Overview

overview

10

Static

static

3

84b2e6cf11...3a.exe

windows7-x64

10

84b2e6cf11...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84b2e6cf11972bbf1185a1370463ef3869b3713159bf2f962855a22a1ec02d3a.exe

  • Size

    1.7MB

  • MD5

    fbcbfc1412235ca533582801d3bf384a

  • SHA1

    057024127ed717976cd329ef4b441769e3cdb4a9

  • SHA256

    84b2e6cf11972bbf1185a1370463ef3869b3713159bf2f962855a22a1ec02d3a

  • SHA512

    281cf5d7e995e30c87cd40f6db04cfda3d7789b17802515ab3d680bc8e648ce787f82dd02d5a8720bcc821890b58ae84ae2204405ffe0d3d48db6b3c85792728

  • SSDEEP

    24576:uhl56JlSpDWm4xUsUhK0KnQBwEkydzLxgOjNEQ/FtK9Tk09mOmIt7fsJ1FNBTI2z:Gl59lW/kK0qQBNg4NE+OeW6IZw/o

Score
10/10
amadeycryptbotstealc9c9aa5marscredential_accessdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Detects CryptBot payload 1 IoCs

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 9 IoCs
    evasion
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 13 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 18 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 11 IoCs
  • Identifies Wine through registry keys 2 TTPs 9 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 4 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\84b2e6cf11972bbf1185a1370463ef3869b3713159bf2f962855a22a1ec02d3a.exe
    "C:\Users\Admin\AppData\Local\Temp\84b2e6cf11972bbf1185a1370463ef3869b3713159bf2f962855a22a1ec02d3a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
      2⤵
      • Uses browser remote debugging
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3396
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6f3bcc40,0x7ffc6f3bcc4c,0x7ffc6f3bcc58
        3⤵
          PID:4552
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
          3⤵
            PID:2256
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
            3⤵
              PID:1996
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2464 /prefetch:8
              3⤵
                PID:3320
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4520
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3356,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:812
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:5028
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                3⤵
                  PID:4508
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,10778557087717496857,3407828038136432355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
                  3⤵
                    PID:3124
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                  2⤵
                  • Uses browser remote debugging
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  PID:4428
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f3c46f8,0x7ffc6f3c4708,0x7ffc6f3c4718
                    3⤵
                    • Checks processor information in registry
                    • Enumerates system info in registry
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2692
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
                    3⤵
                      PID:1264
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1048
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
                      3⤵
                        PID:4632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                        3⤵
                        • Uses browser remote debugging
                        PID:496
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                        3⤵
                        • Uses browser remote debugging
                        PID:1656
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                        3⤵
                        • Uses browser remote debugging
                        PID:5024
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,2099036831332960409,13967060880563554577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
                        3⤵
                        • Uses browser remote debugging
                        PID:4768
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsHIDAFHDHCB.exe"
                      2⤵
                      • System Location Discovery: System Language Discovery
                      PID:896
                      • C:\Users\Admin\DocumentsHIDAFHDHCB.exe
                        "C:\Users\Admin\DocumentsHIDAFHDHCB.exe"
                        3⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Drops file in Windows directory
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of FindShellTrayWindow
                        PID:440
                        • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                          "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
                          4⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Adds Run key to start application
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4356
                          • C:\Users\Admin\AppData\Local\Temp\1007935001\7e7dc5b408.exe
                            "C:\Users\Admin\AppData\Local\Temp\1007935001\7e7dc5b408.exe"
                            5⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Checks computer location settings
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • System Location Discovery: System Language Discovery
                            • Checks processor information in registry
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3244
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                              6⤵
                              • Uses browser remote debugging
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2240
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc8301cc40,0x7ffc8301cc4c,0x7ffc8301cc58
                                7⤵
                                  PID:3980
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:2
                                  7⤵
                                    PID:5876
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2356 /prefetch:3
                                    7⤵
                                      PID:5892
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1852,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2580 /prefetch:8
                                      7⤵
                                        PID:5900
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
                                        7⤵
                                        • Uses browser remote debugging
                                        PID:6136
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
                                        7⤵
                                        • Uses browser remote debugging
                                        PID:4836
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,15956276724764456606,8521187433487573478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
                                        7⤵
                                        • Uses browser remote debugging
                                        PID:3592
                                    • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                      "C:\Users\Admin\AppData\Local\Temp\service123.exe"
                                      6⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:4648
                                    • C:\Windows\SysWOW64\schtasks.exe
                                      "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\Admin\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Scheduled Task/Job: Scheduled Task
                                      PID:5300
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 1292
                                      6⤵
                                      • Program crash
                                      PID:2460
                                  • C:\Users\Admin\AppData\Local\Temp\1007936001\366de2ed8f.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1007936001\366de2ed8f.exe"
                                    5⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3512
                                  • C:\Users\Admin\AppData\Local\Temp\1007937001\3de10ad99f.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1007937001\3de10ad99f.exe"
                                    5⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:456
                                  • C:\Users\Admin\AppData\Local\Temp\1007938001\8a61fa3d4c.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1007938001\8a61fa3d4c.exe"
                                    5⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:3396
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM firefox.exe /T
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:448
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM chrome.exe /T
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2524
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM msedge.exe /T
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5056
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM opera.exe /T
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2404
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM brave.exe /T
                                      6⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4660
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                      6⤵
                                        PID:1476
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                          7⤵
                                          • Checks processor information in registry
                                          • Modifies registry class
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          • Suspicious use of SetWindowsHookEx
                                          PID:1876
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f27677b2-013a-4d22-9232-d2a1f58b5671} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" gpu
                                            8⤵
                                              PID:3688
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {053deeb9-2727-4287-8a64-e2590eb873b6} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" socket
                                              8⤵
                                                PID:3740
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3316 -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccdce652-cd97-4e03-b5dc-d7fc4df52250} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
                                                8⤵
                                                  PID:1416
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -childID 2 -isForBrowser -prefsHandle 3152 -prefMapHandle 3256 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd40a05e-26bb-441d-be33-543937ff061f} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
                                                  8⤵
                                                    PID:4852
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4416 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4460 -prefMapHandle 4376 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6faae715-1209-4bd0-b452-7b59cda81f4d} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" utility
                                                    8⤵
                                                    • Checks processor information in registry
                                                    PID:5276
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -childID 3 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba0dbbcb-6c01-4ef4-9c6e-a614cd3d66ab} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
                                                    8⤵
                                                      PID:5044
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5616 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5687c53-983e-4655-9b72-b619f4a069d4} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
                                                      8⤵
                                                        PID:3488
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8e90f33-eed1-4fad-9edb-ba767975782a} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
                                                        8⤵
                                                          PID:1348
                                                  • C:\Users\Admin\AppData\Local\Temp\1007939001\7f209a38a0.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\1007939001\7f209a38a0.exe"
                                                    5⤵
                                                    • Modifies Windows Defender Real-time Protection settings
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Windows security modification
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4928
                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                            1⤵
                                              PID:3852
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                              1⤵
                                                PID:932
                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                1⤵
                                                  PID:5196
                                                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                  1⤵
                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                  • Checks BIOS information in registry
                                                  • Executes dropped EXE
                                                  • Identifies Wine through registry keys
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1752
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3244 -ip 3244
                                                  1⤵
                                                    PID:3776
                                                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                    C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                    1⤵
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1432
                                                  • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                                    C:\Users\Admin\AppData\Local\Temp\/service123.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:4288

