Overview

overview

10

Static

static

3

7bb2d81894...2c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bb2d81894bdb4fffe823961b4261953372c643c8d0854feef5b69e750c2682c.exe

  • Size

    7.1MB

  • MD5

    28057fa131595001fc9b4bd20a09439a

  • SHA1

    b14ae7fc6caa7c9335f7df8369fac28f49486f40

  • SHA256

    7bb2d81894bdb4fffe823961b4261953372c643c8d0854feef5b69e750c2682c

  • SHA512

    e5cb8cd14a4c6c6700e05b35dd3e26525c650a90b8532ba6b507cd7b89f5ff3bbf201920ed85ef25c57c794c6a4efc4be99df09b28badc92ba9646ae155c5ff9

  • SSDEEP

    196608:cR4u+YAxtABn7WKP2Kkm+9+eERbEJE6K2TUC:cmrxtXa4m+weEJEJ1UC

Score
10/10
amadeylummastealcxenoratxworm9c9aa5marscredential_accessdiscoveryevasionexecutionpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://property-imper.sbs

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

xenorat

C2

beastsband.com

Mutex

x3n0

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Extracted

Family

xworm

Version

5.0

C2

backto54.duckdns.org:8989

helldog24.duckdns.org:8989
Mutex

7Fvn9wsSHJeXUB5q

Attributes
  • install_file

    USB.exe

aes.plain

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect XenoRat Payload 2 IoCs
  • Detect Xworm Payload 1 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Xenorat family
    xenorat
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 13 IoCs
    evasion
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 11 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 26 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 20 IoCs
  • Identifies Wine through registry keys 2 TTPs 13 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bb2d81894bdb4fffe823961b4261953372c643c8d0854feef5b69e750c2682c.exe
    "C:\Users\Admin\AppData\Local\Temp\7bb2d81894bdb4fffe823961b4261953372c643c8d0854feef5b69e750c2682c.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n4u35.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n4u35.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\L3L04.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\L3L04.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1492
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1l73R9.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1l73R9.exe
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:3900
          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
            "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Adds Run key to start application
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3100
            • C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe
              "C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3440
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                7⤵
                • Uses browser remote debugging
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:2184
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x7ffcbc6dcc40,0x7ffcbc6dcc4c,0x7ffcbc6dcc58
                  8⤵
                    PID:3608
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
                    8⤵
                      PID:3840
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
                      8⤵
                        PID:2252
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
                        8⤵
                          PID:2168
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:3600
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:4516
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4260,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:3080
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3632 /prefetch:8
                          8⤵
                            PID:5144
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,8832095101494491444,13643200984320348492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
                            8⤵
                              PID:2920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                            7⤵
                            • Uses browser remote debugging
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            PID:6704
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffccaae46f8,0x7ffccaae4708,0x7ffccaae4718
                              8⤵
                              • Checks processor information in registry
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6728
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
                              8⤵
                                PID:684
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                                8⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5292
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
                                8⤵
                                  PID:5392
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 /prefetch:2
                                  8⤵
                                    PID:6104
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
                                    8⤵
                                      PID:5592
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2324 /prefetch:2
                                      8⤵
                                        PID:5252
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                        8⤵
                                        • Uses browser remote debugging
                                        PID:5304
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                                        8⤵
                                        • Uses browser remote debugging
                                        PID:5428
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3040 /prefetch:2
                                        8⤵
                                          PID:5792
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3064 /prefetch:2
                                          8⤵
                                            PID:7120
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3536 /prefetch:2
                                            8⤵
                                              PID:1240
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4052 /prefetch:2
                                              8⤵
                                                PID:216
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17051505998903296610,3679008317015167603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3608 /prefetch:2
                                                8⤵
                                                  PID:6184
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe" & rd /s /q "C:\ProgramData\CAAAAFBKFIEC" & exit
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:5904
                                                • C:\Windows\SysWOW64\timeout.exe
                                                  timeout /t 10
                                                  8⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Delays execution with timeout.exe
                                                  PID:4296
                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1009351041\PeRVAzl.ps1"
                                              6⤵
                                              • Suspicious use of SetThreadContext
                                              • Command and Scripting Interpreter: PowerShell
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2232
                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of SetWindowsHookEx
                                                PID:1420
                                            • C:\Users\Admin\AppData\Local\Temp\1009409001\UqhRb9F.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009409001\UqhRb9F.exe"
                                              6⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5168
                                            • C:\Users\Admin\AppData\Local\Temp\1009417001\6e70526652.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009417001\6e70526652.exe"
                                              6⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:5432
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 1652
                                                7⤵
                                                • Program crash
                                                PID:5176
                                            • C:\Users\Admin\AppData\Local\Temp\1009418001\896fb635ea.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009418001\896fb635ea.exe"
                                              6⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:6240
                                            • C:\Users\Admin\AppData\Local\Temp\1009419001\02f1247217.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009419001\02f1247217.exe"
                                              6⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:6492
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM firefox.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:6556
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM chrome.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:6700
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM msedge.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:6896
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM opera.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:7144
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM brave.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5604
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                7⤵
                                                  PID:3188
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                    8⤵
                                                    • Checks processor information in registry
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4024
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2060 -parentBuildID 20240401114208 -prefsHandle 1988 -prefMapHandle 1980 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5103b591-476b-44ec-a93d-97e5f5eb6a40} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" gpu
                                                      9⤵
                                                        PID:4260
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2492 -parentBuildID 20240401114208 -prefsHandle 2468 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f46fcf8-caeb-4a38-b5b9-4d86707250ba} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" socket
                                                        9⤵
                                                          PID:4192
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2872 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3216 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33deca99-f95d-495e-99dc-9847352c7bbd} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
                                                          9⤵
                                                            PID:3088
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3480 -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3788 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfb797f7-eb40-41c3-8aa1-3f50ab9ebb6e} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
                                                            9⤵
                                                              PID:2712
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4452 -prefMapHandle 4516 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2d56c5e-0bc3-4916-b11a-73b5761d00b2} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" utility
                                                              9⤵
                                                              • Checks processor information in registry
                                                              PID:4524
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd7c339-f0a4-4bcd-a0f7-27692e2a22b3} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
                                                              9⤵
                                                                PID:6696
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {179c97d0-5513-49f1-aa40-bb81e98626a5} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
                                                                9⤵
                                                                  PID:1156
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5884 -prefMapHandle 5888 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957fbf33-8784-4692-9332-ac5991cebc0e} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" tab
                                                                  9⤵
                                                                    PID:7076
                                                            • C:\Users\Admin\AppData\Local\Temp\1009420001\567fd8d08c.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\1009420001\567fd8d08c.exe"
                                                              6⤵
                                                              • Modifies Windows Defender Real-time Protection settings
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Windows security modification
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:1184
                                                            • C:\Users\Admin\AppData\Local\Temp\1009423001\96a275d63f.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\1009423001\96a275d63f.exe"
                                                              6⤵
                                                              • Enumerates VirtualBox registry keys
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Checks processor information in registry
                                                              PID:5480
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                                                                7⤵
                                                                • Uses browser remote debugging
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:6492
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcb940cc40,0x7ffcb940cc4c,0x7ffcb940cc58
                                                                  8⤵
                                                                    PID:4008
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:2
                                                                    8⤵
                                                                      PID:6852
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
                                                                      8⤵
                                                                        PID:7072
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
                                                                        8⤵
                                                                          PID:7052
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:6912
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:6184
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4332,i,1389279971012233758,9090534738186225769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:5888
                                                                      • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\service123.exe"
                                                                        7⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:1400
                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                        "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\Admin\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                                                                        7⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:6540
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 1936
                                                                        7⤵
                                                                        • Program crash
                                                                        PID:6496
                                                                    • C:\Users\Admin\AppData\Local\Temp\1009425001\333.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\1009425001\333.exe"
                                                                      6⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:3216
                                                                • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z5928.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z5928.exe
                                                                  4⤵
                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                  • Checks BIOS information in registry
                                                                  • Executes dropped EXE
                                                                  • Identifies Wine through registry keys
                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1832
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 1652
                                                                    5⤵
                                                                    • Program crash
                                                                    PID:4112
                                                              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d22v.exe
                                                                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d22v.exe
                                                                3⤵
                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                • Checks BIOS information in registry
                                                                • Executes dropped EXE
                                                                • Identifies Wine through registry keys
                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:428
                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L783r.exe
                                                              C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L783r.exe
                                                              2⤵
                                                              • Modifies Windows Defender Real-time Protection settings
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Windows security modification
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:4076
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1832 -ip 1832
                                                            1⤵
                                                              PID:1264
                                                            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                              C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                              1⤵
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2352
                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                              1⤵
                                                                PID:384
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                1⤵
                                                                  PID:5864
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5432 -ip 5432
                                                                  1⤵
                                                                    PID:6060
                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                    1⤵
                                                                      PID:4392
                                                                    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                      1⤵
                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                      • Checks BIOS information in registry
                                                                      • Executes dropped EXE
                                                                      • Identifies Wine through registry keys
                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                      PID:1556
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5480 -ip 5480
                                                                      1⤵
                                                                        PID:5200
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        PID:3976
                                                                      • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\/service123.exe
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        PID:1684

