263f1e3ef26276d8f62a

                                                                                                                                      SHA256

                                                                                                                                      7cbdefac8423ae2e4a48e336fff44cc12a9b9cfb7d9ebd4f0a88f1980292f584

                                                                                                                                      SHA512

                                                                                                                                      1aa00972ff441038898e6daea9da76e54c1af5e9d4c05b19f1e7824c61a1c3942dafce9e9f0d3380d9c299d2507821c5a84bfe8cadb96a9175314f53c5e91137

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      3dfe248d3123e46c86bc83e4af9e51fe

                                                                                                                                      SHA1

                                                                                                                                      4c602751dba3e5bf2e85f7363825e3affda24a2d

                                                                                                                                      SHA256

                                                                                                                                      81fe6127666a87a16f4bb2cab359719e1e5cdf798907b5d33ef838c23dd2d957

                                                                                                                                      SHA512

                                                                                                                                      5b8f3162a34af047f679a38865536c8d749f80f3457d80b2af752d0d16a6853986d246942a0e5fdfef7be03ba88e4c662a5839fb37b025644470cc6c25eeb628

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      6d402d9c0dd134b9fad755be1f6504e1

                                                                                                                                      SHA1

                                                                                                                                      195c97ba5c548d9b6819860fd93b26f867d7c248

                                                                                                                                      SHA256

                                                                                                                                      31e636d0d3b7dfd63c2910aa3c21591999cbdb49fd1fa844a61e24d74aa3284b

                                                                                                                                      SHA512

                                                                                                                                      071e432fd5eb9ad8320e43b8f27457d998828d32491ff538a95be427361d9066efdd4384bcb660714388ee29ddf302e70db5c7efdc52a0aec04bdc000cad6e7b

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                      Filesize

                                                                                                                                      15KB

                                                                                                                                      MD5

                                                                                                                                      3a9545b9c2e782c937a7751e83d0f89e

                                                                                                                                      SHA1

                                                                                                                                      a54f9521e3286226467af3ea5729025175809b35

                                                                                                                                      SHA256

                                                                                                                                      46cced4fc235f4803b89733f4691b1bb1a7915c912ce8ea6cc282e4edfce44c6

                                                                                                                                      SHA512

                                                                                                                                      738186a89230062dc2090f5f9d9d37a5be03c1652d019d67aba6a34b1229d5aef1ce7e4f69156ec6e4da657b07f97299dd38c9d512867f1ed723529cf87568b6

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                      Filesize

                                                                                                                                      72B

                                                                                                                                      MD5

                                                                                                                                      594ca146ae1724a7006046caa350c782

                                                                                                                                      SHA1

                                                                                                                                      ea91edba664c7e71ceec515236cc4e9b3ea425f7

                                                                                                                                      SHA256

                                                                                                                                      165b34d183df3ffabf8317343a5d3041a2d0768bf82f3f1864ca03f63420f4da

                                                                                                                                      SHA512

                                                                                                                                      cbe46fc2203427e39b21d8cebe08f948883f38fedca9cc7037a719eecb6024988a00465fd2294dc4f9ff5ef33afc43e65f10cfea86487fae5dfd42161c534c6a

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e71fd79d-565f-42b5-91f5-d8d209f2a398.tmp

                                                                                                                                      Filesize

                                                                                                                                      1B

                                                                                                                                      MD5

                                                                                                                                      5058f1af8388633f609cadb75a75dc9d

                                                                                                                                      SHA1

                                                                                                                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                      SHA256

                                                                                                                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                      SHA512

                                                                                                                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      231KB

                                                                                                                                      MD5

                                                                                                                                      6167aa41cf34c2d65180b4b887fbf359

                                                                                                                                      SHA1

                                                                                                                                      c78cc8b71655ac2c1ddc2aa8de2b8130f72616cd

                                                                                                                                      SHA256

                                                                                                                                      f75ab52c324d7480ba164a44c33853901489f09c62fa2d17f53285101c511dc8

                                                                                                                                      SHA512

                                                                                                                                      23248870ec2d9d227982302184354436545dbe8920cd336f409a718643db351f070d5ef1d3bb1dd07f997c4fee7b0a0e70e41c62afdd1f098905517fd933e98c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      231KB

                                                                                                                                      MD5

                                                                                                                                      e5a2045199ffa2bf7dda3561fcb348f1

                                                                                                                                      SHA1

                                                                                                                                      07bdef3ec78de7a0dba9c2f04208d281a24df832

                                                                                                                                      SHA256

                                                                                                                                      a4943d14f7a826744fb2748d53f7a5300e23a7dfe44db765f77a52810867d79a

                                                                                                                                      SHA512

                                                                                                                                      e825bf6b3844aaf3a7e75abba990ee9bcb4a6f23a8270ee9f305a7187ecc810c8266218619321f09fa463e72d5890849ffc9197279c784d519669ad183427e75

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      119KB

                                                                                                                                      MD5

                                                                                                                                      7f613a33b2ea0d7e6e0d9e9c3ef6b70a

                                                                                                                                      SHA1

                                                                                                                                      6f7f619af058bd5da2e2d039f24dd8e939118963

                                                                                                                                      SHA256

                                                                                                                                      4f7c46f13cbfe7724eda5ee9441d3e7323ce72b715a7196ca06d8e97c821f765

                                                                                                                                      SHA512

                                                                                                                                      2f8ea37e6681af40a7162eca36a94b7a8c03fe8411c572f513854f2532323943a522660af90d0ba65e982580ec209cfcae1beee9ec2ff6deefa3b0c3cbc45453