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Reconnaissance

                                                  Resource Development

                                                  Initial Access

                                                  Execution

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Scheduled Task

                                                  1
                                                  T1053.005

                                                  Persistence

                                                  Boot or Logon Autostart Execution

                                                  1
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  1
                                                  T1547.001

                                                  Create or Modify System Process

                                                  1
                                                  T1543

                                                  Windows Service

                                                  1
                                                  T1543.003

                                                  Modify Authentication Process

                                                  1
                                                  T1556

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Scheduled Task

                                                  1
                                                  T1053.005

                                                  Privilege Escalation

                                                  Boot or Logon Autostart Execution

                                                  1
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  1
                                                  T1547.001

                                                  Create or Modify System Process

                                                  1
                                                  T1543

                                                  Windows Service

                                                  1
                                                  T1543.003

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Scheduled Task

                                                  1
                                                  T1053.005

                                                  Defense Evasion

                                                  Impair Defenses

                                                  2
                                                  T1562

                                                  Disable or Modify Tools

                                                  2
                                                  T1562.001

                                                  Modify Authentication Process

                                                  1
                                                  T1556

                                                  Modify Registry

                                                  3
                                                  T1112

                                                  Virtualization/Sandbox Evasion

                                                  2
                                                  T1497

                                                  Credential Access

                                                  Credentials from Password Stores

                                                  1
                                                  T1555

                                                  Credentials from Web Browsers

                                                  1
                                                  T1555.003

                                                  Modify Authentication Process

                                                  1
                                                  T1556

                                                  Steal Web Session Cookie

                                                  1
                                                  T1539

                                                  Unsecured Credentials

                                                  4
                                                  T1552

                                                  Credentials In Files

                                                  4
                                                  T1552.001

                                                  Discovery

                                                  Browser Information Discovery

                                                  1
                                                  T1217

                                                  Query Registry

                                                  8
                                                  T1012

                                                  System Information Discovery

                                                  5
                                                  T1082

                                                  System Location Discovery

                                                  1
                                                  T1614

                                                  System Language Discovery

                                                  1
                                                  T1614.001

                                                  Virtualization/Sandbox Evasion

                                                  2
                                                  T1497

                                                  Lateral Movement

                                                  Collection

                                                  Data from Local System

                                                  3
                                                  T1005

                                                  Command and Control

                                                  Exfiltration

                                                  Impact

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\ProgramData\mozglue.dll
                                                    Filesize

                                                    593KB

                                                    MD5

                                                    c8fd9be83bc728cc04beffafc2907fe9

                                                    SHA1

                                                    95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                    SHA256

                                                    ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                    SHA512

                                                    fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                    Download Submit

                                                  • C:\ProgramData\nss3.dll
                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    1cc453cdf74f31e4d913ff9c10acdde2

                                                    SHA1

                                                    6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                    SHA256

                                                    ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                    SHA512

                                                    dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    40B

                                                    MD5

                                                    186ccc6761714f7e88de1fff069b95fb

                                                    SHA1

                                                    c7dec1fff5e2f359cccf94875265f96757865b34

                                                    SHA256

                                                    abb5c7113a03fa5d3a4d6d25007f875d5189c85054252a03a3c9d2cc64a5f59e

                                                    SHA512

                                                    5f346abd0068d56df1bc7236a8f8ae6e0397cd35c7e8a6554f90724bc4936ed6a1f127aef797391d34ab458ba9ff3337bade05334155aae7473e6c463b0499c9

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                    Filesize

