Analysis

  • max time kernel
    269s
  • max time network
    282s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2024, 22:30

General

  • Target

    Stix Free Utility V1.bat

  • Size

    131KB

  • MD5

    d462b3ca2cd9939e1fb3c07eeb274908

  • SHA1

    47647a8243481ecb25906b14b332a8cb49c83b8f

  • SHA256

    f00fd97e7fd408ae62cf810d15765743072f43ab8d2a09a1f098626fa4a044c2

  • SHA512

    aeb879aedbb051af4c614d9cccd6dd646dc05d817af7a73a5969b35f1eb0671dc44c8df60fdcc9776bd6c91a5a20f09834f6c32d53f18078f6423089a95553d1

  • SSDEEP

    768:aaX9bjzKBWQq+jAcTtGiZQVr6r6Pk6PUXfCV1nFLPqoCR0CQxwyUh1ZIA:aa9zzQHdCbF6uxwt

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Stix Free Utility V1.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Windows\system32\chcp.com
      chcp 65001
      2⤵
        PID:1716
      • C:\Windows\system32\fltMC.exe
        fltmc
        2⤵
          PID:1436
        • C:\Windows\system32\cscript.exe
          cscript //nologo "C:\temp\popup.vbs"
          2⤵
            PID:2324
          • C:\Windows\system32\reg.exe
            Reg.exe ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
            2⤵
            • UAC bypass
            PID:4320
          • C:\Windows\system32\reg.exe
            Reg.exe add "HKCU\CONSOLE" /v "VirtualTerminalLevel" /t REG_DWORD /d "1" /f
            2⤵
              PID:996
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              powershell -Command "Checkpoint-Computer -Description 'Stix Free Utility Restore Point' -RestorePointType 'MODIFY_SETTINGS'"
              2⤵
              • Command and Scripting Interpreter: PowerShell
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:3012
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x344 0x308
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1136
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4840
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe"
            1⤵
            • Enumerates system info in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:908
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0486cc40,0x7ffc0486cc4c,0x7ffc0486cc58
              2⤵
                PID:4176
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
                2⤵
                  PID:2516
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
                  2⤵
                    PID:4352
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:8
                    2⤵
                      PID:4396
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
                      2⤵
                        PID:3972
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
                        2⤵
                          PID:996
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
                          2⤵
                            PID:3944
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:8
                            2⤵
                              PID:4940
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3748,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3712 /prefetch:8
                              2⤵
                                PID:1228
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4488,i,10789433011000472215,515190596778643150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:1
                                2⤵
                                  PID:6748
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe"
                                1⤵
                                • Suspicious use of WriteProcessMemory
                                PID:5092
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                                  2⤵
                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                  • Checks processor information in registry
                                  • Modifies registry class
                                  • NTFS ADS
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  • Suspicious use of WriteProcessMemory
                                  PID:2616
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d001019f-2233-4f32-81f3-b880a2beb42c} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" gpu
                                    3⤵
                                      PID:1032
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08dfba3f-6701-447b-954a-08ecafa0f838} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" socket
                                      3⤵
                                        PID:876
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 3164 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ed81f6-2332-4ee2-bbc8-a9f480191d48} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                        3⤵
                                          PID:5140
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4384 -childID 2 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd5426f-b7d4-4f57-9960-e970b5941c33} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                          3⤵
                                            PID:5568
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5056 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0311871-d62d-4c01-a159-61bf8fa68352} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" utility
                                            3⤵
                                            • Checks processor information in registry
                                            PID:6444
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 5064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90245b23-0f3e-4359-ba18-645f3413a52e} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                            3⤵
                                              PID:6460
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {848fddc9-7129-4894-908d-98ba8bd7ca85} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                              3⤵
                                                PID:6476
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5788 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9db7d41f-7d48-4567-9d50-cae7448f7e6b} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                                3⤵
                                                  PID:5972
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1664 -childID 6 -isForBrowser -prefsHandle 5596 -prefMapHandle 5724 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fef590c8-ee72-4dfb-b491-3dc29b0ccf0f} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                                  3⤵
                                                    PID:6168
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3936 -childID 7 -isForBrowser -prefsHandle 5708 -prefMapHandle 4960 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72ef3e1e-54ad-40e3-bcea-590111ef5fc3} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                                    3⤵
                                                      PID:6836
                                                    • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                      "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:6252
                                                    • C:\Users\Admin\Downloads\winrar-x64-701(1).exe
                                                      "C:\Users\Admin\Downloads\winrar-x64-701(1).exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:7096
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7172 -childID 8 -isForBrowser -prefsHandle 7200 -prefMapHandle 7196 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad759111-6015-4ad2-b05d-fb499f1e213c} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                                      3⤵
                                                        PID:2564
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7360 -childID 9 -isForBrowser -prefsHandle 7216 -prefMapHandle 6136 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45e9f9d7-c478-4461-93cb-10b70c9ab84a} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" tab
                                                        3⤵
                                                          PID:4228
                                                        • C:\Users\Admin\Downloads\winrar-x64-710b1.exe
                                                          "C:\Users\Admin\Downloads\winrar-x64-710b1.exe"
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:5748
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                      1⤵
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:2400
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                        2⤵
                                                        • Checks processor information in registry
                                                        PID:2824
                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                      1⤵
                                                        PID:2576
                                                      • C:\Windows\system32\werfault.exe
                                                        werfault.exe /h /shared Global\cf4094bf95174d94951d1953b87f9476 /t 3400 /p 6252
                                                        1⤵
                                                          PID:6980