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      230KB

                                                                                                                                      MD5

                                                                                                                                      ba66f487ad490b40421b3bbbfd12c8a7

                                                                                                                                      SHA1

                                                                                                                                      4f9d9d3c1df4f6b66506d87baf0e509e0e12190b

                                                                                                                                      SHA256

                                                                                                                                      5aa38661b3483621e443ecc357cd6f96bdc6a082c0144d2e3bc2bb57fd9fbcb0

                                                                                                                                      SHA512

                                                                                                                                      ec42cfd43511810e82ec7d4ac1bab8d1230fb2b8a06eb8949cedea1c350c961a405f07b01fe22d718c4e2f41ebd2fb04dbf5ac5ed85bcdd155ab86a5476207d9

                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                      Filesize

                                                                                                                                      264KB

                                                                                                                                      MD5

                                                                                                                                      73cd212c3ff82d63ada5f32958f47acc

                                                                                                                                      SHA1

                                                                                                                                      5358e6394dc2cf552580b97395d0389c6cd6797f

                                                                                                                                      SHA256

                                                                                                                                      a98120aed795d867808fb02af057d00b4acd6817183cf9b46b3040abf93736b2

                                                                                                                                      SHA512

                                                                                                                                      7e2436a39d349230750f0be414ff418ec2be1ecc0a5f204fa116b2e2b2e09e13b7104bd7b7dc45c86bca77b6cec68adb2e41ff5768d172aba6f27bb124cb702c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Decrypter.exe.log

                                                                                                                                      Filesize

                                                                                                                                      226B

                                                                                                                                      MD5

                                                                                                                                      4ae344179932dc8e2c6fe2079f9753ef

                                                                                                                                      SHA1

                                                                                                                                      60eacc624412b1f34809780769e3b212f138ea9c

                                                                                                                                      SHA256

                                                                                                                                      3063de3898a9b34e19f8cf0beeec2b8bd6bd05896b52abd73f4703d07b8a7cd4

                                                                                                                                      SHA512

                                                                                                                                      fadfe2b83f1af8fdc50430325f69d6172d2c1e889ca3800b3b83e5535d5970c32e9a176b48563275a0630d56c96d9f88df148fd6b2d281f0fc58129e5f4dba19

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                      Filesize

                                                                                                                                      152B

                                                                                                                                      MD5

                                                                                                                                      1fc959921446fa3ab5813f75ca4d0235

                                                                                                                                      SHA1

                                                                                                                                      0aeef3ba7ba2aa1f725fca09432d384b06995e2a

                                                                                                                                      SHA256

                                                                                                                                      1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

                                                                                                                                      SHA512

                                                                                                                                      899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                      Filesize

                                                                                                                                      152B

                                                                                                                                      MD5

                                                                                                                                      e9a2c784e6d797d91d4b8612e14d51bd

                                                                                                                                      SHA1

                                                                                                                                      25e2b07c396ee82e4404af09424f747fc05f04c2

                                                                                                                                      SHA256

                                                                                                                                      18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

                                                                                                                                      SHA512

                                                                                                                                      fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      5KB

                                                                                                                                      MD5

                                                                                                                                      59e046b224fc0343091960db5f80ca33

                                                                                                                                      SHA1

                                                                                                                                      c03ebd4364d6dc607721ed8e0032e02d38a8d126

                                                                                                                                      SHA256

                                                                                                                                      dcc256589221dc972d7422b0a125ae430d02b303335192eaa8f1e9317680013b

                                                                                                                                      SHA512

                                                                                                                                      0730f700a9b8d3e4aa3959245c56fb36fa45944398d365e751e70c7f8f0a6fbfff34978c92174f0d6097918c15318a20f9ee119c77ac64574f52d91955179cb4

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                      Filesize

                                                                                                                                      5KB

                                                                                                                                      MD5

                                                                                                                                      35bf760a8589217dc0359773c97f33c3

                                                                                                                                      SHA1

                                                                                                                                      0cba090d48a9c898964778b5b76a7ee8f3852aeb

                                                                                                                                      SHA256

                                                                                                                                      6566b9a8193ec0c83d9edce4da55b43f4d221354eb84e889f9ffd65943f362ed

                                                                                                                                      SHA512

                                                                                                                                      74ac74e3327170d297925ede29ef24e6bd6c9a2d13d24ea38c94133c6878d0634ce442406ef3a4f62920cfe968ed7ab3cad08c242700ab31d60e991d97c74c13

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      8KB

                                                                                                                                      MD5

                                                                                                                                      c881207b560cf235f37289a759f00153

                                                                                                                                      SHA1

                                                                                                                                      f08b65ae145f8ab9fa1b75e553ef0ee4b337a11e

                                                                                                                                      SHA256

                                                                                                                                      f25d9a94d412574a5dc541e5c769ad68d38e2667f089833db922d150198b885c

                                                                                                                                      SHA512

                                                                                                                                      3637efe9d191647d12f37835c696defb33677033bff6b675703e42cf932ccfb7a2bd25af40624b9df7210df3348a76acda666e4a63256c4c6d9c16c266bfb767

                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                      Filesize

                                                                                                                                      11KB

                                                                                                                                      MD5

                                                                                                                                      85a1713476688a65a2ad03968566111e

                                                                                                                                      SHA1

                                                                                                                                      f8ea8b086e3c8046251d868fa9c347f77ec082fa

                                                                                                                                      SHA256

                                                                                                                                      0ae664f7be94e15ca61777d9714da0ad000927a2b808de0200d0bfa3da7f69be

                                                                                                                                      SHA512

                                                                                                                                      bab84aa84c2cfa0c7a9f5876070f13057ac16ca316ab8f932231f345c3bcb2334e2dfeb47b5c5e6b334f00b716a20ff28bed1aec8451a56466810164cff6014d