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Reconnaissance

                                                                      Resource Development

                                                                      Initial Access

                                                                      Execution

                                                                      Command and Scripting Interpreter

                                                                      1
                                                                      T1059

                                                                      PowerShell

                                                                      1
                                                                      T1059.001

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Persistence

                                                                      Boot or Logon Autostart Execution

                                                                      1
                                                                      T1547

                                                                      Registry Run Keys / Startup Folder

                                                                      1
                                                                      T1547.001

                                                                      Create or Modify System Process

                                                                      1
                                                                      T1543

                                                                      Windows Service

                                                                      1
                                                                      T1543.003

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Privilege Escalation

                                                                      Boot or Logon Autostart Execution

                                                                      1
                                                                      T1547

                                                                      Registry Run Keys / Startup Folder

                                                                      1
                                                                      T1547.001

                                                                      Create or Modify System Process

                                                                      1
                                                                      T1543

                                                                      Windows Service

                                                                      1
                                                                      T1543.003

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Defense Evasion

                                                                      Impair Defenses

                                                                      2
                                                                      T1562

                                                                      Disable or Modify Tools

                                                                      2
                                                                      T1562.001

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Modify Registry

                                                                      3
                                                                      T1112

                                                                      Virtualization/Sandbox Evasion

                                                                      3
                                                                      T1497

                                                                      Credential Access

                                                                      Credentials from Password Stores

                                                                      1
                                                                      T1555

                                                                      Credentials from Web Browsers

                                                                      1
                                                                      T1555.003

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Steal Web Session Cookie

                                                                      1
                                                                      T1539

                                                                      Unsecured Credentials

                                                                      4
                                                                      T1552

                                                                      Credentials In Files

                                                                      4
                                                                      T1552.001

                                                                      Discovery

                                                                      Browser Information Discovery

                                                                      1
                                                                      T1217

                                                                      Query Registry

                                                                      9
                                                                      T1012

                                                                      System Information Discovery

                                                                      5
                                                                      T1082

                                                                      System Location Discovery

                                                                      1
                                                                      T1614

                                                                      System Language Discovery

                                                                      1
                                                                      T1614.001

                                                                      Virtualization/Sandbox Evasion

                                                                      3
                                                                      T1497

                                                                      Lateral Movement

                                                                      Collection

                                                                      Data from Local System

                                                                      3
                                                                      T1005

                                                                      Command and Control

                                                                      Exfiltration

                                                                      Impact

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\ProgramData\CAAAAFBKFIEC\DGCBKE
                                                                        Filesize

                                                                        124KB

                                                                        MD5

                                                                        9618e15b04a4ddb39ed6c496575f6f95

                                                                        SHA1

                                                                        1c28f8750e5555776b3c80b187c5d15a443a7412

                                                                        SHA256

                                                                        a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

                                                                        SHA512

                                                                        f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        40B

                                                                        MD5

                                                                        53f896e6ec3a1c85c0d9124da3b7380e

                                                                        SHA1

                                                                        f4b222bb0b3fda0f2ab34768d1d086bc6533575e

                                                                        SHA256

                                                                        17445b99fe65252ca0a67cde3f5d2b1feb0224d39f52d1641ae0bb8dd0282453

                                                                        SHA512

                                                                        512cd2d07e1e7ebe78ddf8f5c5a682a30a0a9a1f55099a466ddd54c351295a92f4ac4946ebf4218d6353a3148ac38a2dbc07c9f96e12042868acce13c9edb1c3

