Analysis

  • max time kernel
    206s
  • max time network
    213s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    04-12-2024 04:17

General

  • Target

    Top4smm Dinero Ilimitado.zip

  • Size

    1.1MB

  • MD5

    bfa47aae21e145867fa2536f3adb0fbb

  • SHA1

    b7b6eaccdf32b323421b75ad8e4e420a4527b151

  • SHA256

    a9fc07683b0c89a1a3cfba37fd4548e6b28ebf334dca8cf79d4edada41ece724

  • SHA512

    8ca4870f1949aaf6476b3ed18bfa5764110184242d0ae2d631b28b618cb167ec4de3267776be67a6bfd1de66e5f777fc75d25a8de2c75ef16578637f514906ae

  • SSDEEP

    24576:+NEcxEieY4MkUNZfAzaSbhDmRsYyAo1GMvTSplXql0pDAkddsid2g4:6Ecx5UUnfW9qRU4E2lXSH0sidD4

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes
  • encryption_key

    AEA258EF65BF1786F0F767C0BE2497ECC304C46F

  • install_name

    WindowsUpdate.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WindowsUpdate

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar family
  • Quasar payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 44 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Top4smm Dinero Ilimitado.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4824
  • C:\Users\Admin\Desktop\Top4smm Dinero Ilimitado.exe
    "C:\Users\Admin\Desktop\Top4smm Dinero Ilimitado.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:3176
    • C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4476
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1608
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd4864cc40,0x7ffd4864cc4c,0x7ffd4864cc58
      2⤵
        PID:1592
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2008 /prefetch:2
        2⤵
          PID:732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2148 /prefetch:3
          2⤵
            PID:1268
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2340 /prefetch:8
            2⤵
              PID:1476
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
              2⤵
                PID:884
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1
                2⤵
                  PID:1840
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:1
                  2⤵
                    PID:4940
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4840 /prefetch:8
                    2⤵
                      PID:1012
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4880 /prefetch:8
                      2⤵
                        PID:2236
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5088 /prefetch:8
                        2⤵
                          PID:4276
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4424 /prefetch:8
                          2⤵
                            PID:2824
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5132 /prefetch:8
                            2⤵
                              PID:1872
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:8
                              2⤵
                                PID:1368
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5220,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5248 /prefetch:2
                                2⤵
                                  PID:560
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5284,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5524 /prefetch:1
                                  2⤵
                                    PID:4760
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4464,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4036 /prefetch:1
                                    2⤵
                                      PID:388
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3224,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3256 /prefetch:1
                                      2⤵
                                        PID:3372
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5348,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5500 /prefetch:1
                                        2⤵
                                          PID:1872
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3240,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3388 /prefetch:1
                                          2⤵
                                            PID:1608
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5156,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4892 /prefetch:1
                                            2⤵
                                              PID:2496
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5780,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3256 /prefetch:1
                                              2⤵
                                                PID:5116
                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                                                2⤵
                                                • Drops file in Windows directory
                                                PID:2640
                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff62a274698,0x7ff62a2746a4,0x7ff62a2746b0
                                                  3⤵
                                                  • Drops file in Windows directory
                                                  PID:1344
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4040,i,18294719982832198618,8912762583634826292,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5984 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1228
                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                              1⤵
                                                PID:3120
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                1⤵
                                                  PID:4628
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\MeasureProtect.htm
                                                  1⤵
                                                  • Enumerates system info in registry
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • Suspicious use of FindShellTrayWindow
                                                  PID:824
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffd5dda46f8,0x7ffd5dda4708,0x7ffd5dda4718
                                                    2⤵
                                                      PID:2680
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                      2⤵
                                                        PID:4156
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:8
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
                                                        2⤵
                                                          PID:4192
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                                                          2⤵
                                                            PID:4644
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
                                                            2⤵
                                                              PID:5004
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                                                              2⤵
                                                                PID:2476
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                                                2⤵
                                                                • Drops file in Program Files directory
                                                                PID:3640
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff6af3a5460,0x7ff6af3a5470,0x7ff6af3a5480
                                                                  3⤵
                                                                    PID:3892
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3952989886015916142,2734102632131391286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:2520
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2488
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:324
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                    1⤵
                                                                      PID:4984
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                        2⤵
                                                                        • Checks processor information in registry
                                                                        • Suspicious use of FindShellTrayWindow
                                                                        • Suspicious use of SendNotifyMessage
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:3212
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b9e783-73cf-42d1-ad51-aeaaf63fe88d} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" gpu
                                                                          3⤵
                                                                            PID:1860
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {291f6f83-0a0e-438b-a701-86a2bfc4b90b} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" socket
                                                                            3⤵
                                                                              PID:3964
                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3228 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4453a037-ec53-4f7f-9419-511701cbeb4b} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" tab
                                                                              3⤵
                                                                                PID:4412
                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4036 -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8ecd181-231d-4560-99ba-e929886d96b5} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" tab
                                                                                3⤵
                                                                                  PID:4644
                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 2660 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c086ece-5079-4c51-9f92-a2271638ce85} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" utility
                                                                                  3⤵
                                                                                  • Checks processor information in registry
                                                                                  PID:5588
                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511a420b-ab40-4871-a192-97f7da996e97} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" tab
                                                                                  3⤵
                                                                                    PID:6044
                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5556 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4eee9cc-ff48-450a-8d3f-9e53bcec87c9} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" tab
                                                                                    3⤵
                                                                                      PID:6056
                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {811d73ef-46a6-4ec6-b9f5-a4a108502512} 3212 "\\.\pipe\gecko-crash-server-pipe.3212" tab
                                                                                      3⤵
                                                                                        PID:6068