                                                    649B

                                                    MD5

                                                    e347ac3b0f36d1164b7db8d992c92ae6

                                                    SHA1

                                                    3740b386fdd8cd63f00c2c0327472bcbbe3aae2f

                                                    SHA256

                                                    9613069630b1f831ad623e2cd8ea22fd436160df80092e57dd3db9ca6c805591

                                                    SHA512

                                                    fababb37379e200625c811de54a81f4dfb0637e0263e58bef7742ae64be6567117a017a5e3c494f8c4cb86eadaa38a124b6cdde593a9fb8075a1b42af69d185a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                    Filesize

                                                    44KB

                                                    MD5

                                                    ed2c2e64f4dea0bd166398a90b6652ce

                                                    SHA1

                                                    e183a0ff6b93d8fbcdb30f99c71b776c13aeeeb8

                                                    SHA256

                                                    fc332dc8c3fbde255d44fe4023bff4e64412db0b9a09a19edf36cf974f49501e

                                                    SHA512

                                                    eda1874d41940f8834b1d26059fbd8d35205f86f2cf8300ff8c800bdc54c11532387495174e31a3b221f11ab9d8a002b0a96b14a9b044f1ff9d27fd0e7677835

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                    Filesize

                                                    264KB

                                                    MD5

                                                    b289d920578f301a6b0a0942d028717a

                                                    SHA1

                                                    6a102c23606fb59a59e36b3a036e7b8b4ba841fd

                                                    SHA256

                                                    28f8df5cfbff8f1a868bf9e7d0cb97e46a3ca2d7c47489ec812cef883af1ba13

                                                    SHA512

                                                    e9fe8202ee434a9e6f44cdc7adc1d939bae604b93cf5bf380d287ddd3697b4fb1eb3eb24283543e106982025957f082b32e60d39a3924e6def768680d66a5b79

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                    Filesize

                                                    4.0MB

                                                    MD5

                                                    746d5bbdec54b6d3f8e13eb96fbe0349

                                                    SHA1

                                                    36818746db3ce5e3737e82e49fe2bd85e88c6481

                                                    SHA256

                                                    3400a2cf06d9a392680dfb49b762bf8edb91690a9e5852b13c0b6c8dea035488

                                                    SHA512

                                                    84a14ba09d1556477e2efa6a3c1cf1db08e72079c59ac4d6d0da16f1a2018fe8cab5ab402005c0044ade540bf207ac7d52f3e7237097ee0312512e3d51b64802

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
                                                    Filesize

                                                    317B

                                                    MD5

                                                    0f24d63e8a2c73e3233ddac7fe7039be

                                                    SHA1

                                                    fda4925acc4d6c513415cf0d7b428b26745c28ea

                                                    SHA256

                                                    928b908bf62cf16ea697ffa3936a902933aa87084c9f4a2a84455c7c8899fc9a

                                                    SHA512

                                                    ae840f6af888def6b30f1f4f6857345e9c6597cd2954ff85d9fb9ab5233a2c0d4fa47ae3658b3f85409f965e23f6f29b9c99ac8a5f4af51e56c191205df21ac2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
                                                    Filesize

                                                    44KB

                                                    MD5

                                                    ebda834a9b5c6afd1a470b136f7ac92a

                                                    SHA1

                                                    0198d2933eb74b16b2c3cc584268d31dd415bb51

                                                    SHA256

                                                    c16e222aa3926be2ccf404980f195cc802444a32efc866263ec56945610a6322

                                                    SHA512

                                                    4f30246165d38205fbcce261da5b72b936ec94c5d1d14b4e0bba49a2c7a8c80590472804ca981eca0be1af6f21e67875596f4f51a5fdb10224e365eaefb58a7d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                    Filesize

                                                    264KB

                                                    MD5

                                                    1142a422489de900cd6dc05f8d4cb178

                                                    SHA1

                                                    a576d30e9de377d41d5f9f8d78cd4fe683d25cb3

                                                    SHA256

                                                    34c77fd469ab44ca2eea941ee813df9fba44d8435e407e288f36eaeb6edb6850

                                                    SHA512

                                                    e02165ca4fda1c1f47be4ae41b19a9f9fe821e0746d5e0384d055dae7c09bcbced29550f50a96f825ac4ffa83a6bd94aef182ea494ca620d477d0188d00bdef8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
                                                    Filesize

                                                    1.0MB

                                                    MD5

                                                    fe993339a25710ebec86c051941d462c

                                                    SHA1

                                                    1a7a578b7a32bbe2102a789c2321090d406838d1

                                                    SHA256

                                                    59ce81d41051a1d16c02906cd586fcdeabbe7ee30ea7b7b1bb0970b981ffa443

                                                    SHA512

                                                    b81201876efadc61a8fb48718abb16f7f458856f2ee676db8b0da36790492ad930585c14ce200e7a9e079b8115b15e20ed95176cbfdc337b3ab732e5fe72bbd2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
                                                    Filesize

                                                    4.0MB

                                                    MD5

                                                    d6b0609c4b6edb45553ff9afbfc95e33

                                                    SHA1

                                                    2697657b75906d3653f48080ec1f3993c07bd8bf

                                                    SHA256

                                                    eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

                                                    SHA512

                                                    db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                    Filesize

                                                    332B

                                                    MD5

                                                    764a3790af4a3be545b2ca4fbef60aed

                                                    SHA1

                                                    763d100b37fbd9bdb39f6c5f9b9b539b5aacc4be

                                                    SHA256

                                                    50dcb97a32fc567b6b5de354e298379e2f866279de2c27b6847d3e7ee14cf55b

                                                    SHA512

                                                    dfb9e26817742f001dd7da65995abd07ee0b9917d4ec2e23b3a8f2b893057237e09a8f949f40ee958891ff1b23cc3f55f419bc3b1ae9e1f4210eb350c8f6bff4