                                                                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json

                                                                                                                                      Filesize

                                                                                                                                      18KB

                                                                                                                                      MD5

                                                                                                                                      20770050cc672b39cb5c5d02e021787b

                                                                                                                                      SHA1

                                                                                                                                      b0da7bcf65fbe0fbc463225fd4ae2ab2837323e8

                                                                                                                                      SHA256

                                                                                                                                      ef92794035ee6323a1f3c0023b1dd61de836897153c3c0b6f22aa63aca07a507

                                                                                                                                      SHA512

                                                                                                                                      979a8c3822031836a11d7767040382142f1d4e60826900d88dd0497f7165fcd991c33e309eff30d95ada613912e14a2f22103c36c1f17fe60190a077d1f7680e

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c640c352-bd48-445c-9711-b9b8df5b26dc.down_data

                                                                                                                                      Filesize

                                                                                                                                      555KB

                                                                                                                                      MD5

                                                                                                                                      5683c0028832cae4ef93ca39c8ac5029

                                                                                                                                      SHA1

                                                                                                                                      248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                                                      SHA256

                                                                                                                                      855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                                                      SHA512

                                                                                                                                      aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      f704cb963f605beed28fdc82da43a4a0

                                                                                                                                      SHA1

                                                                                                                                      ee4bbdcdfe18a46a0d527990987230b5c610588b

                                                                                                                                      SHA256

                                                                                                                                      719e87b58195f646a127d6965cec19b55325a6904e2ab8e3e4da79f8fdb592c6

                                                                                                                                      SHA512

                                                                                                                                      3aae886bc95f6cc40da060f84591697d05e5aee60ae3553b6c3bf8810da26ec2da1f7f32ef7106674c2d9709fe36e1e0ea88cb4fd5a3e96826a0788d6815882c

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                      Filesize

                                                                                                                                      9KB

                                                                                                                                      MD5

                                                                                                                                      cfee32e173dfe3a606ad45f7716a2b91

                                                                                                                                      SHA1

                                                                                                                                      1d04d8fa92251c4d41af907d1f0443151bba78f6

                                                                                                                                      SHA256

                                                                                                                                      d086c2f871ead971ab0b68d4d7c09ca846fc9413c70ec083b52c95f2f1bfd711

                                                                                                                                      SHA512

                                                                                                                                      b0b53f0cb7e3a18310dad45fa8d0f56d6b81980de33687e01de4ffe1c5421725ee1e0eb4baafa8386cd8234b66921efaf0e88d2158128417cf97738ef1278e2e

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1816_23871624\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                      Filesize

                                                                                                                                      711B

                                                                                                                                      MD5

                                                                                                                                      558659936250e03cc14b60ebf648aa09

                                                                                                                                      SHA1

                                                                                                                                      32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                      SHA256

                                                                                                                                      2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                      SHA512

                                                                                                                                      1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1816_23871624\bf035779-e01a-4788-990a-46f2350e480c.tmp

                                                                                                                                      Filesize

                                                                                                                                      132KB

                                                                                                                                      MD5

                                                                                                                                      da75bb05d10acc967eecaac040d3d733

                                                                                                                                      SHA1

                                                                                                                                      95c08e067df713af8992db113f7e9aec84f17181

                                                                                                                                      SHA256

                                                                                                                                      33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                                                                                                      SHA512

                                                                                                                                      56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin

                                                                                                                                      Filesize

                                                                                                                                      6KB

                                                                                                                                      MD5

                                                                                                                                      1bf5d5a79aa895096efa8584fc77f4cb

                                                                                                                                      SHA1

                                                                                                                                      9a54f861ebcfdcbeef178b231a31994145e39690

                                                                                                                                      SHA256

                                                                                                                                      953a2b6b9e448e885b12d318734b11e0b356bcd99e28747f70751244f0d74a99

                                                                                                                                      SHA512

                                                                                                                                      53bff3d954a41c77d9151a1e617d20e0c42b14208fedc06b90a15920ab2cd061c4389c83daff1c1773802c3fe54f154063e9983baa3a434df220ead450b058be

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

                                                                                                                                      Filesize

                                                                                                                                      5KB

                                                                                                                                      MD5

                                                                                                                                      810caddef8cc6082c4888b159cce59e3

                                                                                                                                      SHA1

                                                                                                                                      80a39e71bca856e4af94fb590f0d5e139cd2be62

                                                                                                                                      SHA256

                                                                                                                                      6db884004a3831c577d090525587578cd0cd0f118aad7bbe4a48b4c7d3941d0b

                                                                                                                                      SHA512

                                                                                                                                      21f48386919329547be71680210ac0587856414aaa65c428ef138684bfc1e4d7f4c0e96a6c549123fd5149353ae24125280f194b82e0c51d6668eb66d69b493b

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

                                                                                                                                      Filesize

                                                                                                                                      6KB

                                                                                                                                      MD5

                                                                                                                                      e16b777b770961354f086bf66c657504

                                                                                                                                      SHA1

                                                                                                                                      0201df164d97cb575d6e64c072689afe5abedff7

                                                                                                                                      SHA256

                                                                                                                                      1b0983cea9fefff7189594358ab302aea3003852d19cb39434744bb0d3546abf

                                                                                                                                      SHA512

                                                                                                                                      97f7cc9d57af394f822ec76b0e2ebe341cf9bebb064123a8820bada75c692b52b3d52b32858be5aad1ee793504c95f5f4c410492a6f576ab0ad08d6f2bae36f5

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\14f914fc-cad8-4d1a-9236-1dfcb7c7e916

                                                                                                                                      Filesize

                                                                                                                                      25KB

                                                                                                                                      MD5

                                                                                                                                      a0fcbef3664af43e6090c84285e0097c

                                                                                                                                      SHA1

                                                                                                                                      0d65b0598ad9916a62e03f46d2054c65aa7bab61

                                                                                                                                      SHA256

                                                                                                                                      c8d3610b537a2f1ab9cafb200e49c354ef58655227f24b73072392c0d55212e9

                                                                                                                                      SHA512

                                                                                                                                      19457429359530a0bea9532f438a9359b7519e2acf06d27d6a88d861f8d21311e7e38d5750f1f0298d69eab815cc93f18bc593eae8dfb81e1ce0b227a3ee6bec