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                    Filesize

                                                                                    649B

                                                                                    MD5

                                                                                    9e9387e8f4edf8c8fe03e3504837d7fd

                                                                                    SHA1

                                                                                    3c8e7e07f8661e098930428a44bab41a76b02cec

                                                                                    SHA256

                                                                                    416b63795e95be546e66950b5ec4d745efc4244c1cb1a163c0f731f5352cfdbd

                                                                                    SHA512

                                                                                    20f88af8e37c44e0f3a4aced49e6334d253c2cfe6f8469a6983ea825a34efe3420a06f0f4a46822c22be3c2600e49c250454a4ed2d24c26685258cc95e77ac79

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

                                                                                    Filesize

                                                                                    47KB

                                                                                    MD5

                                                                                    0d89f546ebdd5c3eaa275ff1f898174a

                                                                                    SHA1

                                                                                    339ab928a1a5699b3b0c74087baa3ea08ecd59f5

                                                                                    SHA256

                                                                                    939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

                                                                                    SHA512

                                                                                    26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                                                                                    Filesize

                                                                                    63KB

                                                                                    MD5

                                                                                    226541550a51911c375216f718493f65

                                                                                    SHA1

                                                                                    f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                    SHA256

                                                                                    caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                    SHA512

                                                                                    2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

                                                                                    Filesize

                                                                                    62KB

                                                                                    MD5

                                                                                    c813a1b87f1651d642cdcad5fca7a7d8

                                                                                    SHA1

                                                                                    0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                    SHA256

                                                                                    df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                    SHA512

                                                                                    af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

                                                                                    Filesize

                                                                                    67KB

                                                                                    MD5

                                                                                    b275fa8d2d2d768231289d114f48e35f

                                                                                    SHA1

                                                                                    bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                                    SHA256

                                                                                    1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                                    SHA512

                                                                                    d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

                                                                                    Filesize

                                                                                    19KB

                                                                                    MD5

                                                                                    2e86a72f4e82614cd4842950d2e0a716

                                                                                    SHA1

                                                                                    d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                    SHA256

                                                                                    c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                    SHA512

                                                                                    7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

                                                                                    Filesize

                                                                                    215KB

                                                                                    MD5

                                                                                    2be38925751dc3580e84c3af3a87f98d

                                                                                    SHA1

                                                                                    8a390d24e6588bef5da1d3db713784c11ca58921

                                                                                    SHA256

                                                                                    1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                                                                    SHA512

                                                                                    1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    1e7d0fd931c9a5cee88a04141a38a9a6