                                                        Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                192B

                                                                MD5

                                                                e8291148cdfffbabb42b96a3955b41bf

                                                                SHA1

                                                                6a42ba47da37e6446f34da8a64cc6f4f17e9ca3e

                                                                SHA256

                                                                bd45df8511b82f4ce0d9cade96ed07c55af2b6f5c7f23b9f2f452b65afeab78f

                                                                SHA512

                                                                7eacbeb030f9d155157ac57d308eca914c80bbe6dcac8911e7b36e344a33b9c3006f5ec3e9171a249728a5897391f792406b4baf36ed46b83fe75b9829387026

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                86e9f7dddfb6ed61619f705c6cf965ef

                                                                SHA1

                                                                1500b56a8ca950e56ba4612388e74cdf74f94837

                                                                SHA256

                                                                5858c93b38f7f710c4adffb0df367cbce70543f404726aceaf79d90f462daa23

                                                                SHA512

                                                                d3c81c8bca2716b86d88de743cc0006ef4afa47556e8dd63cd43c99f06a4c9c0ca49b7993e1e2ec3007447372f9cbe1c01124a26b5db40b1a2fd2da98c43a53c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                36792b98c489c31d0220f1090bcae0ec

                                                                SHA1

                                                                3113d11694c67574c73a9e8c1a8d5fde8b3ed637

                                                                SHA256

                                                                03dabcd21a79fe8c49b3863671816050290398512dd2d0995018d4aa61302501

                                                                SHA512

                                                                fecaf1858492b142a2f25faf0fd9eb8b9ebf80465f8603db55e89aeae570e91fd14fbbbebe1b3711f6edf8f0005afd91efeb5fd48df6e0f05c5fe019cac879ba

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                9e7e5edf1b1d2b5aff1175f14203809c

                                                                SHA1

                                                                3da0408331725bec1302032399a0049f82f5611f

                                                                SHA256

                                                                abc29f1c896460aacdba79a002bdf7bdbf3965e992dca1547d4472f1c36a3940

                                                                SHA512

                                                                545e7c650a7787e104fb346e76ebb2939c7cfc7f933c3c3fe7b35729802354cd23e0a341278e5ed325bf3c28bae3b2f8d6afb8edfa6168a4e87712edccd8ea81