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4046a49b-bef2-4b52-b658-8aec4f52a04b.tmp
                                                                        Filesize

                                                                        1B

                                                                        MD5

                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                        SHA1

                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                        SHA256

                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                        SHA512

                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                        Filesize

                                                                        649B

                                                                        MD5

                                                                        e8e1b7fba0b71d9b35feaacc8371cca4

                                                                        SHA1

                                                                        ad82c9ed3fc6592c507ba32e4a853a77c333c491

                                                                        SHA256

                                                                        741d2eae44c71f9b8dd46e2cca3521a662789f0f54a5135823aecb16ab13c94d

                                                                        SHA512

                                                                        8b9fd85a9d9824f090010ffe091fb5814e78467396d930c19dfac498bf0a36f287399b0eeeba17d9433ba8bd257b201489fa44d14f80b0f1fdfd54b5fe2ba220

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                                        Filesize

                                                                        44KB

                                                                        MD5

                                                                        1832915038d665433dbf20c4df44e6f6

                                                                        SHA1

                                                                        4f494a53131eee760312065608a2442c377db3f2

                                                                        SHA256

                                                                        897f8d6405efd9cc58e1cf833b015b66baf1a7cf39bd8a688401b77e62598617

                                                                        SHA512

                                                                        630d451567929d6cc34ffec116908741fe450432157b9afaba5fe5d03756460171e748bbd611692eef4969436b850e9aa0e28c0a4c1ab1aeda77492a435873ea

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                                        Filesize

                                                                        264KB

                                                                        MD5

                                                                        89ce3aa012a9fcd8d287633a4e087a4b

                                                                        SHA1

                                                                        0c719f8e5cf883d99bd700119f000fed64ee3063

                                                                        SHA256

                                                                        b056d25943531ffb41261664dd468baa2e14fb677efaaa89449d24faa64254fd

                                                                        SHA512

                                                                        83a65767f94ab04a94bfbaa6a13e1584bfaea3de43b906ab75261ba057ae79397464179c7093f946874899d4062bab8c6e485aa4dcdacae34cc9bf08fd1c5a32

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                                        Filesize

                                                                        4.0MB

                                                                        MD5

                                                                        c9549c93a510125b112da6734d4d1a2c

                                                                        SHA1

                                                                        0599236b3d30d074cb37c4b24a9e5a91e8a3cfe1

                                                                        SHA256

                                                                        b71b247ae6798974f484d91df18f4b9622901c3ae2ba78aca126d4c3d4a2bcb7

                                                                        SHA512

                                                                        4d461d13dda2de07b1d7114120474a90881047bea397efcab878d90d4c68ef4d226a730a1f4df1b2a9c6a5cee647f0d05609cc3aa09f911c31af121a42d54ebe

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
                                                                        Filesize

                                                                        44KB

                                                                        MD5

                                                                        35353361aa3953ed45886fe5d07184bc

                                                                        SHA1

                                                                        361c5dd26e1c3190aeb80a9089122c8e7b7b329f

                                                                        SHA256

                                                                        626f8af4bca07efdceab87cdaa31016c6d7689e1ce9d333f73c77da07e109ea3

                                                                        SHA512

                                                                        41c6362f8e5944761ed6618009d9502fcda2bfaf0e9f7af2f3dbbaba847a1e4241979d0831e683207d0586ae2908652a3da9f48e18d1586075d0d15ddea87a80

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                                        Filesize

                                                                        264KB

                                                                        MD5

                                                                        fc696cd7124409b98575161e42e5fc1d

                                                                        SHA1

                                                                        355df83456718af26ad4dbc8031e1982d36e4663

                                                                        SHA256

                                                                        810d5d8950ada9c1429da79134b91f534ad75a22fa6c0bc7fcb52094a8881007

                                                                        SHA512

                                                                        a9bc0623ce68b13868551b057163ba7e03bcee845a7ab7014cdafc469c49f0eee9d5751d3f534b80dba3533ac76683e71b214d2dcda716eb2d55c3848a584bfa

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
                                                                        Filesize

                                                                        1.0MB

                                                                        MD5

                                                                        5697af728f70184de539814f0b973859

                                                                        SHA1

                                                                        ed3d0e2ab84824a051793c8446aade1469b72a15

                                                                        SHA256

                                                                        16358bc246e115778df2e7b13dd09c02dc05e80cb6939b79e91f99fc51a4dad0

                                                                        SHA512

                                                                        7c4fcae0a369075d9648d0e2519168a7e265187be2b29cfc834502afec9ed67e77f63d1de1c0638784a29875480b15cc0f0a35809764fadbe981d1a0eab7772d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
                                                                        Filesize

                                                                        4.0MB

                                                                        MD5

                                                                        d6b0609c4b6edb45553ff9afbfc95e33

                                                                        SHA1

                                                                        2697657b75906d3653f48080ec1f3993c07bd8bf

                                                                        SHA256

                                                                        eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

                                                                        SHA512

                                                                        db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                                        Filesize

                                                                        332B

                                                                        MD5

                                                                        a5083fc42c6ffb321bf7ea1106294fe1

                                                                        SHA1

                                                                        8b4cefee34e0230ffdd2ca2116a7673fd6f64605

                                                                        SHA256

                                                                        c03f2bb275115028cb1e46b723678c11002948e8e409b810ecf5bb6f0d8b9f3b

                                                                        SHA512

                                                                        14ace14b109781b83494489da7e243fb2b3bf19e6bfe5de2b22a8f9da3d809b29b74519a82dc5e210bc8190df0aa0eae641937a73f5c1ffcdf8c42016f09fccb

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        d751713988987e9331980363e24189ce

                                                                        SHA1

                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                        SHA256

                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                        SHA512

                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
                                                                        Filesize

                                                                        336B

                                                                        MD5

                                                                        d5198a45fe4c771d3a6fb8b7447ddfde

                                                                        SHA1

                                                                        ed9da9aff55c6ccdbfe4b630de7cd928e521739b

                                                                        SHA256

                                                                        f3817a4a0ece25463ee00583f3e3c4f4f0fcb997f5465176df0befd376846fba

                                                                        SHA512

                                                                        7e40c44920abd4db3b8eed8c1be644c9d8a6e3cc7595f147d51443da35eaed41f56935d79e6b10dac9222c29c41e4de287eac71bd3442b0444d531025078aa4e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                        Filesize