                                                                                    SHA1

                                                                                    36b10f2071ccdacd14b86d08f1b48d7fd06d8b7d

                                                                                    SHA256

                                                                                    d39ee68c0268cd63276e332fa7e56c25881b426c77b9e1fe804f61c263854a5b

                                                                                    SHA512

                                                                                    4c7eed988232c56b679538e94051ee92411eac05cfe46394001bad45aa6e25d41152aba34421275c9047ed6db6e00bb89bd5a42b708c0c67a1e5f90b877a216f

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                    Filesize

                                                                                    264KB

                                                                                    MD5

                                                                                    99dd9ad9a395343bd048d034cb4eb29f

                                                                                    SHA1

                                                                                    758fe3667105d43e9b2c40e8cc357f9fd4fa8ccd

                                                                                    SHA256

                                                                                    9c9704d9837f6fbedfe75fd18ba023ccf812ab180a6a943046460331e4e75634

                                                                                    SHA512

                                                                                    e450558e6e40418cec730b33813aac03df2f125c74c8feabe760d0cee74a51d46ff40812854157b3e4c6df3fb1e1f77f1f2b28dbc1f6437744dea3fd84550eaa

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

                                                                                    Filesize

                                                                                    851B

                                                                                    MD5

                                                                                    07ffbe5f24ca348723ff8c6c488abfb8

                                                                                    SHA1

                                                                                    6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                    SHA256

                                                                                    6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                    SHA512

                                                                                    7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

                                                                                    Filesize

                                                                                    854B

                                                                                    MD5

                                                                                    4ec1df2da46182103d2ffc3b92d20ca5

                                                                                    SHA1

                                                                                    fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                    SHA256

                                                                                    6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                    SHA512

                                                                                    939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                                                                    Filesize

                                                                                    41B

                                                                                    MD5

                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                    SHA1

                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                    SHA256

                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                    SHA512

                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    46295cac801e5d4857d09837238a6394

                                                                                    SHA1

                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                    SHA256

                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                    SHA512

                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    8e8c8d445306c24658cd056afcfee079

                                                                                    SHA1

                                                                                    69ae03481fdb00cbdb3891d0e2650afd9184c2cf

                                                                                    SHA256

                                                                                    d7620822112f4568b9e506d4e3480f72b9d6752805ca4f692b79a4057a3fae9b

                                                                                    SHA512

                                                                                    67f739f2dcc1be84c3b211a801b9ce3f67ac3d78f16bc57521341210cb8977cbd2f04b790a24dea9106f75c5bd54d20ebe3a9219163d8d542e6c249be62f0bac

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    ffea821ea8197c0ae4e4d078dc932201

                                                                                    SHA1

                                                                                    a896957553e36bc103ff88c4e3b217d7dcf0ddc0

                                                                                    SHA256

                                                                                    fe64d411488968acc3dac2cc48c24b5cbd254d155a6f834cd15810912594f1fb

                                                                                    SHA512

                                                                                    5be8bc130b308d618fd711769ab54622accf2b193ff9889295775cfffebb0000b087321fb490b42ca6be7811c2aaadc65746186189063d34018dcbdba9098bb4

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                    Filesize

                                                                                    2B

                                                                                    MD5

                                                                                    d751713988987e9331980363e24189ce

                                                                                    SHA1

                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                    SHA256

                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                    SHA512

                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    fde815562b79d5138244975192c29a9f

                                                                                    SHA1

                                                                                    9275ea0ef2b30137858c7934188323809b6e8a01

                                                                                    SHA256

                                                                                    dc36be75385c62b9332818627f2de08c00199a6a85d62fa64f305252e13ee15e

                                                                                    SHA512

                                                                                    76f3cc3a9e1816e44c535223feb7e6f186586fb538f921c65a1a6cc5be8cf2ec542fe8335f538c87cd21629c42c3123e8cd6531cecfe7a077263e2b7d728c5d0

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    5110a8f9ef71f79292592f01a267086e

                                                                                    SHA1

                                                                                    e4439d1e2198373c029dae3cfb13bfc152fb3a8f

                                                                                    SHA256

                                                                                    2dde61c331f90fafd0b080e6fd75440bff0d3531d50260ec28ea6b662f2ef7f7

                                                                                    SHA512

                                                                                    d7c6c4bd1d8e65c9159ab554283e2e6defa50f3fe78a3b68a82e8a9746d27ce38609b5ee7d60af947214eb02fc91dc15b6d1830acb11820449e7416b124d2fc2