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                116KB

                                                                MD5

                                                                c402a7078117b7c84f08b729c0401f42

                                                                SHA1

                                                                29c53fab838645399e472815e4c3c28dd6e5199d

                                                                SHA256

                                                                2203cf8e069f496acd439ae28f8a323885899d561b54ab6c7a21b241a4b30d98

                                                                SHA512

                                                                8db9ddce48b9efdbe9497ae072be4972bef1df0b04577cb391da774d67c89742749509c5676118c7613cb7d349411e50645ccb1d6e9b4fbaf96c0d8282915c95

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                116KB

                                                                MD5

                                                                3b18d83375d8e6e1a70a88a0120c2c28

                                                                SHA1

                                                                7c94ef93e2c69a9ba9f3a351f1273c4c62a4aa34

                                                                SHA256

                                                                b48b9b15d14155947f96928c2fcffe5988682395565b74ad1ab41c41e0bc859f

                                                                SHA512

                                                                f9e5fce2d1d6b803fc9b5e301c1387893afd297ac3f23db079893cc1d83ff5bd85f6d7ea49ccbcf43a52e7b4aa6b41d75a2b85baf5a1f243badc88b353ace5d4

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                Filesize

                                                                264KB

                                                                MD5

                                                                a773655eefb7acfc239a1d904dc9f444

                                                                SHA1

                                                                2797d95fcbff094df59eb7aef729eff2c1db2539

                                                                SHA256

                                                                0b4071f0a515ca27a5b8b65273e49ae00619ed5a421f7b2667dea272b88879bf

                                                                SHA512

                                                                85b185282a66254b722bfedf3a8f1bf28f54d2e73a6745aaddb97f60207c4a930e9b41831c396bf3bb68fe319b5c7358ccf987fff8a949a834e496c0100a3d5d

                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json.tmp

                                                                Filesize

                                                                19KB

                                                                MD5

                                                                90ad8548967e2f3779a6506b174b8d3f

                                                                SHA1

                                                                15e86c178590733518cf07b7783fab6da1c0d565

                                                                SHA256

                                                                7c01f4a2aa9cad3078b74449b241a3660acd0c515458b850729b416cdac268f9

                                                                SHA512

                                                                9396163edd9a4d587ea3ca713b0a1ca4ea1ed0b89da2b47b35126fba4de9d42e63a1ddeadbdb96a813074affcff336545b047cd4bb8b68709e9f3ba81c4aa617

                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\49829F218B1B7DDF88CD36607FD0B8F5540550E0

                                                                Filesize

                                                                165KB

                                                                MD5

                                                                85d03dfe7933b8426cace839299d819e

                                                                SHA1

                                                                24e64170e5728737c130ea93da13cb28e86105ed

                                                                SHA256

                                                                2969315adc1357a511e3c1d1c4151fedd2cb4dbbadd10a715f1d943e93ce56aa

                                                                SHA512

                                                                6b411fc400fb5fd09e8a2af22fc011246845edf9c50d4bc7aad9792dd7d7cd8818fa20196e7e580ba32961d982ebe49ec9f3538a766c252e36da62be6454b8d0

                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\startupCache\webext.sc.lz4

                                                                Filesize

                                                                107KB

                                                                MD5

                                                                6315aabb6c0dba0b90b68871f230232f

                                                                SHA1

                                                                af8a457452cfc5262b771a3c47b64d8e66286197

                                                                SHA256

                                                                81e360a9bc4dcb8b027698bed7cbc6680315ab0dc33328e5e16312fcc8a311e7

                                                                SHA512

                                                                8451ef00b142ae6a6aea4504831e3570015acb84df1e9753c1a094789b9fe60b0960334fd81743c923b4c6991b6b2767adae4e0285f1f941188c8deacd0ba32c

                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bt3b1rrd.hu2.ps1

                                                                Filesize

                                                                60B

                                                                MD5

                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                SHA1

                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                SHA256

                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                SHA512

                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                Filesize

                                                                479KB

                                                                MD5

                                                                09372174e83dbbf696ee732fd2e875bb

                                                                SHA1

                                                                ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                SHA256

                                                                c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                SHA512

                                                                b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                Filesize

                                                                13.8MB

                                                                MD5

                                                                0a8747a2ac9ac08ae9508f36c6d75692

                                                                SHA1

                                                                b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                SHA256

                                                                32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                SHA512

                                                                59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                                                Filesize