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
                                                    Filesize

                                                    333B

                                                    MD5

                                                    70c929c8f523448c374da159e88f15b4

                                                    SHA1

                                                    25c3d5e526416b7362ab0ce1428644b86bf62265

                                                    SHA256

                                                    08a597d1d63dac9aae15aecdab0475737e37b6954ee63742ee105a2c1d863567

                                                    SHA512

                                                    902298d0bae1050cf74dea368a50c59f83ab761293dbda00c5566bf3dc4f707296cad8cdc31958292091dd7d54440936001d26779549756da6547e7a3d1a1abe

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                    Filesize

                                                    289B

                                                    MD5

                                                    541c42f1c98b3e1b011d22eba854e707

                                                    SHA1

                                                    db30188de1f22e3077e7044be1386a5d0ecaed9d

                                                    SHA256

                                                    0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

                                                    SHA512

                                                    47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
                                                    Filesize

                                                    320B

                                                    MD5

                                                    92fc4d32fa8ceacb29d79f324c38be0b

                                                    SHA1

                                                    871ab2b2c9c50219435593d657f92be913be982d

                                                    SHA256

                                                    2ecd23914bf1562fd1643eae301e261d8874b3772cfca84b196e1ea9291605b1

                                                    SHA512

                                                    f4ad966ac40ef7ec328dd3dc405a25b296315693e206c2a0e60bd78371bd75d45e83320faf7c74abe6a4abca4fe05da032f3ee4f46d8c2547c79e38ebffb0ba2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                    Filesize

                                                    345B

                                                    MD5

                                                    fffd59159b951145e1cfe1b62c5bb536

                                                    SHA1

                                                    9cc357c77c92d5488f7398546de6ebe1b7a53051

                                                    SHA256

                                                    b6a498c65e512ac2659135b51402341bc2b72bf5818238f2ece676bd3814db1d

                                                    SHA512

                                                    a7a7c532a79b348def0325597791f8d360b926b14cbe7173a89fad54073071c3327857a6dbe78c18f8a171d9da040b9d843a6567b9a21f8730745f67113ebcef

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                    Filesize

                                                    321B

                                                    MD5

                                                    cb0f2ba6401999363b98f8534b4a44c4

                                                    SHA1

                                                    27d41bc829746941a79e1f431611fb50405ff99a

                                                    SHA256

                                                    2f6ba391a26f7dee6ce67e96f4f1f1006dfd5e30c284f20de8ca1ea5fe898c61

                                                    SHA512

                                                    a85e4e18fa5438a59bd4c24d94893319e248316bc239876fc4ce7126c1913138893be24cfea6f49bbd11378aaec181f823def841440452b8d1e5c79b7a004c7b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    8f08feb7c00069536e6e806ed9837359

                                                    SHA1

                                                    eedca7cc7695c99d75182dfc451ee20ed45ee43b

                                                    SHA256

                                                    b9fb79259809412d2d1bf4865dbc67de5ef19b988a864f35f22a2195c49d4659

                                                    SHA512

                                                    22685724138ed35e90420dc4f77a015f979e33846882595a693a7f132530f1f51a884bdbae9679f142c7af8c428a6abab19524021219cce327f72bb577c9441f

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f866e157-91fd-4c19-8522-63038c081827.tmp
                                                    Filesize

                                                    1B

                                                    MD5

                                                    5058f1af8388633f609cadb75a75dc9d

                                                    SHA1

                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                    SHA256

                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                    SHA512

                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
                                                    Filesize

                                                    18KB

                                                    MD5

                                                    107a411ef33a1faa1069063d24ae3e87

                                                    SHA1

                                                    dd343f6e487d78c2291a469c0d714c87678a7056

                                                    SHA256

                                                    5b065ef9548418656bbf659353a8ea87e55ff10ee1f7e4607e1a240f02e2cc60

                                                    SHA512

                                                    7d30a8b4759f6dc713c3de3fd9ca8b2f2cb113a53216949ec3c685ec894064d6f8f19230a07895099e82b4740ae6156fab79b3cfef9bd3d7356f700d5c751280

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
                                                    Filesize

                                                    320B

                                                    MD5

                                                    99f6f0eb1d965561b8768330ab8989ac

                                                    SHA1

                                                    736259c946cf1b06473c25ccb51fc67ed7923757

                                                    SHA256

                                                    5087eb6d9a9afe76f203efbd111f8d6eb6e9bfc52475f50ecacbb4dfc40098dd

                                                    SHA512

                                                    38a742373b08ec69e28e4170815add2bd9ca5ec20d019ae1aad8709faac361f95d7a2e4324134cc46945e57d099ed0ea168d58f6c23ffac2cba82fd0bb127447

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    d3785656079be3bdcda97c143e8a0e29

                                                    SHA1

                                                    412d11e2b278636b770a5602282d22d7a709a7d9

                                                    SHA256

                                                    1d860942febc7bc042e41eb1e9757a2b785929353d9fb08950ff7bf7b1edebb6

                                                    SHA512

                                                    fb35ca7d5e1f918083abbe7d8926d31a53b601b33af4869715545e77d882dcadcaec5bce7597488f3986264e7e969da8e32cc47c792aef0fc48af18ed6a60aef

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                    Filesize

                                                    338B

                                                    MD5

                                                    2dfc441a42aab10580a661fb874584f9

                                                    SHA1

                                                    4b83347af6e9c1177202c0b6c1fd6f92df162ad0

                                                    SHA256

                                                    2c6c815054220dbb111d3a678d11cf136ad56851743374ce89736e68ae341322

                                                    SHA512

                                                    6e2342d1110aa0e5497d91d32d7c7aa2b1ca3a83bcda20ad383971ff450d8185eade9a9a31e1ef21e59c899f76ea2ef199c232073dd963513afb11e103fb2d92