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    14b36d4224cc98b36e8379c79795c2e9

                                                                                    SHA1

                                                                                    fc10aac606ddb42f7a9ad5096611b6ed2df3f1e6

                                                                                    SHA256

                                                                                    bfda409417ce29c8093af90e7f0b76b744e64ebd54f9f4d91f35e8dfd6352b74

                                                                                    SHA512

                                                                                    3024f9a25241d924b80b10a331e36d47340b8a664d025ee315b58519e8c84a68fc1067194b6652db713408230f83be732b44f34bb0f1004b62c7c1783729ec26

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    3f32d1fccfc3fbe3c95bd6f6ded5f20e

                                                                                    SHA1

                                                                                    3f8e4b7eb8cc1c0f49ef9ef7005f8d33379abbf8

                                                                                    SHA256

                                                                                    97a4172ed6b5868d945a0e1ba002c4821714686df1e02f9396c52b9c425cc7d2

                                                                                    SHA512

                                                                                    6f84423ac2614b306f9b5dd8117515b30387c910a14d17ae94d96fc286fd03860f2970eba0c4170cc1b1805b81b7d988a964db5bfbe4b77064f96dc207237ebf

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    162783ce4d0ed67c36d5dd067b05dccb

                                                                                    SHA1

                                                                                    69f51a3eb1136616a72c98ac060c0d1ba94941d9

                                                                                    SHA256

                                                                                    35e80dbd83e7b4d4a7b7c0e4a6503375308642917f04aa51a54aa7ca4dbfa60a

                                                                                    SHA512

                                                                                    5c6ee3baf990d332ed7483dba45aec00aa1459f32121c18eb59744fc47f72dabb1ae5652a75dec62bc53731fa7aa856baf499d238665ff95e393659d4e28e3d3

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    e2945631342e3524ac17f273f79e6e19

                                                                                    SHA1

                                                                                    6f21a2219e48c27032976a0d07f76224a1e757e3

                                                                                    SHA256

                                                                                    9655e1bc8a7997effd30c289528b4ad069e7e286a4f945d11f3a3557e3f420e7

                                                                                    SHA512

                                                                                    b6860f281a9bd3b3cb8c041ee1e00dc55dc4bcb3b7fe81156347f3dc1cfe84abd2fe1fefc87f34745a282206f4e7ea318fc0d112cd83ba96d9aaf1d0219921fa

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    69e603a6ada74ac583077fe016db6f00

                                                                                    SHA1

                                                                                    e621b18edd4f69738bddf22374fffa831e821fbc

                                                                                    SHA256

                                                                                    8f763e8316e95928ccbe8684bc6537b15eaa9857650b0b8a4f0a292f207be7ae

                                                                                    SHA512

                                                                                    6ba0daa0e699f66d20ad4bf7055dd4f6ec0e58783cd6441aefa135c2ec2ae678145183827ae5ceabaa92c4798ab6e921612bed3cef0fd249527c05a91cc0009b

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    5547848dbfcb6dc2b651b7decef60221

                                                                                    SHA1

                                                                                    6462a82c68dab5d60cadafd4b39d638b198637c1

                                                                                    SHA256

                                                                                    bb5631fe2324c709f7ce9033a9bf5117bddf57d1db57f6c8d2dc6f896ccff3df

                                                                                    SHA512

                                                                                    d67c7777c3753166cf1b36797e77a3a5f0442f36220d2a440ed637dd24bec49732512d6dabda40d1a87c78a8aa9aa3c619f547a33f03c9cb115b34fa14673768

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    9b61227f517aaa379533a217e6fd9a98

                                                                                    SHA1

                                                                                    8f43fdf0710be8a27135de2f5036890a93f1c247

                                                                                    SHA256

                                                                                    a5c98d198ab2153c6fc3a468c131b1e97097116e577d47a28e7d50aba2f842aa

                                                                                    SHA512

                                                                                    17211d5d79262b7f36bad26f7fb1731a0582d26f99dff352bebbb217be41d38de661360a2a4c289f6ae7347e12a2d5a3230592c313835bc867fbc67cac9f11b5