                                                                13KB

                                                                MD5

                                                                20392de290d2940819806f31c5e3d360

                                                                SHA1

                                                                dace5be1b873ecc691992644cda1cdc6026c6bc7

                                                                SHA256

                                                                9dfade36fbcef796bbc03d7dbc77c318884fb8cd54d73e2727e833aae0efbd2b

                                                                SHA512

                                                                a4847313b35565ea3df6801d21e75a8c5c5829396c01bcc754282af7bbd97a2ae22ef30fe9a67c63c0665b5f01b70d0a3d974552d6fbad5beead48f4628b6c9e

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                                                Filesize

                                                                18KB

                                                                MD5

                                                                3f3408f42f8dc4f66c0c8d4a92d17ce1

                                                                SHA1

                                                                b29a8ff9876d1cca4d014b1bababc2043b0605ae

                                                                SHA256

                                                                c89b69bb8e0ae39aecd273eb080ba5b92dbf1805593420deb72255c40e41eb33

                                                                SHA512

                                                                fb8e553f80393c00736d209ef3d9ab98c417b3b35da505b93b59a1076b7d3a66609d80f95558813bccd3f5cc6f91fa2faa5cedc3fd5aadb39528efe897238614

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                373735a8cbb3ce9f16d3600338c393d3

                                                                SHA1

                                                                600c0b00743e150c35e74ca9bc0137f16c452e18

                                                                SHA256

                                                                3f4f399578c16faca1404d1b9d04a972ce5feefd1dcdc3b5d764288bca62ad0f

                                                                SHA512

                                                                4937658a8c2bdb9ecfb4cc8f20f5c65f760114bd515512d555f61c6461ce0ff1d97c49251007a2e47d083f52b0691829b3057927acb8ce9af413d7facc1cf806

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                9391bdfcbc78003392d2d1fb50664aa7

                                                                SHA1

                                                                210d5906d4c907b063a54f56768210cab28a9877

                                                                SHA256

                                                                e83e659589d93a0018f5b92f532fec3e8187d95a888e341cc78310b565b00f82

                                                                SHA512

                                                                f1d581826e6fce2a8970889cf617ba63e4630f34088c91d1e0b8074e3211e28741363817af718390e307979e568392e5ea2ebe951b59c972f2eb3b2b6496e839

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                5e7cc1f3da598255ecb57c5a5743cab9

                                                                SHA1

                                                                6e24a9974024eb5b40ae741d5dff17ab8bf913d9

                                                                SHA256

                                                                3a678597aafb748c1270b54869fd3f6fbf91535a704aee9866a4c058f84e6ce4

                                                                SHA512

                                                                31e7a4eaaa877fa719a888a7b7cf648829374197b49d3b13987216f1771352102da62336cdeb93a5b7c14322333cdb4a1dcd38228d48be123f690c70644de86b

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                5366b08f51a585c18a48482d1d8a3601

                                                                SHA1

                                                                218fda5f41ae4b2829847a0cd3885423ba7aae28

                                                                SHA256

                                                                2c4fbcb6cc1a5292f8568df838827df9763472ca0321e1059c66f3058c295dcf

                                                                SHA512

                                                                c64737bb3d57c5b29b01a62550a97b33185fbd07e112513a99809ccd15fd919330d4e7dfc8dfd07bb97be23142917f2694c030bbca5c655ba11b4b261719377e

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                25762617124247a81aa936453dff0567

                                                                SHA1

                                                                b21a45ec39480a3f4d80076aefe1c7b20a197d99

                                                                SHA256

                                                                650d26a323e4d93f84714f6529f16b62439792ff9193163c76f9e7e358ae100b

                                                                SHA512

                                                                982f1f34ec74bf3ee8194429e47418bdaf17ca813c7b3574c94994415ea35c3f312e4971d8d019e0580c9b7a2a53531665845446d199fce231fc8c3bb0c6c03f