                                                                        345B

                                                                        MD5

                                                                        a6257200c047bc752abcc1f31532fd9e

                                                                        SHA1

                                                                        61b087cf00b63277fe4747a2e76613d07a2a589d

                                                                        SHA256

                                                                        3182f7489745e12a655444f8fc88b0ee12a7f4df84c0906e18aa8181c563e081

                                                                        SHA512

                                                                        198fe8c8e48fe197ad3b5a21f4748c6940056deff9c9b64bbcdc3a906ea51b1edead415e0ae43d0c3837c88a3c506012f67745565c942cb193d9bc222899ac64

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                        Filesize

                                                                        324B

                                                                        MD5

                                                                        202c19dacada08f4340f9409e888f873

                                                                        SHA1

                                                                        89fb396621a913f0bddf8ba3fb4957df18331e96

                                                                        SHA256

                                                                        cf1d61b717e3e02e6db8d1b4a44dd06eb58b72e7d152fabae5cad525f84a5197

                                                                        SHA512

                                                                        35042b50fe74629b54ddb67c00edbc139ac1f1e75eb00e2a07d7028c25c83220e7b3afeec5b25bf60495c901489a86289b2fc7c5ae8f66234348c4e2b8d4cbc3

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                        Filesize

                                                                        14B

                                                                        MD5

                                                                        ef48733031b712ca7027624fff3ab208

                                                                        SHA1

                                                                        da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                        SHA256

                                                                        c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                        SHA512

                                                                        ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                                        Filesize

                                                                        86B

                                                                        MD5

                                                                        961e3604f228b0d10541ebf921500c86

                                                                        SHA1

                                                                        6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                        SHA256

                                                                        f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                        SHA512

                                                                        535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        61cef8e38cd95bf003f5fdd1dc37dae1

                                                                        SHA1

                                                                        11f2f79ecb349344c143eea9a0fed41891a3467f

                                                                        SHA256

                                                                        ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                                                        SHA512

                                                                        6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        0a9dc42e4013fc47438e96d24beb8eff

                                                                        SHA1

                                                                        806ab26d7eae031a58484188a7eb1adab06457fc

                                                                        SHA256

                                                                        58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                                                        SHA512

                                                                        868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        889df83863f929e0251efe11adcd6e33

                                                                        SHA1

                                                                        0ce83f827ae3952f1d154e1080208d669d3e3fc4

                                                                        SHA256

                                                                        d57598298105183dfb6424270cdbad9a7ef650010576dbc61ba1f93aeba99f45

                                                                        SHA512

                                                                        5db6f7570d84e2fb1468b35049d20579aa1f6b12a5a84a3480c0b6236ec68f60738a456cbde4e909428b164cf829840588b0e5405692a617cf10fd874abc4bd7

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                        Filesize

                                                                        264KB

                                                                        MD5

                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                        SHA1

                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                        SHA256

                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                        SHA512

                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json
                                                                        Filesize

                                                                        25KB

                                                                        MD5

                                                                        547135f061b1cc1017a4531c6320dd20

                                                                        SHA1

                                                                        799fa9e58f64b9af93644119a95d056da6754208

                                                                        SHA256

                                                                        9f61163d74492274493e6b4e7432e09f75d339014291220567a8c309bb130d6f

                                                                        SHA512

                                                                        51085e0772de7286df1a1a93995b1dfb25bd72c86cac0880837495b49b9b6084a7f4b21827608d46f03d9c298d216b66ed0222befbff72c07045675dd322d9b2

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                                                                        Filesize

                                                                        13KB

                                                                        MD5

                                                                        cac4610a7fd9ab39c06d5d5842623a6e

                                                                        SHA1

                                                                        37f3b9db35558fbd5835b66530d0932ebdc9e182

                                                                        SHA256

                                                                        f8a607bd442763e0dd01b53d4dd018143f9cdde4cc7f585950e7380fffafd5a0

                                                                        SHA512

                                                                        813fe5d295e2efcc12a76a3b9f925040577c75fec616c19cb52459f31e1030d5ce1fb6bccf5b7d2d07dc0a17aee054c77e9e4c9498b69e75c5479d7b4a516241

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        5718339ec46deea841c578a424700042

                                                                        SHA1

                                                                        0ccddca3a138559062954a0b3199aa75ca4d93de

                                                                        SHA256

                                                                        85601a94d7f207d7682eb137625162d1c27ecd6d22c0474dc90e0c7efe897669

                                                                        SHA512

                                                                        36b34642b88038fed3c56b5384a4301cade9c929ed389d5cac814d4e6e79067ea490be3942b8836d87ae19f1a9628fa9339c38ed3496ebbd01966848c2256423

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe
                                                                        Filesize

                                                                        409KB

                                                                        MD5

                                                                        4ea576c1e8f58201fd4219a86665eaa9

                                                                        SHA1

                                                                        efaf3759b04ee0216254cf07095d52b110c7361f

                                                                        SHA256

                                                                        d94206d9509cc47cae22c94d32658b31cf65c37b1b15ce035ffaa5ce5872ad2f

                                                                        SHA512

                                                                        0c7462bc590d06f0ead37246f189d4d56e1d62ff73f67bf7e2ce9c653d8c56812a5f1306fb504168f7e33b87485c3465ea921a36f1ba5b458d7763e45c649494

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009351041\PeRVAzl.ps1
                                                                        Filesize

                                                                        3.0MB

                                                                        MD5

                                                                        2b918bf4566595e88a664111ce48b161

                                                                        SHA1

                                                                        e32fbdf64bb71dc870bfad9bbd571f11c6a723f4

                                                                        SHA256

                                                                        48492827286d403668996ae3814b2216b3b616f2fb4af2022bf3d2fc3f979a26

                                                                        SHA512

                                                                        e3d58adbe13befe91fb950cc52b16d6d2fcb8f6d65bab4020222713207b07ce78b76e2e2532cf3de23149e934ba1e1cb9046a95a18424a668bfa4a355af6f44a

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009409001\UqhRb9F.exe
                                                                        Filesize