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\b4453c42-697f-4fec-b550-c11eaf1882a8

                                                                                                                                      Filesize

                                                                                                                                      671B

                                                                                                                                      MD5

                                                                                                                                      04bf695abada2ff65fe3e5ccb525364d

                                                                                                                                      SHA1

                                                                                                                                      53e7ed210ab34404315a9bdebb57f9468b60d143

                                                                                                                                      SHA256

                                                                                                                                      c6b0b338600f4f06c43d62eb5021defb243126b90c6dbfe5fe0f38e8e148d706

                                                                                                                                      SHA512

                                                                                                                                      a4bb6ebd4d6d6ab5ebeb0adcc377f12b954b73b3e3b0a88fe3f2667e9b003e2267ae5fdb70ef55a357f1a1e119c111b936cd530361b2733eccf172cfa1987e74

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\ccdacbcc-13e1-49e6-a17f-130e46f97431

                                                                                                                                      Filesize

                                                                                                                                      982B

                                                                                                                                      MD5

                                                                                                                                      f7532ec63677aaad028766b6704d8365

                                                                                                                                      SHA1

                                                                                                                                      7bb1e141458bfb34dd0241ab3f3a82354483a826

                                                                                                                                      SHA256

                                                                                                                                      690e2b23800fbd426a18a9c58451f505851db8eb012ebb83b45d008a55120950

                                                                                                                                      SHA512

                                                                                                                                      128bee4d4f4d746aa933f4add2dc7db51aa637601e12b913e323d280a72c17b91fb7ae2db64d6a80fad794d94da1915a7afe598b7014a656af5b0c89975e7fab

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js

                                                                                                                                      Filesize

                                                                                                                                      10KB

                                                                                                                                      MD5

                                                                                                                                      65ea20a2066f51431c97733c334c993d

                                                                                                                                      SHA1

                                                                                                                                      a2a1600ea52516ea2c9c31043ceab2b12828c688

                                                                                                                                      SHA256

                                                                                                                                      cdfc1072ef951a4f407bb7d2b51ac30b2aba75db4118105bb96fece86446a4ab

                                                                                                                                      SHA512

                                                                                                                                      e8ac181995df3b3388c1292ee8f753432f392b58899d2cc780d5b46679123a4a351d4e6f5510921e0af44e768b9f658f46c601b83a83b59da4abd3d538d48205

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs.js

                                                                                                                                      Filesize

                                                                                                                                      10KB

                                                                                                                                      MD5

                                                                                                                                      8b09cbba8cc5e5a2742c6c4d8efab9b4

                                                                                                                                      SHA1

                                                                                                                                      0085a2d99c328b4d502f61f6e4d2d3bcbd934085

                                                                                                                                      SHA256

                                                                                                                                      e2940439427f9ef1c3338b61a9c20a808bda5605f5b905fa4713b14d9780e4f9

                                                                                                                                      SHA512

                                                                                                                                      4687acf4da513246b729e08b66d71bdbcabe38d1c7e741d16f807ad831bd8c1b17028e978f1950018ec97d76d169b94574607c17974f6002cb43be1ae495d094

                                                                                                                                    • C:\Users\Admin\AppData\Roaming\svchost.exe

                                                                                                                                      Filesize

                                                                                                                                      23KB

                                                                                                                                      MD5

                                                                                                                                      9cbcaed1a71dca5fa2fcb5fe41e0d083

                                                                                                                                      SHA1

                                                                                                                                      699923b980e8b8677ab29137dec889cb4c7a87da

                                                                                                                                      SHA256

                                                                                                                                      4a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808

                                                                                                                                      SHA512

                                                                                                                                      bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f

                                                                                                                                    • C:\Users\Admin\Contacts\desktop.ini.8irx

                                                                                                                                      Filesize

                                                                                                                                      756B

                                                                                                                                      MD5

                                                                                                                                      67606bfed808c04f792bd19fad4eeae8

                                                                                                                                      SHA1

                                                                                                                                      00e05e9ecb7b31bcf8866ac1f83701a4b5f505bf

                                                                                                                                      SHA256

                                                                                                                                      dbf910115c815042fb18d17c20b7312847ad1b805d0ae568370903d0d05105c6

                                                                                                                                      SHA512

                                                                                                                                      39eb9dbc22b4a9a645051a3e43df3534f0ddf6b9b5476fb3af8a197ff89f8bc176fa42b5394897ade81363222e8a646795b8afb03013949dce10f85d153fa51b

                                                                                                                                    • C:\Users\Admin\Desktop\ComparePublish.odt.31fy

                                                                                                                                      Filesize

                                                                                                                                      1.1MB

                                                                                                                                      MD5

                                                                                                                                      fd02bc7ce3b6a675ebb648d5d69fc36e

                                                                                                                                      SHA1

                                                                                                                                      9448d21cc4b9be82bd4fc376976e7cfb4f0cad8f

                                                                                                                                      SHA256

                                                                                                                                      7275bb38ab56e30bf0625ed5ba5a64589ad08ffacd0e65778e7c8713a5a974f2

                                                                                                                                      SHA512

                                                                                                                                      0ba5a71b694382b0bf73f7b955371eb354b25e5f87b4561a6b400766ae373b875dc16cf760b8a4d35d7cbd6dab82c4b05e371fd9a46e7cc733bc3fbea898243d