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
                                                    Filesize

                                                    44KB

                                                    MD5

                                                    812065a4eaf11cc32e469f41ab077c64

                                                    SHA1

                                                    d81d08b63e3a2928b28772bdc23aea3b025a811c

                                                    SHA256

                                                    19bd308b60a0812c0fbec3f25b076a78b4ad9aa436399d0eb7d32818df9ddfcc

                                                    SHA512

                                                    f10b08b93f3490620b25b81efe62061c7ed2d40cf7aa795e4118d47dc88098384c96f30cf09bf1de4c073a60a83a4c9d2e4801c44827091f941fabc78aa1075c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
                                                    Filesize

                                                    264KB

                                                    MD5

                                                    19c04700200c354f4dbd542902b870a8

                                                    SHA1

                                                    be173d4a37992047c4d99806c52fd58c07a2a5d8

                                                    SHA256

                                                    8495b67e3654c80b65616a82a7e428ce04bfc1c7b3dfaecc0db294e86dc856ab

                                                    SHA512

                                                    909be3206840f65c12aae100c4b3ecd2cf9427cb71a423238afbb99f662806e2da89b44244e52c850b82dd1d0af32838741d32738c75ff680525364c291c59fb

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
                                                    Filesize

                                                    4.0MB

                                                    MD5

                                                    e39f95ae48a87705c07abeae9503e503

                                                    SHA1

                                                    7780349ff35b9620ac9cfbcf777e193c57b12802

                                                    SHA256

                                                    509e3fcd7404238039ff0030133c191fbd2fe48cf8e7295a796b18cc958b2d75

                                                    SHA512

                                                    9e91d63ee8b4812e0c59572cff2b7e88f0f816de5b5a36201ca39c633ef8a019af4f0ec456c545ed4614b82f84e6e16d160337be9fede0b5865a1152d2b7cfeb

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                    Filesize

                                                    14B

                                                    MD5

                                                    ef48733031b712ca7027624fff3ab208

                                                    SHA1

                                                    da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                    SHA256

                                                    c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                    SHA512

                                                    ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                    Filesize

                                                    86B

                                                    MD5

                                                    f732dbed9289177d15e236d0f8f2ddd3

                                                    SHA1

                                                    53f822af51b014bc3d4b575865d9c3ef0e4debde

                                                    SHA256

                                                    2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

                                                    SHA512

                                                    b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    34d2c4f40f47672ecdf6f66fea242f4a

                                                    SHA1

                                                    4bcad62542aeb44cae38a907d8b5a8604115ada2

                                                    SHA256

                                                    b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                                    SHA512

                                                    50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    8749e21d9d0a17dac32d5aa2027f7a75

                                                    SHA1

                                                    a5d555f8b035c7938a4a864e89218c0402ab7cde

                                                    SHA256

                                                    915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                                    SHA512

                                                    c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    1719aa6da462850b23363b8272042595

                                                    SHA1

                                                    ab755fbf510379ac34a9f99641cda01e57eeed02

                                                    SHA256

                                                    91d06166c6b2681b83f22376fa8fc785b7332ab8fc2cb8f4607745c34c5fb6db

                                                    SHA512

                                                    ad1dc083fc0eed9a9deef4fb5c0c103d228e3e5b71f1baa5343ca26ac0ad4cf051ac3e890d0e957bd560502d77945a8f477291a24cfa70f61b574db21fe7840c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json
                                                    Filesize

                                                    18KB

                                                    MD5

                                                    f956a079907340cc66662e410b9e1ebf

                                                    SHA1

                                                    6a3bcb5efd04ad9eed7f4797587e1f345054403c

                                                    SHA256

                                                    c6debc6792752473df7a17c0de507be1bc46cf808160b72e12cf81676263fdc1

                                                    SHA512

                                                    31545c0779bf6142adfc17cad5ed6a2b17dd6546b87745e251afab96d207effd96c32110ab4e5e6953a37e1321eed932efec4d91bd59293b07c875431d405536

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                                                    Filesize

                                                    13KB

                                                    MD5

                                                    af6eb406a471a111940f9058d7e7a625

                                                    SHA1

                                                    c817a6d75ac2f431b5d0aada2f47a3326bc4100a

                                                    SHA256

                                                    f9856c7e5be83ede3d9365b6681463d2b236fd65368b2185bfde93ade84118a2

                                                    SHA512

                                                    60b259835e20467b809f17f27332a966c983df7ca89c5fa4b23b78ba8264be62e873151ecf8f258e5b2dd7ffc84d29bb9fffe09951c5aad9b9dbb46fd37db1b7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\1007935001\7e7dc5b408.exe
                                                    Filesize

                                                    4.2MB

                                                    MD5

                                                    a02a1cb540d8658f640dba74a1ada983

                                                    SHA1

                                                    22cc7cd7bd7a3d13e441e2eff21556267fd63108

                                                    SHA256

                                                    6e71349ff091fa402e51aad05f77f65ee2eea8ec824e5b34f5284b7f11eba1f2

                                                    SHA512

                                                    9316ccc13bd532494ff0e34fb21312fc1f3d532c8deac805a9cfbdf0ac590d610a925edce5c24cec027c11a8e8b62499ef79abd56eeea4867a9198033d7adfd1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\1007936001\366de2ed8f.exe
                                                    Filesize