                                                                        1.7MB

                                                                        MD5

                                                                        cfbd38c30f1100b5213c9dd008b6e883

                                                                        SHA1

                                                                        03da6d72c9d92bea2b2e5c4a8538f0a3628fbe73

                                                                        SHA256

                                                                        25350f356b356c9ab48ebfcca67cad970d1a213f8716a1d006d339a38f0f7cc5

                                                                        SHA512

                                                                        a7d3bce28d0443dbe671394bd6c720f0fba28cf18ee0a5c3bfe547c3ffaebb9431ebe40749de1eb460b03696a401c167d76de99e9769e33ca62a3bf8302a5b04

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009419001\02f1247217.exe
                                                                        Filesize

                                                                        901KB

                                                                        MD5

                                                                        cdc59bd1b27b4f3b7c58dced455c2616

                                                                        SHA1

                                                                        c14d1868e95b63607d167aa7f37e0947ba1dd0ad

                                                                        SHA256

                                                                        a09e80ad0b055a1a7222999a6ff6190785a9f2c707e785bc0696615dac85eb28

                                                                        SHA512

                                                                        4c52a3470545701bc0b083c9abd847d74920b198d52c2ac225dc4448d0d8c7388ffd34f52cc43b225b64dfc52f19b79fba24af77c9a48d0b90550c259bec45a2

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009423001\96a275d63f.exe
                                                                        Filesize

                                                                        4.3MB

                                                                        MD5

                                                                        f5776b965778a92b20d7cdcc3ed87b8a

                                                                        SHA1

                                                                        1b5a38a9d6b40243306672d8beba4bd38081788e

                                                                        SHA256

                                                                        ae296c763a4d1175347ff21ca6b2fe38bbd3f5680be48bd20a27461fcd1632e5

                                                                        SHA512

                                                                        b3ee8f35314f237087c8b1d43b0771384e20f2f0a40c3c0d4d064f1b3e5a6fb7986c169a7d7c313f08e0600e03257516bf8ea9c47c5f16c671aeb266b365c911

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1009425001\333.exe
                                                                        Filesize

                                                                        243KB

                                                                        MD5

                                                                        b73ecb016b35d5b7acb91125924525e5

                                                                        SHA1

                                                                        37fe45c0a85900d869a41f996dd19949f78c4ec4

                                                                        SHA256

                                                                        b3982e67820abc7b41818a7236232ce6de92689b76b6f152fab9ef302528566d

                                                                        SHA512

                                                                        0bea9890dbcd3afd2889d0e7c0f2746995169e7b424f58d4998c50bc49d2b37d30f5bd1845d3079b25f9963af2b71f136719cbd9fda37f7b85874992096b3e1d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L783r.exe
                                                                        Filesize

                                                                        2.7MB

                                                                        MD5

                                                                        b0f33615c7f56d7d8a318adc5454220f

                                                                        SHA1

                                                                        de0430c4bacb1e68b95c020ea7cc710e8eb5e84a

                                                                        SHA256

                                                                        cc040a7e49f417aef95752a96d56652463ed9fce37f2273d402a83389e2dd4af

                                                                        SHA512

                                                                        29e229edeb8632307ddf3d24762c70319688bd8dcded39b6a7737d7d153cd86d87a51c0d7c9c31ebba15865adda90fd7cc060ce121b50efa6342c3019cd138ce

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n4u35.exe
                                                                        Filesize

                                                                        5.5MB

                                                                        MD5

                                                                        1d816a142ae2cc728a424c351accc075

                                                                        SHA1

                                                                        b7ae72817d104f0dab40a4529bb26b8c02660c1b

                                                                        SHA256

                                                                        af5cadc57422f5d25ce7ded8ae05379b0e00493b45b15863ccdf3b73d8369f87

                                                                        SHA512

                                                                        20805162bc4f40d3e4750e12138e25fc9a00c30ffd9ca8d8188cc565e8afe864a153b546230164c1d1da5e9544adedb7849f20244ae58b0136f279d6bed1da47

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d22v.exe
                                                                        Filesize

                                                                        1.7MB

                                                                        MD5

                                                                        d9c6c8f24b6f9129bb257f4e778fd5c5

                                                                        SHA1

                                                                        21815ca71c309602dc6c0f67f21e29802fdfd51b

                                                                        SHA256

                                                                        17f0091e5c0ffd96a5f9eaff9955befb9616776d5febaaaad2b65fc9ee7fa55f

                                                                        SHA512

                                                                        ff8263e97198ee01b797cee9bc4985606af00b04f9641143a710d981eac1d4a731fd0a2ed206ff6278fd67131151b26401149d5d6d271209586c206eed3e6e98

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\L3L04.exe
                                                                        Filesize

                                                                        3.7MB

                                                                        MD5

                                                                        7540cec4f1f0c0a62e558803f39262d6

                                                                        SHA1

                                                                        544f5f2d0df186a66833925659c76451f0f91b68

                                                                        SHA256

                                                                        e599250bf7c19dc1cc7d191541f1b2a9eb5fea3ec87b84cc6fa952c8e9b20c4a

                                                                        SHA512

                                                                        e2f0f3db2c00d1556d11311338077584ea80265616b133ff8be55d02a4dd2f07ee8e2a0b2c1c29e82b0d401f52d9fd8a34a7e2e872f3507273f370edcdea4f07

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1l73R9.exe
                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        40f7eb8c6dbaa68cca8736ff9ce86aa7

                                                                        SHA1

                                                                        17f171de9452ccc9b9e5d59fbd3b4188e643ce7c

                                                                        SHA256

                                                                        5a463972a8c9a594b5e2900415370008df37459a44c11beee3c3d8dd44f51495

                                                                        SHA512

                                                                        1b60ce840a053090de6bc05db505da1ba3e26b47fe28117dc752045cae4691b6ac97a5738782671279feeda8eec07555592307e087d662929130f2d8b87a7aca

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z5928.exe
                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        367591ed8ad4439815d66927351973c9

                                                                        SHA1

                                                                        d397b5ce07e3a528e14e5d8b5a4093dc7361e105

                                                                        SHA256

                                                                        cf241de2ebe94dce027c81b305d8418758dfdab9da7750935641cc35e14deeb2

                                                                        SHA512

                                                                        db096c212d9dc974bdecb8bbfbf48740ed3f405b2976f223510a584e12b92ee1b7c53e56ddd652fc6cf64b35704525dceb58a5cff0b8526e47490d07347ac6af