                                                                                                                                    • C:\Users\Admin\Desktop\ConnectJoin.docx.laa2

                                                                                                                                      Filesize

                                                                                                                                      21KB

                                                                                                                                      MD5

                                                                                                                                      219c615b141d860be13a00912e4f8995

                                                                                                                                      SHA1

                                                                                                                                      683d42622e4381f38345791f6be46713134664b2

                                                                                                                                      SHA256

                                                                                                                                      8a6bd6d1ed88f58c53559dc7da2e6403e6788baba642ba6ddaec97f7aed3846f

                                                                                                                                      SHA512

                                                                                                                                      3be1cf0851a27665e9b1b3acab750f3e0bcc45fe21ef26af71d1bce9c62be73abc94b519bdd5748f3f72f4abf26c6d30b2dbbb3384a9ef329f2a9f93c6099e1e

                                                                                                                                    • C:\Users\Admin\Desktop\ConvertFromPublish.svgz.2tes

                                                                                                                                      Filesize

                                                                                                                                      766KB

                                                                                                                                      MD5

                                                                                                                                      0a6808114eba4e0b5a965973cb67ec52

                                                                                                                                      SHA1

                                                                                                                                      82b8fdb6dd3049efce9603c2fe4a3a77d7057e5b

                                                                                                                                      SHA256

                                                                                                                                      dec149df2623bde968e6d3cc44d000c68bd881eca16e9396817c9ae546a5d31b

                                                                                                                                      SHA512

                                                                                                                                      7937b646a9280e05eac99ea1ec1273ba0675e5a7f8e907565ea93a9bcf1ba14d4fbc68f75092dce363f1293143bd1ec855c1b8fc69f7f27419c75e990480b1e8

                                                                                                                                    • C:\Users\Admin\Desktop\DenyUpdate.dwg.aknd

                                                                                                                                      Filesize

                                                                                                                                      1.2MB

                                                                                                                                      MD5

                                                                                                                                      4c245f09418a918216008175ae7f9880

                                                                                                                                      SHA1

                                                                                                                                      6fa8fc6ac3bd64c43cfa5e91b0a6f92446179f65

                                                                                                                                      SHA256

                                                                                                                                      9d3c2d18eb82872e2f98362221b73278548a451dd2b015a87c782a3aa56f6b59

                                                                                                                                      SHA512

                                                                                                                                      14814362f72d4831ef657b402223123bee8b2116e0b024053782746d95873ff54d46b74371ef5fe9335ce814b67561b1cc864e2b9d549539bd84d195ceccc6df

                                                                                                                                    • C:\Users\Admin\Desktop\DisableInstall.iso.9sbw

                                                                                                                                      Filesize

                                                                                                                                      1.9MB

                                                                                                                                      MD5

                                                                                                                                      17ee2b16a6b98dacf8e9af517c7cec7c

                                                                                                                                      SHA1

                                                                                                                                      bd1c782a5cf8c670a229aeb51ab3be8bb2db4ad2

                                                                                                                                      SHA256

                                                                                                                                      c9c72e1aadb33b05634977d25fd2b4e213fb16dee7c21143ab785c0289f5dc67

                                                                                                                                      SHA512

                                                                                                                                      72c0de51c51b8ce81e8c942c7f3d01602e8d9225e852b1d2ccf883cd49e71bff5027be63eabc4c516a1ae4d5f85edaeeede3e1f750e0e29dd42aacae556ac3a3

                                                                                                                                    • C:\Users\Admin\Desktop\FindRemove.sql.oxon

                                                                                                                                      Filesize

                                                                                                                                      1.0MB

                                                                                                                                      MD5

                                                                                                                                      f6a01ed6542b257b58a66b47ea5a0250

                                                                                                                                      SHA1

                                                                                                                                      08fd277589b5edd529fe791c90058426d49e7865

                                                                                                                                      SHA256

                                                                                                                                      345498c1b33d69dc92e71dd2260975fe1658bfe64949465653d16e5de0f224cb

                                                                                                                                      SHA512

                                                                                                                                      e2716da918bcbe6aa1d83a65d49a9fcf6c8647911991ced8aef2f7041db458e4e429480e3fc448520370a518de839911aa72ddc919f6c146ae9c8ebe2e00c0a8

                                                                                                                                    • C:\Users\Admin\Desktop\JoinUnprotect.m1v.vgqf

                                                                                                                                      Filesize

                                                                                                                                      1.1MB

                                                                                                                                      MD5

                                                                                                                                      8ff2caae02422cb96f0dc113e13d9572

                                                                                                                                      SHA1

                                                                                                                                      b31139828a97db8edad79e50394dab9f0fb6c3e3

                                                                                                                                      SHA256

                                                                                                                                      a3692532a0324b9321dbcfe286cfa2b70da1006403554b37cab20b410e32deb4

                                                                                                                                      SHA512

                                                                                                                                      8a451bc184174b1345067e8f07ace649e4307cccccb864ee9a0d2a4e456b5c02dc892e0421e806c8e640285985c8b2eefe23161a30b31dfd710c81bda96a329d

                                                                                                                                    • C:\Users\Admin\Desktop\LockMeasure.dib.qq2c

                                                                                                                                      Filesize

                                                                                                                                      1002KB

                                                                                                                                      MD5

                                                                                                                                      bbc1c8067ec505f71655b53308f7a991

                                                                                                                                      SHA1

                                                                                                                                      e92b1017a3553d821ce5beac086c64d3ab5c5a32

                                                                                                                                      SHA256

                                                                                                                                      da242953ea675ccd29e8fa2b2ddbe8907865fc90dda5bae1319f1adc4b93f4ad

                                                                                                                                      SHA512

                                                                                                                                      c53d3f7ce292e17b725a497f0af1a31ec6c30cbbaa4d0e87f52fccd91bf6efee1c61e929830e1f41d4881a3221bf0342e1147297fdf9d8d254b069aa71549ccd