                                                    1.8MB

                                                    MD5

                                                    743ae689f70257d7a4ee703c6d9ba24b

                                                    SHA1

                                                    9e59fbb68179d85c56bc3a4c6e05d612b9a8436a

                                                    SHA256

                                                    35d8eb1936b64a1baadfdf0e8aad44702346acae6b466217ebc09d4cbf2a69e4

                                                    SHA512

                                                    9be7822139345914743ae4a5bc7c04e840592deeac8727a350c6d388a9e724d82f0c1b8ad96be77c2acbfa6065431450f24ca99bc9c50ad2fccd13fe924c0ff7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\1007937001\3de10ad99f.exe
                                                    Filesize

                                                    1.7MB

                                                    MD5

                                                    215acb5ad199adeadc4c630b59f09d17

                                                    SHA1

                                                    76609d0d3867fa6d84da0958b5c1a954e8643f49

                                                    SHA256

                                                    4596bafc0efc36a8f3ec2574dba1e8ae82e5b6051a2b5cce1605057a20855072

                                                    SHA512

                                                    358b95a6dc92baed9822c95f23fb13196f712ab4c92587a0b13feb35649ee09ecf63b01218cdb436542e0893a824c2b09d61cd1670b879d23fd08c2ce247a850

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\1007938001\8a61fa3d4c.exe
                                                    Filesize

                                                    901KB

                                                    MD5

                                                    ec1c70253b8b244e9a71d54d6b7a917c

                                                    SHA1

                                                    2a4e57c4c91e7d050205ce1cd845d5e8b7b3c197

                                                    SHA256

                                                    75c02ef78aac8f7fb0fc0bca6825df1045e57445d6aeb373f4ad010c22922cce

                                                    SHA512

                                                    0b3a8b8b0b89491f00b3bd9e5a5c086783678780c9e422d5b84d0dec11c7b79c8931d75419579472f86aec35a3156a5ea3219ec2371b1a9b5073a03c9bea8416

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\1007939001\7f209a38a0.exe
                                                    Filesize

                                                    2.7MB

                                                    MD5

                                                    832c9676a2a7c2ad3af65ca7c3cde743

                                                    SHA1

                                                    b773918c7b1880094b9da6153d27c9d718032df7

                                                    SHA256

                                                    0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac

                                                    SHA512

                                                    39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                    Filesize

                                                    479KB

                                                    MD5

                                                    09372174e83dbbf696ee732fd2e875bb

                                                    SHA1

                                                    ba360186ba650a769f9303f48b7200fb5eaccee1

                                                    SHA256

                                                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                    SHA512

                                                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                    Filesize

                                                    13.8MB

                                                    MD5

                                                    0a8747a2ac9ac08ae9508f36c6d75692

                                                    SHA1

                                                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                    SHA256

                                                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                    SHA512

                                                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    390ce3a29e20c9e3464d7fcf5144391c

                                                    SHA1

                                                    9b5aacf946a709c17a4168d2a79692b1f4d7321e

                                                    SHA256

                                                    1944075a0c90e8376f044c9c3f4adc49a949d747a6d0c496c46c2cc24c9528ad

                                                    SHA512

                                                    0bf1682d7cc94f2c2a6546490d69e676b27fb4c60016fef50e11d7220be43cb71bec4b5b6e3f9c93fc6aaa5977f5cbdec04bb0c56a4466efac84ea1175fe8bec

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    00926b863114329e857ebd010bdade61

                                                    SHA1

                                                    623e0c3e9f57cbea76dbb241c3769b4ef2b7d027

                                                    SHA256

                                                    3bb8d95b970fd02b9193540ee34bf534e0dbc055a9202c1f74bce2228d50a0df

                                                    SHA512

                                                    262487913b4e050c1c03c4c365e77b11ec2efaa486bb359b0d8b533d1738d0f3b69da86127f245a5b1376ae87839f5d8eb2fc7e2e94aedf8f5665d85c610d3ae

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin
                                                    Filesize

                                                    13KB

                                                    MD5

                                                    a9ebc6d639dec0bd9cb1940ce72d35b4

                                                    SHA1

                                                    85309649fa091b458cf928ce4d6991fff77ad12b

                                                    SHA256

                                                    c670aa9811d9f8f4c172808a03e2a811a597a2429ca714c0c848e2d4c036fdaf

                                                    SHA512

                                                    b7762784eec69a37bc9fd8bb9f8ee1248dde0b669addc81953acce546cdb2a7682c2076fbc32b77a7bdc156ff8a51179910359cbb66c746b331734410c997d3f

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    5ea6453a0057b523770079af80fdc4f0

                                                    SHA1

                                                    f7d8aa9b7a6416bc2bbc559e26ec0c26f61a5e74

                                                    SHA256

                                                    804d046d040f26bf2f80a4d42d9f24f4aaeb6bb2d87130f226e431e12f5c2e1a

                                                    SHA512

                                                    4b98207eab85495360f70a29972da259ed1e0dd9efe6269f3ad03fb7d70cd784bc2e80cd4c1d25e133103367315383b07865e6b3e35f9da575aeb6ac6534e505

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp
                                                    Filesize

                                                    14KB

                                                    MD5

                                                    a1e83f7dbe9833a89520d620d680cb0f

                                                    SHA1

                                                    b37d537200e968a669add44118f931a0ad16d488

                                                    SHA256

                                                    d906a7c7a9624e2a531acdc1fbfec62cbd402814713354a06e16424d9eaec12b

                                                    SHA512

                                                    dd253a187ad8a5c69a0e5dd9100adce076776dfd9f47998df1548d0ca7dc7b40b0f3d14d864f1dc5988bb2c8eb6694815e3b2fd90610f11f5ff2ef496e4c4e3b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp
                                                    Filesize