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                2c521d9b07050c8d79550c2a70083aed

                                                                SHA1

                                                                f80d389d46e3c5a272bb8c7bf19fa819f365a467

                                                                SHA256

                                                                8d12c1f17035f220ed42f0fbebf363eb45c5c585f180ba9da89f7c16d37c934c

                                                                SHA512

                                                                3a392179c47e7f69a6d634d39274851526b78cff75597f60c8fdc02ad30dec510357ee79963d4db4d836add8786854d03eb5b81ab2c1f022d93caaab66904970

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                c0e8e2e09df0bced67b6253200a77834

                                                                SHA1

                                                                b5f676e4bfeac6424d36a086980402c3ce17e620

                                                                SHA256

                                                                e4c21a1c6d309b7202e20f1f4dadf33f20c5346b729dedbeaef8c7a9256660f7

                                                                SHA512

                                                                4932a48ca4f071c862e392226f7ecf73fc74611dbc240c003dce23169632616e222ab4c7176cd094d1d460894c47b876101efdc68bf51180abbf5e94bd5870d0

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\79e8d4c2-b5a7-4a54-9dd7-623caabb9357

                                                                Filesize

                                                                982B

                                                                MD5

                                                                3b31eb32533367bcf9a560e980d22820

                                                                SHA1

                                                                150fc3b600dffd41620af39b9da606bd7e888a53

                                                                SHA256

                                                                a72c2620142bcf08ea49c014b13fba0e389b2720b6a9b4b1ad774d4806c11a84

                                                                SHA512

                                                                f920ffe5ae6ae945b0134465c0ae416eace42669a07e6dfad400f9683e0406195934d73884ebdb05634c4734126f5183c5eacb41e3c10174793852c10071b6e6

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\c953f711-22f5-4af7-aa2e-bcc0bae30eca

                                                                Filesize

                                                                671B

                                                                MD5

                                                                1bd4ae70f7f105a3712750e8cc52f1bb

                                                                SHA1

                                                                089b8967606aeaf54793cefdbd14e3deee87c45b

                                                                SHA256

                                                                f50440caf3013ccab296ae793b6abfa83ed1cd75f4e1a4247e270a76080acecb

                                                                SHA512

                                                                4033653cec51f0edff8b92b3c3b8efefed3005dcb572ad7fcef0e35cd7e4e659980139b8dc61cfb69025f63da3a181f2a871dfbc59176dbd26504308bb41521d

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\ee129de0-36b5-4bd3-97c4-f87fa2f9d2e5

                                                                Filesize

                                                                27KB

                                                                MD5

                                                                5091c89a705f2b86ed29c3ea7f4de355

                                                                SHA1

                                                                8584630226edeee04fcc642e96eb0daf6f7a5180

                                                                SHA256

                                                                ace8b6f435a481e47e72881817ef7d9ff771a49c01918196dbfa37dde6e4296d

                                                                SHA512

                                                                89f9e8df572d8d80907edaed55a9bf382a6983d77d7800c97c4cb9871deacfa46ed7b3388a36aad5ce639617fc4ee1aaf75faea77b98988e5d87b93a26572a38

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                842039753bf41fa5e11b3a1383061a87

                                                                SHA1

                                                                3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                SHA256

                                                                d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                SHA512

                                                                d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                Filesize

                                                                116B

                                                                MD5

                                                                2a461e9eb87fd1955cea740a3444ee7a

                                                                SHA1

                                                                b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                SHA256

                                                                4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                SHA512

                                                                34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                Filesize

                                                                372B

                                                                MD5

                                                                bf957ad58b55f64219ab3f793e374316

                                                                SHA1

                                                                a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                SHA256

                                                                bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                SHA512

                                                                79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                Filesize

                                                                17.8MB

                                                                MD5

                                                                daf7ef3acccab478aaa7d6dc1c60f865

                                                                SHA1

                                                                f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                SHA256

                                                                bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                SHA512

                                                                5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                0bd7592e0c6e28542ade3ffc063509a2