                                                                                                                                    • C:\Users\Admin\Desktop\Microsoft Edge.lnk.5k7j

                                                                                                                                      Filesize

                                                                                                                                      3KB

                                                                                                                                      MD5

                                                                                                                                      e5dee78de188f004251052fbfd134935

                                                                                                                                      SHA1

                                                                                                                                      d306c313717abbd27e4e804d7265d6956727d815

                                                                                                                                      SHA256

                                                                                                                                      eaeea1e22f148ea348766ed5e270d103e5256e752e49bea5e1b796f9230184a0

                                                                                                                                      SHA512

                                                                                                                                      9fcb92211a6e108bd97b7e613623e90927f0fb1de3a57ae2f8c3ecdec17dfe5529dad8bec906a43294a7cc49454f18d2f9fa278c64087a870fb0365b5dbb4fb9

                                                                                                                                    • C:\Users\Admin\Desktop\OpenSkip.ico.bft3

                                                                                                                                      Filesize

                                                                                                                                      1.3MB

                                                                                                                                      MD5

                                                                                                                                      15f5b0673c881efcae3eab82b8c3b9c2

                                                                                                                                      SHA1

                                                                                                                                      1bfdb2d1e6c6e21240011f3074b41d5f843a2af3

                                                                                                                                      SHA256

                                                                                                                                      9a52a8568a9ecf776dfa804b1257dfff415765640b8e88ceb0a274c13c9bc28f

                                                                                                                                      SHA512

                                                                                                                                      a1ae0c53e8df2061e5b6c64747a3c3f3d746ba9f1c50a9cdfcfdb0f74738f4fd4e4347da2cbd83ac25c57721e76fed98888f065bde85b08cca2c198ebd77c7c9

                                                                                                                                    • C:\Users\Admin\Desktop\RegisterHide.xml.f0t4

                                                                                                                                      Filesize

                                                                                                                                      845KB

                                                                                                                                      MD5

                                                                                                                                      bde3248899bd2680683d3185010b79fc

                                                                                                                                      SHA1

                                                                                                                                      6d66b6dc681eaf346ce575dcd3c6560996990ca8

                                                                                                                                      SHA256

                                                                                                                                      257c8b80a62b7d09320be4892c594f954a18f2ed9fddc67c762742459b83ecca

                                                                                                                                      SHA512

                                                                                                                                      547fcf0a3422cfc83f305efa13a975d56a43f962af61ed3440414278da99d270f70af5681def3565c7a3a85f44f8436798f2b574f3f241505a93e2583168e9ae

                                                                                                                                    • C:\Users\Admin\Desktop\RestoreLock.rtf.mocl

                                                                                                                                      Filesize

                                                                                                                                      924KB

                                                                                                                                      MD5

                                                                                                                                      ec76cf2da99ab8de53c70092e153c98d

                                                                                                                                      SHA1

                                                                                                                                      7271a84f6b7ef11f11eb554d8f7cf6e018f7a42f

                                                                                                                                      SHA256

                                                                                                                                      ca8c5153e3acb9a3437631b3ec8ce2d6b4e02c45c8909a3c6c4069f1df90da4d

                                                                                                                                      SHA512

                                                                                                                                      68407a05a95e505cd11872cae1d13b40b121fc1b28d00d6778537044d64d049c74099e3f7dc7070e00af0bd64ec042b002ba47547667e05318501bf7cce78246

                                                                                                                                    • C:\Users\Admin\Desktop\StopDismount.xlsx.kh0l

                                                                                                                                      Filesize

                                                                                                                                      18KB

                                                                                                                                      MD5

                                                                                                                                      25f010384f8bc049e34e8f23bdd5532e

                                                                                                                                      SHA1

                                                                                                                                      7124fd216a4f3071136d9848dc6a2e6dfc3b707c

                                                                                                                                      SHA256

                                                                                                                                      1460cf557e0a27b5935f7c76cf9ef459f102a4092a8d662d0f5730547bc4c0b2

                                                                                                                                      SHA512

                                                                                                                                      674b96cc7a6092c5820f32bb25d927430ec71e73a5f5ee12fa3346a8bec6044a88687dea5d3fb4807d1284b725a538733b9c73ac9ebf342544caae9f4f5e872c

                                                                                                                                    • C:\Users\Admin\Desktop\UnblockStop.svgz.ztjx

                                                                                                                                      Filesize

                                                                                                                                      806KB

                                                                                                                                      MD5

                                                                                                                                      7a0e2e33b47ca38abbc488a4bf5eda3a

                                                                                                                                      SHA1

                                                                                                                                      ae72c39b210fa73b8ac6dc3e52db5d6804a9b349

                                                                                                                                      SHA256

                                                                                                                                      0c0e0481c13e1fb3067fb96abe61537ba2845fff1174ef08b121a0133521e6b8

                                                                                                                                      SHA512

                                                                                                                                      053de5f025658c55667a432d33af1ad63b0d9c16588f397577c698d6f093d3e7387c7e4d39b7405175fd5e445275abf7159349fa61f92c45c198f5bce48a6157

                                                                                                                                    • C:\Users\Admin\Desktop\UndoDebug.xml.vxgv

                                                                                                                                      Filesize

                                                                                                                                      1.2MB

                                                                                                                                      MD5

                                                                                                                                      3792c3bc550da3eb82baa3716f1bdd32

                                                                                                                                      SHA1

                                                                                                                                      26aacf2f87c78c1a0eddc5fba881e112a6d4705f

                                                                                                                                      SHA256

                                                                                                                                      dff20cb4af69ae71b9607a51708c7156869dd554e01cb09d5f2064cd85988a87

                                                                                                                                      SHA512

                                                                                                                                      578c268df74e63e8b2bc7cea5fc2d47940f9b23be85c613055eabf01aa6fe7211eab8660b795399a2e16fb726d2635df8073d1a921c9d435d0db5a1c037575ee