                                                    15KB

                                                    MD5

                                                    739e767e4dcc0b8b11c12e5886b21448

                                                    SHA1

                                                    9c1d0a4401714dac9169623a2235ddda6a280e55

                                                    SHA256

                                                    890b668a1fc5f77235182ce4cb8d992c548e7f0b95fa70887ebce8cae2af8c14

                                                    SHA512

                                                    610308fb09efea14a235cea618c5ce4e8f7230566aa1959bbc4d747086f7c1a0d74aac7b16905fa8372a77aa32be40e04f964e76f598ecf947fa9353cd02f07b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    8683d4d55cafe92ac374f8ac5ed67ef7

                                                    SHA1

                                                    378be6fa57a464ea04fc294c5f37b7ebdc799a35

                                                    SHA256

                                                    f0ca14037e81a4f9de2c71cabcd1b907075199f24b2285c1acd54cd325b04a92

                                                    SHA512

                                                    653ffcb6be0777a84067d6dde1d8525a8a7ec1391cd342fd6be08203bb9def241c36e785adbfcc5d8653ad76e75df945cfe87fac4646d3cc679db17ad1e52ae6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp
                                                    Filesize

                                                    15KB

                                                    MD5

                                                    9fbfd96f2c1b09501fc87185dcfb1153

                                                    SHA1

                                                    a3a713681dfa917569f00c3366a4118c851b5eec

                                                    SHA256

                                                    17ccac0b9dbb986c28018aaa631e07890c42ed27d0385fb6067273dcd847d06a

                                                    SHA512

                                                    60383ec87782ca27090a98ef86644e6a2a0d8cf29b07d4e73aa259e5455f2641b2be783219195ff889977227bfccf3cf04331494f3a11edd36abffd3350b50c6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\38eca075-6bb7-4c6d-a833-655f76110599
                                                    Filesize

                                                    25KB

                                                    MD5

                                                    102f478695a69d65a4a3b7a3a10fd016

                                                    SHA1

                                                    6f3c82da679538fe56637f8989cfdfc5a0326129

                                                    SHA256

                                                    cdff074fcdc2cfa70999260703b1fc3f8888402cbee86a6e170f3a8a948a6c8c

                                                    SHA512

                                                    bb08e66b946e330af1940fe573011ee753cbf15993a36b06dddf7fc4a9da6076c57aa6f82eafc6034e239d576082de470937d44ec72cce352cd09bc08d055c23

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\7585a670-8f81-4b7d-951d-9d7f8875e217
                                                    Filesize

                                                    671B

                                                    MD5

                                                    1b549d5b90870e893a32bfd2ad6868b0

                                                    SHA1

                                                    6ce432fabe8ab596bcff01b1ceffb1e07d0143eb

                                                    SHA256

                                                    ac6ed2dfeeb261feeed3e643bad039ecb39f7592b70a6b6d0fe51538b026e48a

                                                    SHA512

                                                    a26194c2f8576c59cca0229879b4883e5d42e445d3859f7a8eabe281b58a9008dfb05ad12f3e5093cf00373631c2e9ccb63fc174a286cba26bd20d31ab105088

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\b852f79d-8bc0-49f6-9db7-1cd5de3be655
                                                    Filesize

                                                    982B

                                                    MD5

                                                    464bc9da3b4b1fa73f5556b6cfcead3a

                                                    SHA1

                                                    cd4e40ce9092e81826094ff2abee5b588c1772aa

                                                    SHA256

                                                    59b4c83700aacba777856bea30c98b49648631017d3c2b35e4c7af51aff49fdb

                                                    SHA512

                                                    8a31e46865f98ccde866992c749d30e9a9b1cfb2cc7b0875976ddd0abd980301ba3f72243ddc6b9579acfcdeda8ea5426394a7ac444c981ce7e03d4f7297a26f

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                    Filesize

                                                    1.1MB

                                                    MD5

                                                    842039753bf41fa5e11b3a1383061a87

                                                    SHA1

                                                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                    SHA256

                                                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                    SHA512

                                                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                    Filesize

                                                    116B

                                                    MD5

                                                    2a461e9eb87fd1955cea740a3444ee7a

                                                    SHA1

                                                    b10755914c713f5a4677494dbe8a686ed458c3c5

                                                    SHA256

                                                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                    SHA512

                                                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                    Filesize

                                                    372B

                                                    MD5

                                                    bf957ad58b55f64219ab3f793e374316

                                                    SHA1

                                                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                    SHA256

                                                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                    SHA512

                                                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                    Filesize

                                                    17.8MB

                                                    MD5

                                                    daf7ef3acccab478aaa7d6dc1c60f865

                                                    SHA1

                                                    f8246162b97ce4a945feced27b6ea114366ff2ad

                                                    SHA256

                                                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                    SHA512

                                                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    59e796d478f5885bc67571001bfcb6ec

                                                    SHA1

                                                    4a5d3a1aa1ea0e1be1109a2f895cd720c60777cb

                                                    SHA256

                                                    7df4aafcb398ce85082a853c0426b48c5cee4e636f3fc02e860d939766ca9b85

                                                    SHA512

                                                    219c503dc5499284fd01f9c465541530694f214ed8c684edbc5b1f1a2d66fe98be7dc3c94636d5d3b46b8916abad654dc3efc0b3fcb9792ed88c793c8be24da7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js
                                                    Filesize