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5n44pmyc.rqq.ps1
                                                                        Filesize

                                                                        60B

                                                                        MD5

                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                        SHA1

                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                        SHA256

                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                        SHA512

                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                        Filesize

                                                                        479KB

                                                                        MD5

                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                        SHA1

                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                        SHA256

                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                        SHA512

                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                        Filesize

                                                                        13.8MB

                                                                        MD5

                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                        SHA1

                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                        SHA256

                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                        SHA512

                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\uziuugju.14i
                                                                        Filesize

                                                                        160KB

                                                                        MD5

                                                                        f310cf1ff562ae14449e0167a3e1fe46

                                                                        SHA1

                                                                        85c58afa9049467031c6c2b17f5c12ca73bb2788

                                                                        SHA256

                                                                        e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

                                                                        SHA512

                                                                        1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        b306f873506035d98cda3137981b1732

                                                                        SHA1

                                                                        4bdeafee3a45c792ce6000bd034f7f2058fb83cb

                                                                        SHA256

                                                                        b5504ee54da692d3c3b947deabb1ee871f24392cf1c46b2c677acb09d46e2810

                                                                        SHA512

                                                                        6d8755e72bbf26612ce80ea79d6b9a1d81bf9aef86064f2a564f08cdb88bedc2fa22cd5f51d01302fa5ac537e619ff618f33bb5819b0dca4e63d1a6b186c72a1

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        e0ff652fe407da61124160e0977cd8d9

                                                                        SHA1

                                                                        405e6f0e161a2807743322a6e1aecfd41584c334

                                                                        SHA256

                                                                        66cf7cd38da5277c4c07d4aed09aae0f0bcc9512d216c97501aa8be5c1c24a1f

                                                                        SHA512

                                                                        d284ca21948f18ae647e1d4d1616786e38af33f39555aa02b5475abc372be82271012095d263604c18b58377794e009bd6b2e6f6a564c8310e762b7c866f45aa

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        23KB

                                                                        MD5

                                                                        15474a5fb895708b9c2a8c368e33142a

                                                                        SHA1

                                                                        b93d390b4403b66b45428829a5af0f69afeb7211

                                                                        SHA256

                                                                        2088aa870acdc899db547571ac7efb1290430de220b96644ee2d24d5aa4b38ec

                                                                        SHA512

                                                                        85f98878a481ab25f76f16f5c4881a8b7a21f7d47f45b3aeab1f57e779bf144353b5f2973219651a534df9dfb2917882c01a2140be0b352b42a893566136db82

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        9fa8d1eb35d565110b705f36829bc113

                                                                        SHA1

                                                                        93e3bfc1bf7bcb22a422ddcb6e5a5965ffb9ad54

                                                                        SHA256

                                                                        c51c0e587fdb3d33db5c5214eb899fe33ad480b75a69f87be9d7e59e0cc5ea8d

                                                                        SHA512

                                                                        f2ef1552479588503edf9a1fba321181da1ec0bb56d30d9ab0efec06cc49ee414610a168a9010279b09d4b1ae4258413ca9db3c9fa7444c1c00033ff5e57e8cf

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        967a2d24e28f11258b5224ffe682f50f

                                                                        SHA1

                                                                        1efd387a98b8e1ed06920c26c2021943c621f144

                                                                        SHA256

                                                                        29bdcf4ed3c5d6aa60503f62b23bbf4225522cc7caee60a9674e550e99077960

                                                                        SHA512

                                                                        d254121a9fcf0ae2b32c8a73ff8b0f8051f16431032b41ff81a881bd2b67f4c3c95daac5a6f7865a68f0c4af2ae6e55c0f1fd5e34497561e57a0cfe6813f2165

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        c2e1fbe21fe7076d6577ce286c9b6004

                                                                        SHA1

                                                                        b989971362931c3e650257acff9e92feac05d6cc

                                                                        SHA256

                                                                        7e55cba4fb6e7b925c5f941323fe9e206bb96970166c604c9bb4d627f362757a

                                                                        SHA512

                                                                        a24bd3f32f7e22fe31e856d0689448f422360ed32f12fc17e25a8462e882bd3c3c4c817e06ceaa8e4b3e21878c3f8dcf878903cfe5bf3d88228a8ecdb47f092f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        772b697caf156b8e03fc27f83871a407

                                                                        SHA1

                                                                        ddef923aea2cb69c92d197d8da2351ac6735f1a5

                                                                        SHA256

                                                                        d7dfc33329f712aeb31987b0a82b662393ef4d33230645cb2d9514523f39c8ce

                                                                        SHA512

                                                                        ca11c40f9d0a8a87d69c5dbdd9ed078775cd75e244871658df925aa91e2061bb61ef9d8044b66d6187fa69e299aaedbb958404209e1c20b5d617823a1948fca2

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        55687497c2fc5983e7882359904d64f6

                                                                        SHA1

                                                                        0b1b862994dd6c415cd3566d24dac82f5de926dd

                                                                        SHA256

                                                                        668cc8c9a6cdedfc64e6d96a175bb68ab02b4a5263df719b8dcb1de06f180794

                                                                        SHA512

                                                                        6664bbd7a9d43e6d07d62d69d008611017df68e8a78921fe7ccaa71367e6c73a264cbc52adb9ae1ca35623e1461031a1ce4a9909c71173253ef2dc9814f789dc

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        df71b38cc98e5a701c6cf75628c5c517

                                                                        SHA1

                                                                        f6add6c56fca7837ec86cdc6e75b51c93a58759d

                                                                        SHA256

                                                                        77d3cc6bd3caead1b15f0eac304f890dd5075af933e9724fa57726c206e37b5e

                                                                        SHA512

                                                                        c3f901622657ccf8b6df0a54137c516da467db9b8f8d6e57c26b520f2eedc889a2a7c2e45ab7164af8555614d59ebb5ac768df064a6c25d1cae20d7f7557920d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\3f6842b3-745e-40b1-96a4-9094b9798a7b
                                                                        Filesize