                                                                SHA1

                                                                c3afeb16a99063e5efb1085d2d83df739008ef6f

                                                                SHA256

                                                                6bc0b736a5c8124c978100850c7c5a1612c5ac95723c9632e1fac30c40b3ee6e

                                                                SHA512

                                                                da8e76e5b0c13d03f828cbcc7db7c23e268464459315881729437ffdf49e6e9f1139d8802215b1ae5bb8461b2ca670f91b9c26e5fc5fa8c776b363d2a00dfc3b

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                3c25835236866b13500bc16f3e74f85b

                                                                SHA1

                                                                a07e31e7b7298fe9d7ba2a3ef52693e7cec3b7dc

                                                                SHA256

                                                                0f1c470e148010a5149dd7952146beb636254489ddf35404efe1173a3a7b1699

                                                                SHA512

                                                                e1e04310bfe935b5c320dcd32312b0128c8d1c03edb6d3296b387fa172336614b935361d5531de7d4faac2374d69a6bd30bbb163324db7a257e0ff6d8234c563

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                449a752ecfdc2009fd92e9348847fdec

                                                                SHA1

                                                                61952d2d0895c4acb0125b7720de00f0a2f090f2

                                                                SHA256

                                                                515cdae2fd0f7a7383cc240b08fb59166ebd074f4fcb9ac3565125f8d5b5b587

                                                                SHA512

                                                                56ddb59f8757ae347dc46fbf04e4adfa931fa2f1cdc456191f53223d636c159b1038dc663753c6d958f2af7a9c515c570ee3561653492fd27c8904bd67b51fa4

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                cfebc229d03ce5a600a5ad09a807cbb2

                                                                SHA1

                                                                9967325df8c12869f907344f1f38289a48dd9699

                                                                SHA256

                                                                d1252a82005eca6ad399168ff131cca5c7425d0a948c217f7d142558e0062328

                                                                SHA512

                                                                8693f19cc6c25c06022febda0bcb476fc23c78be1972defd367cf75da852208cc91f36526553eda4b9638d7e373de25bd224a04384e0355100651ad5f181c743

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                b060e2ef5c83cfa00958539461386e92

                                                                SHA1

                                                                eb23d3acc81e39178eb9694413cb3e44c4965d02

                                                                SHA256

                                                                6bb15a996ac8917fd8b97c400c1b7401920b03d7f1628690981942e1b5448976

                                                                SHA512

                                                                7668834d69beef50f7d362c27781f613b5ffcf177d654d2341cfeec2fd82289dcfa7c07cfaa3459b6221907cdad9bf2d0cf3ab4abc26741d011112e66a98801a

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                a9daec4a7ab98dcbf5a3116cb70c4225

                                                                SHA1

                                                                652da81fad1f63796c09182e946ad632fc704ef7

                                                                SHA256

                                                                1d548504247c546d24275409114c06dd34eecdbced84360a57729288722b6d49

                                                                SHA512

                                                                22e31571e82d118b5b980211e09d58db293b11a8261451b2bb2878a9201d3b702428e2430034b594c15bfb7f697bd6f2cdb808c48704f5ae3cb0b7b2007115fb

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                d86bdcb7dd97865191564a558ff813e4

                                                                SHA1

                                                                4d593b0a149739dce2cfa54ab9334fe014271251

                                                                SHA256

                                                                cc1bf68cd85c9e23a020604162a778a385ec055edc1a902ba6b8d2db25daa07c

                                                                SHA512

                                                                b2aaa085f34513a30fbbce4c9e49e45067909ca001cfbcd65373f890005121f83099450cde06723f0b95d49970780bd386170c6e8249b66fb67a086234191cd0

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                3e02c2c69a3c751db86bed25db5e8704

                                                                SHA1

                                                                ed65cddadb2621059ac86c431cb0eebc2cb2da1d

                                                                SHA256

                                                                d0fc123a4a2f31a05b3db772f321aa02f6ff092a87455a9bff46fce720cba650

                                                                SHA512

                                                                9001cae1ffc862e73db7ecfeab694d266477f38cb4be90a937db77ce7b83f3da7b9a722f7eb6459f998c8b18254d766f42f5816b0a5dfebd55c3b3f08f179367