                                                    11KB

                                                    MD5

                                                    33aec947951bad2b0b95d577f26d38e3

                                                    SHA1

                                                    cee08e370f438b5c70da46f79dfcc167cd699a20

                                                    SHA256

                                                    2f684aeb3a4e36b24f5bfc2ccaf7269c26847f3bb6b0e9dbeb32488aa2fd8665

                                                    SHA512

                                                    3d71b42054e315b96a9f696c7277edf128caabf161fed71442d7ed85a3de3c64d1d569ad3296def02ab69a5d1e78ff01c731a29cc6b8ec6c3399b60a16d98fb9

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js
                                                    Filesize

                                                    15KB

                                                    MD5

                                                    1715bd90ab6e04872b93046f0534b543

                                                    SHA1

                                                    469f90e49c7938a6daa591e41b4601e044a37480

                                                    SHA256

                                                    0e0990ca9f915dd0b72429b0304a117f9a5afcc851a87a6451207f73e96ce648

                                                    SHA512

                                                    f8a3ef3f2e10ec52d27b2b8347edc7fe66ee1bdde0856df41b5f27d7842b05f1fc9df23ee236410365667a8061e6d5e265aa4637e4cbb4bdf6a5c4e9e15a4803

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    44cf3a0d6d46b41e52cff3bab5a3f33c

                                                    SHA1

                                                    47934094f234ab2bebd4182edb7f1f8af37c440e

                                                    SHA256

                                                    ecd3217973adc3a51ca0ccd2507fc981434cdb5d2c4a6e00a34a968a6f1e4072

                                                    SHA512

                                                    a9f1d1b8247bd55a78492c94d1d8a734d3468b6cde5c06f0a985edd5aaa8cade9e5bbf63d7f98390d05e5a85159e562315600a60db1bacd6b2e1945595e173ed

                                                    Download Submit

                                                  • C:\Users\Admin\DocumentsHIDAFHDHCB.exe
                                                    Filesize

                                                    1.8MB

                                                    MD5

                                                    ea7705c2143e7c21967211c16fceb549

                                                    SHA1

                                                    5ed0a996617121fe8c267bcb2b7e7adcbf8cf1be

                                                    SHA256

                                                    f177f34b07fa2237adfda7ce8aa42889e1529bf25abe1f7df58613c8c5197a34

                                                    SHA512

                                                    202a3862bf26a9e3b839c38a30b62473bc4190b010fe54520ffb4ea10a2a0fbb424efa08df14c6df88bfb0669d48cb22e358bca374bbb1391055521d18bc875c

                                                    Download Submit

                                                  • memory/440-142-0x0000000000650000-0x0000000000B08000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/440-157-0x0000000000650000-0x0000000000B08000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/456-207-0x00000000008F0000-0x0000000000F72000-memory.dmp

                                                    Filesize

                                                    6.5MB

                                                    Download

                                                  • memory/456-211-0x00000000008F0000-0x0000000000F72000-memory.dmp

                                                    Filesize

                                                    6.5MB

                                                    Download

                                                  • memory/1432-2986-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/1752-1457-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/1752-1483-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/1800-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                    Filesize

                                                    972KB

                                                    Download

                                                  • memory/1800-144-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/1800-106-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/1800-3-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/1800-2-0x0000000000341000-0x0000000000358000-memory.dmp

                                                    Filesize

                                                    92KB

                                                    Download

                                                  • memory/1800-1-0x0000000077B34000-0x0000000077B36000-memory.dmp

                                                    Filesize

                                                    8KB

                                                    Download

                                                  • memory/1800-0-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/1800-51-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/1800-47-0x0000000000340000-0x00000000009D5000-memory.dmp

                                                    Filesize

                                                    6.6MB

                                                    Download

                                                  • memory/3244-2973-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-618-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-221-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-864-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-1540-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-645-0x0000000069CC0000-0x000000006A71B000-memory.dmp

                                                    Filesize

                                                    10.4MB

                                                    Download

                                                  • memory/3244-2301-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-212-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-174-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-2961-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3244-643-0x0000000000EC0000-0x0000000001B18000-memory.dmp

                                                    Filesize

                                                    12.3MB

                                                    Download

                                                  • memory/3512-192-0x0000000000D70000-0x0000000001208000-memory.dmp

                                                    Filesize

                                                    4.6MB

                                                    Download

                                                  • memory/3512-210-0x0000000000D70000-0x0000000001208000-memory.dmp

                                                    Filesize

                                                    4.6MB

                                                    Download

                                                  • memory/4288-2987-0x00000000007E0000-0x00000000007F2000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download

                                                  • memory/4356-232-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2980-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-175-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-176-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-653-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2988-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-932-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-1750-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2983-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2516-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-631-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2965-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-158-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4356-2975-0x00000000003A0000-0x0000000000858000-memory.dmp

                                                    Filesize

                                                    4.7MB

                                                    Download

                                                  • memory/4648-2978-0x00000000007E0000-0x00000000007F2000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download

                                                  • memory/4648-2979-0x00000000734E0000-0x0000000073614000-memory.dmp

                                                    Filesize

                                                    1.2MB

                                                    Download

                                                  • memory/4928-633-0x0000000000E30000-0x00000000010EC000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download

                                                  • memory/4928-464-0x0000000000E30000-0x00000000010EC000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download

                                                  • memory/4928-642-0x0000000000E30000-0x00000000010EC000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download

                                                  • memory/4928-463-0x0000000000E30000-0x00000000010EC000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download

                                                  • memory/4928-258-0x0000000000E30000-0x00000000010EC000-memory.dmp

                                                    Filesize

                                                    2.7MB

                                                    Download