                                                                        25KB

                                                                        MD5

                                                                        1c285f55c6de484d7d74f7062d6b34ec

                                                                        SHA1

                                                                        f54c3d1e88f51f7e3fbd9cdda51402d0b009fa75

                                                                        SHA256

                                                                        ac184f53ad3918d985c49d36957671b588d298fee305a3e909c19a8526bc6cfa

                                                                        SHA512

                                                                        0543a7bdbe30beca4154635a814c3a366e20577c68daf7ba5b5a1eb15a4d63f80d1d246ac583b056ce0892170be94ce1c9ae11e00a8a8e05d95dc6f3401ab5ae

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\87b04967-7d13-4ceb-ac49-fe3b0441e3aa
                                                                        Filesize

                                                                        982B

                                                                        MD5

                                                                        dd6e2027f7ad073826c49c49429e5fa6

                                                                        SHA1

                                                                        83d2e443754d9a860aaebd6bf10803c2b1efbea5

                                                                        SHA256

                                                                        3264a6e5af5778cfb4ef54091a4df16558b7aa27654a7e171b43f8699d7059ca

                                                                        SHA512

                                                                        ee96e955483d8ed4ae42e5b9177693491ca65abf4482438c8aa078467d638c082fb16c15d019edb32da421e5b20b51a4543b66388173d03c914ece058382ee5d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\d4de559b-7627-4ce1-8419-e163800cefc9
                                                                        Filesize

                                                                        671B

                                                                        MD5

                                                                        9ae88015a928aa6497f6ecb7c3f575fd

                                                                        SHA1

                                                                        392c63d0df85b9e86618d337580a55fc8950f57c

                                                                        SHA256

                                                                        0b22e190fc3db93050ecb5b73e895956401443d4d956fd226dc0ff588a6914fb

                                                                        SHA512

                                                                        fde972eb1b648c21581217c5a78e662f460e35f55bfe5c400f75e4e38361d69e52857335ab010eaebcf37e5a97330ca9e6796874c61d439736f79d7903c7b134

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                        Filesize

                                                                        1.1MB

                                                                        MD5

                                                                        842039753bf41fa5e11b3a1383061a87

                                                                        SHA1

                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                        SHA256

                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                        SHA512

                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                        Filesize

                                                                        116B

                                                                        MD5

                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                        SHA1

                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                        SHA256

                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                        SHA512

                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                        Filesize

                                                                        372B

                                                                        MD5

                                                                        bf957ad58b55f64219ab3f793e374316

                                                                        SHA1

                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                        SHA256

                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                        SHA512

                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                        Filesize

                                                                        17.8MB

                                                                        MD5

                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                        SHA1

                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                        SHA256

                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                        SHA512

                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        8489aa2b155d330cb0181f5a68728a2f

                                                                        SHA1

                                                                        0ec2e40e27fe7c7c8df897e480cde0b2ccd6d3f2

                                                                        SHA256

                                                                        606ce6599084fb082840f60761d7f720848ba2ecda228d4a6af3864fbfd5397b

                                                                        SHA512

                                                                        aae3a838a7e5ccdc4f16f0e0166a30e0578b71bba868abd0f513ad8a53ecb51c78b4520d79c9bee27dfc93d766727ead921107937815605ae3a52e4f0ca8e785

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
                                                                        Filesize

                                                                        12KB

                                                                        MD5

                                                                        ab7eba140b55c6bb8649b0a891d87ae6

                                                                        SHA1

                                                                        115d5121a80ffd86faff8256f1c8c45c7d88e1e9

                                                                        SHA256

                                                                        bb6169625dd3d9bf60a7fd57a3dd050b04b61d2c85e67601be7a002ea27b4d80

                                                                        SHA512

                                                                        b439284284d19bfb2e6c520dc847e0cb2cf5a2ad595a82f42a59aab6f97d2c1d0324789a2cc72157139e08c877813073e8509346495025ffc7de06be5d4085ae

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        29c5669cf87ab9985dec12824d9d9b9b

                                                                        SHA1

                                                                        7eb69c9be6920367603c856354edb009f05a9b7b

                                                                        SHA256

                                                                        659681a4dc70d115eb0a53605a86085174e159f2be3f09f09d29b654eeb8e248

                                                                        SHA512

                                                                        558b5e4f14a4022a19d98f6b7b452e3d043c7fb297873dc1aafe184e53edac93d4aa7430cbb1db3d3016a74de86c0634c7aed82ef8eeb5a3aec1470e8763cd20

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        e256876cce21a45497201658e9c0266b

                                                                        SHA1

                                                                        5affe960aedfa32c5065761f9d211e0932887ccb

                                                                        SHA256

                                                                        ef7fc737745d25a940b1f05a9f0707f5c34a8b6d85e6f1a21d261ebb478ae286

                                                                        SHA512

                                                                        d4835ba97cd39f930562cbdf08b10d736a2eb1f9708c0fc4086a22fb5c5b20bedc7044650b51da3e520c59ec385c83684a8a566ff9aee33fdd5a4aae7b8b73aa

                                                                        Download Submit

                                                                      • \??\pipe\crashpad_2184_MTSXPMSAZCZQBVTC
                                                                        MD5

                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                        SHA1

                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                        SHA256

                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                        SHA512

                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                        Download Submit

                                                                      • memory/428-45-0x0000000000D20000-0x00000000013AD000-memory.dmp

                                                                        Filesize

                                                                        6.6MB

                                                                        Download

                                                                      • memory/428-44-0x0000000000D20000-0x00000000013AD000-memory.dmp

                                                                        Filesize

                                                                        6.6MB

                                                                        Download

                                                                      • memory/1184-2413-0x0000000000490000-0x0000000000756000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/1184-2417-0x0000000000490000-0x0000000000756000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/1184-2341-0x0000000000490000-0x0000000000756000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/1184-2340-0x0000000000490000-0x0000000000756000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/1184-2289-0x0000000000490000-0x0000000000756000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/1420-1434-0x00000000003F0000-0x0000000000400000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                        Download

                                                                      • memory/1420-1484-0x0000000005530000-0x000000000553A000-memory.dmp

                                                                        Filesize

                                                                        40KB

                                                                        Download

                                                                      • memory/1556-5590-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/1556-5628-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/1832-40-0x0000000000870000-0x0000000000D1D000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/1832-38-0x0000000000870000-0x0000000000D1D000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/2232-131-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-167-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-78-0x0000000005100000-0x0000000005136000-memory.dmp