                                                                                                                                    • C:\Users\Admin\Desktop\desktop.ini.uvbk

                                                                                                                                      Filesize

                                                                                                                                      584B

                                                                                                                                      MD5

                                                                                                                                      ad56a099973f8973ea9a76456f15978d

                                                                                                                                      SHA1

                                                                                                                                      8afb6696f4180c69928a490a622aa5fc4add1c18

                                                                                                                                      SHA256

                                                                                                                                      2faf66a126ce147275c6640acbf1130516ee0b6f7e6b283ba7f35425945dd261

                                                                                                                                      SHA512

                                                                                                                                      76648824403d7dacf266acaf3408463e71059fa9fbf9c311b0c3f00954b9da870e3b7b893cb5ccc9dfcd9af8a95110a27aed2aaeaf8b61252cafebe64b536b4d

                                                                                                                                    • C:\Users\Admin\Documents\ConvertToEnable.docx.eubh

                                                                                                                                      Filesize

                                                                                                                                      24KB

                                                                                                                                      MD5

                                                                                                                                      262e41d789aa62bb59d7d584ebfd8536

                                                                                                                                      SHA1

                                                                                                                                      b96bd1c646d885ece22b3d860fdcf1765c5094ad

                                                                                                                                      SHA256

                                                                                                                                      bcbdb7b5e7e2356baed5ba5776dbff46605277621a15eea9d3ca45ad302cbddd

                                                                                                                                      SHA512

                                                                                                                                      b528429ea007cc234bf82a0477756471fa36d5bb88341ea9344443cd7ceda7a4f43737776edeb4fe7a18e4967adde9b839e82324a9e94481d222ee98e0be2a6e

                                                                                                                                    • C:\Users\Admin\Documents\DisconnectResolve.xlsx.0qmm

                                                                                                                                      Filesize

                                                                                                                                      15KB

                                                                                                                                      MD5

                                                                                                                                      08b70986cc33cd5aff40737fc826817f

                                                                                                                                      SHA1

                                                                                                                                      550915f05bdc55fd6df8714c86600f2b2be9b9d9

                                                                                                                                      SHA256

                                                                                                                                      a722a5c588f3622a6ab2a8e24494e3abccb1c035857ce2ca540bc3f38f256b3f

                                                                                                                                      SHA512

                                                                                                                                      2e5038091d939a4f34f00d847b407a04d8577db65d49dc531295fc1fa410e946bfa61cbece0141cf3a3fcba50bfa0d9b54dc0239669686c3656eaa4820a62a9f

                                                                                                                                    • C:\Users\Admin\Documents\desktop.ini.ee4i

                                                                                                                                      Filesize

                                                                                                                                      756B

                                                                                                                                      MD5

                                                                                                                                      122736ee51c0184a9565a4d8a668de53

                                                                                                                                      SHA1

                                                                                                                                      9bc9bc666905d54c0bc812f25339d2043b58596e

                                                                                                                                      SHA256

                                                                                                                                      ef34cba9b02e032016e82bf0af1f622a0a23f6555996f541e5395b99e451564a

                                                                                                                                      SHA512

                                                                                                                                      f19c994b54bc2c45b2e9d7fd0efef816fc38acbb22805d501f895fdb2811a0bf9ee11399a47d925ca0d1e2d6e7bc6c7d76820994addcb8ea45fbb188e4c220ce

                                                                                                                                    • C:\Users\Admin\Documents\read_it.txt

                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      691dabf88ce8bf585b6554d8f0ff880e

                                                                                                                                      SHA1

                                                                                                                                      543414f88078a7a5520593e24119253f2b7fc95c

                                                                                                                                      SHA256

                                                                                                                                      c58ae5db59068e59c319fd721a3d0d9174fdca70ad1e37859970dfabc0de49b2

                                                                                                                                      SHA512

                                                                                                                                      0017de1d0780f6f33d8ea630ef2ca1bdc6b8836cea78647cd640f0e0dbc84108cae2e2b46ea03c14fe0bec48010fc1b437c1019f99d63ad60dc99108dfe58f8f

                                                                                                                                    • C:\Users\Admin\Downloads\Decrypter.exe:Zone.Identifier

                                                                                                                                      Filesize

                                                                                                                                      156B

                                                                                                                                      MD5

                                                                                                                                      2cfab073d01bb678e128a7de0af877a2

                                                                                                                                      SHA1

                                                                                                                                      d655324f8d4cb6bcd0396e0fd6e9bdb886b128ea

                                                                                                                                      SHA256

                                                                                                                                      8aabb60ce305c2ea927e131d79346d5660f144f69043a617f961e71c6316dc76

                                                                                                                                      SHA512

                                                                                                                                      d2f58fb60ad6b49b56bc372f0e99bb4a7f7876d028133283a0d355933dba94d12065a71001f37995adf2b28d099ffc290ec36861338bcae09355adf60627e6bd

                                                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 375216.crdownload

                                                                                                                                      Filesize

                                                                                                                                      218KB

                                                                                                                                      MD5

                                                                                                                                      97f3854d27d9f5d8f9b15818237894d5

                                                                                                                                      SHA1

                                                                                                                                      e608608d59708ef58102a3938d9117fa864942d9

                                                                                                                                      SHA256

                                                                                                                                      fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2

                                                                                                                                      SHA512

                                                                                                                                      25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696

                                                                                                                                    • C:\Users\Admin\Downloads\privateKey.chaos

                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      4ba2079482d40fae3acde63643a12016