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                2744a373c77b2da736e27a85520c7ee1

                                                                SHA1

                                                                a7812b6821f4319779e89aeae1053e335c3d7c3f

                                                                SHA256

                                                                dd0cbecd2974da2025a08ba4a7c0168e8c04fcfe004bc3e325ece9de36bc3c18

                                                                SHA512

                                                                0c7dd4c0d24c16a5a00925897f4281f5fe2bf7fcb2a098ca6b6e54c0788ac06c2a7d42168517d5adb11f865e0d07fd2c6af6e098ab4efa08eef5f0f380a4d54b

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                f3ea7074a2e86d53c92af270210bfeb9

                                                                SHA1

                                                                1aca6344352db5f563beb647db23efad52da34d4

                                                                SHA256

                                                                13b564a9fe0f63c677883bca42f32246770e20dd361e6468afb073daac1877da

                                                                SHA512

                                                                00ec62054387cf2d39e25aa2c19de5406a00e5feaeff7630a38ed422f76fe886332171deea54bd8ba80c98789c3abe44fdc904540d456742a52cb3b4873d3898

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                dd6dadd16551b228f17d10246ef63f41

                                                                SHA1

                                                                4591ea9440cceb76c9d981a526270aa0c1416b8b

                                                                SHA256

                                                                7eca9b9148ef5554cfe8aa532151abe88fd2ea9de17b64d940495fe0d79261b7

                                                                SHA512

                                                                76b13b75375ae86b5a8745f4a6d6fce52e2451a0a761346fa0a05fd330cba2380f70dc848e8bbacc0813903c031dccf0c79f6b3401b65f7413d00e3d6f620ead

                                                              • C:\Users\Admin\Downloads\winrar-x64-701(1).exe:Zone.Identifier

                                                                Filesize

                                                                167B

                                                                MD5

                                                                b4397fd9120f8b57b58e8fb76b10c2df

                                                                SHA1

                                                                591f19a1cd61d56f0448148cdb276b15aeaa0ba8

                                                                SHA256

                                                                f21d922c177d3ed923db12c9fd6e0cd83f7f4ffa9447653afd60d5c203bd82e0

                                                                SHA512

                                                                1fded971f2ff01ec4ff6a21a78736b4148503d50b23aca6d147cf5f6e43ab63cf3ec1c5e496d2feec3b1809ceabc2379ad779a3aca9104d58bc5964af797bcce

                                                              • C:\Users\Admin\Downloads\winrar-x64-701.cFodxgco.exe.part

                                                                Filesize

                                                                3.8MB

                                                                MD5

                                                                46c17c999744470b689331f41eab7df1

                                                                SHA1

                                                                b8a63127df6a87d333061c622220d6d70ed80f7c

                                                                SHA256

                                                                c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

                                                                SHA512

                                                                4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

                                                              • C:\Users\Admin\Downloads\winrar-x64-710b1.exe

                                                                Filesize

                                                                3.6MB

                                                                MD5

                                                                f44faefccade073a278594fe03a23b37

                                                                SHA1

                                                                b853306db8e7f6569b27d1323c366fbc3ac06c43

                                                                SHA256

                                                                e1f40f00f7a9d1b1f32a4359ee76a2815c2f2083c05db833ad4a54b0526a0682

                                                                SHA512

                                                                635c9341c92019c890ab920c91699a8fdf0e627293885592b8f514ddb4a70b817ec4a2543b0109843855aeb4719983dce267c13c5c410643531851d7ad7c60cc

                                                              • memory/3012-15-0x00007FFC03D10000-0x00007FFC047D1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/3012-1-0x00007FFC03D13000-0x00007FFC03D15000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/3012-12-0x00007FFC03D10000-0x00007FFC047D1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/3012-11-0x000001F875210000-0x000001F875232000-memory.dmp

                                                                Filesize

                                                                136KB