                                                                        Filesize

                                                                        216KB

                                                                        Download

                                                                      • memory/2232-79-0x0000000005930000-0x0000000005F58000-memory.dmp

                                                                        Filesize

                                                                        6.2MB

                                                                        Download

                                                                      • memory/2232-80-0x0000000005900000-0x0000000005922000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                        Download

                                                                      • memory/2232-81-0x0000000006000000-0x0000000006066000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                        Download

                                                                      • memory/2232-82-0x0000000006070000-0x00000000060D6000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                        Download

                                                                      • memory/2232-92-0x00000000061E0000-0x0000000006534000-memory.dmp

                                                                        Filesize

                                                                        3.3MB

                                                                        Download

                                                                      • memory/2232-95-0x00000000066C0000-0x00000000066DE000-memory.dmp

                                                                        Filesize

                                                                        120KB

                                                                        Download

                                                                      • memory/2232-1430-0x000000000BC30000-0x000000000BCCC000-memory.dmp

                                                                        Filesize

                                                                        624KB

                                                                        Download

                                                                      • memory/2232-1429-0x000000000BB90000-0x000000000BC22000-memory.dmp

                                                                        Filesize

                                                                        584KB

                                                                        Download

                                                                      • memory/2232-96-0x0000000006710000-0x000000000675C000-memory.dmp

                                                                        Filesize

                                                                        304KB

                                                                        Download

                                                                      • memory/2232-121-0x000000000A690000-0x000000000A8D2000-memory.dmp

                                                                        Filesize

                                                                        2.3MB

                                                                        Download

                                                                      • memory/2232-122-0x0000000006B70000-0x0000000006C0C000-memory.dmp

                                                                        Filesize

                                                                        624KB

                                                                        Download

                                                                      • memory/2232-123-0x000000000BE80000-0x000000000C424000-memory.dmp

                                                                        Filesize

                                                                        5.6MB

                                                                        Download

                                                                      • memory/2232-135-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-125-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-124-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-128-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-129-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-175-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-133-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-137-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-139-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-141-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-151-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-143-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-145-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-149-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-153-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-155-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-157-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-159-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-161-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-163-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-147-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-165-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-181-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-179-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-169-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-171-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-173-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2232-177-0x0000000006B70000-0x0000000006C08000-memory.dmp

                                                                        Filesize

                                                                        608KB

                                                                        Download

                                                                      • memory/2352-70-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3100-68-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3100-33-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3100-103-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3440-2913-0x0000000000400000-0x000000000066D000-memory.dmp

                                                                        Filesize

                                                                        2.4MB

                                                                        Download

                                                                      • memory/3440-64-0x0000000000400000-0x000000000066D000-memory.dmp

                                                                        Filesize

                                                                        2.4MB

                                                                        Download

                                                                      • memory/3900-21-0x0000000000B60000-0x000000000101E000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3900-35-0x0000000000B60000-0x000000000101E000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/3976-5687-0x0000000000700000-0x0000000000BBE000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/4076-398-0x0000000000C60000-0x0000000000F26000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/4076-67-0x0000000000C60000-0x0000000000F26000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/4076-66-0x0000000000C60000-0x0000000000F26000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/4076-1441-0x0000000000C60000-0x0000000000F26000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/4076-48-0x0000000000C60000-0x0000000000F26000-memory.dmp

                                                                        Filesize

                                                                        2.8MB

                                                                        Download

                                                                      • memory/5168-1582-0x00000000084E0000-0x0000000008556000-memory.dmp

                                                                        Filesize

                                                                        472KB

                                                                        Download

                                                                      • memory/5168-2101-0x0000000008790000-0x00000000087AE000-memory.dmp

                                                                        Filesize

                                                                        120KB

                                                                        Download

                                                                      • memory/5168-1432-0x0000000000600000-0x0000000000A60000-memory.dmp

                                                                        Filesize

                                                                        4.4MB

                                                                        Download

                                                                      • memory/5168-1431-0x0000000000600000-0x0000000000A60000-memory.dmp

                                                                        Filesize

                                                                        4.4MB

                                                                        Download

                                                                      • memory/5168-2364-0x0000000008A70000-0x0000000008A7C000-memory.dmp

                                                                        Filesize

                                                                        48KB

                                                                        Download

                                                                      • memory/5168-2160-0x00000000091C0000-0x0000000009440000-memory.dmp

                                                                        Filesize

                                                                        2.5MB

                                                                        Download

                                                                      • memory/5168-642-0x0000000000600000-0x0000000000A60000-memory.dmp

                                                                        Filesize

                                                                        4.4MB

                                                                        Download

                                                                      • memory/5168-1522-0x0000000000600000-0x0000000000A60000-memory.dmp

                                                                        Filesize

                                                                        4.4MB

                                                                        Download

                                                                      • memory/5168-1577-0x00000000082C0000-0x00000000083BA000-memory.dmp

                                                                        Filesize

                                                                        1000KB

                                                                        Download

                                                                      • memory/5168-1580-0x0000000008590000-0x0000000008752000-memory.dmp

                                                                        Filesize

                                                                        1.8MB

                                                                        Download

                                                                      • memory/5168-1581-0x0000000008410000-0x0000000008460000-memory.dmp

                                                                        Filesize

                                                                        320KB

                                                                        Download

                                                                      • memory/5168-1585-0x0000000008C90000-0x00000000091BC000-memory.dmp

                                                                        Filesize

                                                                        5.2MB

                                                                        Download

                                                                      • memory/5432-1472-0x0000000000D20000-0x00000000011CD000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/5432-1458-0x0000000000D20000-0x00000000011CD000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/5480-2448-0x0000000000D00000-0x0000000001982000-memory.dmp

                                                                        Filesize

                                                                        12.5MB

                                                                        Download

                                                                      • memory/5480-5670-0x0000000000D00000-0x0000000001982000-memory.dmp

                                                                        Filesize

                                                                        12.5MB

                                                                        Download

                                                                      • memory/5480-2400-0x0000000000D00000-0x0000000001982000-memory.dmp

                                                                        Filesize

                                                                        12.5MB

                                                                        Download

                                                                      • memory/6240-1492-0x0000000000AA0000-0x000000000112D000-memory.dmp

                                                                        Filesize

                                                                        6.6MB

                                                                        Download

                                                                      • memory/6240-1495-0x0000000000AA0000-0x000000000112D000-memory.dmp

                                                                        Filesize

                                                                        6.6MB

                                                                        Download