                                                                                                                                      SHA1

                                                                                                                                      23836a11e28f0d39a8e5c870904d04001b1470e4

                                                                                                                                      SHA256

                                                                                                                                      5e37e6ed7b3e44fad1674588e0df6e0661774d3807527363af69c79530a0b844

                                                                                                                                      SHA512

                                                                                                                                      7a0274c01f587fb811fb981191c6a2e713e178bf3c3d2827e49e27b6216f2b5395642d9213e562b7b99d1a3907a48038801cc5a82987078d58110f4e4aefefe0

                                                                                                                                    • C:\Users\Admin\Downloads\privateKey.chaos:Zone.Identifier

                                                                                                                                      Filesize

                                                                                                                                      159B

                                                                                                                                      MD5

                                                                                                                                      9266176748e957fbe15adddacd68c068

                                                                                                                                      SHA1

                                                                                                                                      d814495f6ca68459bcb95299c04785ccec7e762f

                                                                                                                                      SHA256

                                                                                                                                      2717fd5f0ae4ab37c25badc7e529ddd56592ce66b5366528719c209cb3d5c0af

                                                                                                                                      SHA512

                                                                                                                                      4816a3b78a7b159b6667037f8c7ce84fdec1d44d22cbf6626c64458fc0ebb5282d5a3706996fd65072263796aa119def22a04df2536694636011e2c005563922

                                                                                                                                    • C:\Users\Admin\Links\Desktop.lnk.skik

                                                                                                                                      Filesize

                                                                                                                                      884B

                                                                                                                                      MD5

                                                                                                                                      b06e274d4ca7ff20438d6aa21134d197

                                                                                                                                      SHA1

                                                                                                                                      5f0aa4595d29eb105b7afafadf671dc909daae4f

                                                                                                                                      SHA256

                                                                                                                                      1ac68c568fd8efc6818e5d2b0941bb8a0c52ea5eeec06f6d718eb62b3e5a79ba

                                                                                                                                      SHA512

                                                                                                                                      c839b2eada242aa0aee1f80df7352c2b7c62df6ea8b6a8066bff02d12ba427e57d8aa5a0158cb374f59ea866f289f6bfbdfaff0635d61810843690245397418f

                                                                                                                                    • C:\Users\Admin\Links\Downloads.lnk.y2j4

                                                                                                                                      Filesize

                                                                                                                                      1KB

                                                                                                                                      MD5

                                                                                                                                      c524f83498f49f20db904ac7046f4780

                                                                                                                                      SHA1

                                                                                                                                      4c4e6fb3f2d6a4cc65e2201e94d825609f9939d5

                                                                                                                                      SHA256

                                                                                                                                      d1afa2598c71b7c9a034475df0091e9d83721558f8bfa9f802783d7e0d3ed2d0

                                                                                                                                      SHA512

                                                                                                                                      8d3363fbfced1ea333c43ac14fa8cc9cf22a7d5e7b5457f971b2042ef411a1c3398406d8b0bcceb3643b21bdde358b6b9457c2df116820acadbee0be691e182f

                                                                                                                                    • C:\Users\Admin\Links\desktop.ini.c8bt

                                                                                                                                      Filesize

                                                                                                                                      884B

                                                                                                                                      MD5

                                                                                                                                      db3cd3d877fd4b2a77caad67f5c526db

                                                                                                                                      SHA1

                                                                                                                                      f74dfe54a6d331825c6f8b8451e1dd7363e36f2a

                                                                                                                                      SHA256

                                                                                                                                      2d5451c05b21c84408a07fe5070f490836f663ec4004378089d16a675e7ae9ee

                                                                                                                                      SHA512

                                                                                                                                      beb2c14bcf3bb18fe06fe4940591629492b0744b81d7398f45f4faee4d4eac8e1d311c521f48e441123bad944a72ce885f9f0e62b548994f80e631b0a7ffadb1

                                                                                                                                    • F:\$RECYCLE.BIN\S-1-5-21-2410826464-2353372766-2364966905-1000\desktop.ini.7msz

                                                                                                                                      Filesize

                                                                                                                                      392B

                                                                                                                                      MD5

                                                                                                                                      92de74bd68b500bde509f1902085ec64

                                                                                                                                      SHA1

                                                                                                                                      6798390ea6322ffdf0f4083ec791ae7a115d7a05

                                                                                                                                      SHA256

                                                                                                                                      64d332a534c6ad468f39d7d04fa1833996b4de154b2e14618245b49aad65e925

                                                                                                                                      SHA512

                                                                                                                                      5f648d6e3c950eca66655b466b81ffeaf626d639ad99678934e5bd75e677ab76ca83b3846e5b0755936b95fc9d67620b99f7e689c4d34fc1cbfc8c52257d967b

                                                                                                                                    • memory/2404-473-0x00007FFF04880000-0x00007FFF05342000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      10.8MB

                                                                                                                                    • memory/2404-14-0x00007FFF04880000-0x00007FFF05342000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      10.8MB

                                                                                                                                    • memory/2404-1765-0x00007FFF04880000-0x00007FFF05342000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      10.8MB

                                                                                                                                    • memory/3316-1900-0x00007FF691950000-0x00007FF691A48000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      992KB

                                                                                                                                    • memory/3316-1901-0x00007FFF19C70000-0x00007FFF19CA4000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      208KB

                                                                                                                                    • memory/3316-1903-0x00007FFF03E00000-0x00007FFF04EB0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      16.7MB

                                                                                                                                    • memory/3316-1902-0x00007FFF050E0000-0x00007FFF05396000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      2.7MB

                                                                                                                                    • memory/3668-1209-0x00000000006A0000-0x00000000006DC000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      240KB

                                                                                                                                    • memory/4836-1-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      48KB

                                                                                                                                    • memory/4836-0-0x00007FFF04883000-0x00007FFF04885000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      8KB