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    6c3a6f44a690c8a777d1735e35ea55ab

                                                                                    SHA1

                                                                                    0668708f922e5ab97bf0b7d9ca74223ed509af00

                                                                                    SHA256

                                                                                    004e650d7f253da40487de2ef3c95f981a2d9d4a677798e102839b107989c4c1

                                                                                    SHA512

                                                                                    d6267c732e025be45077bcf870f85afb44802584c0da4251ba3903e1cf726741845d13188e85310dfdfda151cce58111091d67f94188f4ba5e2b1b40fad349d0

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    9KB

                                                                                    MD5

                                                                                    52401b51988b1adb243f0c468ff362b7

                                                                                    SHA1

                                                                                    976482d6c7d3461d00ebba6db649117bb40eb9a9

                                                                                    SHA256

                                                                                    0c54e98870e2daf16e0bfacd83f4255c7b547852d84938d92e14b0d263a9bd4c

                                                                                    SHA512

                                                                                    96c336ce0fc7c5e27f7a0532bad010505587afda427b5bb2496df2cd61f9c8ae052c69291c41f65e24c2d8cbc7a719c45fde65c4c4884d6682e3e7a493acd289

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    c3e98122ed0e005b1e9ab0674e032e44

                                                                                    SHA1

                                                                                    2deb41fb64895896d7eb9f4b89d199b1db923ef2

                                                                                    SHA256

                                                                                    b607e5ab1c40b84d2255b3ff385e3d518656af5127b777e6b356ef83a6b934b0

                                                                                    SHA512

                                                                                    75b47e11055f90d0f4a87c3eba0113516c8ccbb711a89fa089dbfeb1230ebf4829741d022c0e0197a80335e20c72df1e6fa387e3d8c47a1bd498fe3362294964

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    9KB

                                                                                    MD5

                                                                                    a12390715ff81b93e1c81eedbdf3d17a

                                                                                    SHA1

                                                                                    eba00a622532316713769c74ebefff46f669d4cd

                                                                                    SHA256

                                                                                    ebd567b548780319cbfdd9217a945b463f347dcce3acf33f846fda4698bc9fc9

                                                                                    SHA512

                                                                                    2bf1c62ec29f0831c4bc976ce34c6dca425d152de55e6596b1602b25d02a2c9cdfb931bacf0fa242afa4e29380f273de0c683164e5a986e7b2cc743d9b91d40b

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    2c3092f779c47027682ca6e6422dcb8d

                                                                                    SHA1

                                                                                    5c0a5a26100427104c50767abafc79f73785e093

                                                                                    SHA256

                                                                                    205fc757e86ad27e0eb888d74f47075b027cfacb13abba1253b8a9794bdf90ae

                                                                                    SHA512

                                                                                    763a27afe096cade36643591278c14c7ca59902d669a970a0c3527e50d986fe23439fe33169ef0883dbf8f54f46ce4dc92060adf829d6d7f8f0ed721789e5b76

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    a6e2f8405d47e9a50ef5f4bd27dfe821

                                                                                    SHA1

                                                                                    507e96abd68706f2291c75fdf87a5c14d57f3225

                                                                                    SHA256

                                                                                    3f5ee70c167a7f556e67f28adf7aad2e6e034fc9ec8eb880b9bd97e2edebe1d6

                                                                                    SHA512

                                                                                    7fff03574e3fe03067464ccfbaaf63f6954a7339bf1f9f456a753cba6b9d7c70e0abd2f8d98323aee77d8d31f2973bddf34bc61e054d44aa1289dde4276bc604

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    9KB

                                                                                    MD5

                                                                                    5b35ff127ecc10c14a74237fdb8b50cd

                                                                                    SHA1

                                                                                    cd622c07b56de6c4502c0362f271a93a2d7ab056

                                                                                    SHA256

                                                                                    70a490e2f4f68719a728c5f76152f1862870abcb46c3d10214995f45aab3a3de

                                                                                    SHA512

                                                                                    87a077c67a86b720a69618c7a2d4d0299c88eecb13945274c05c057e8ba7d85601aef19dc2a73140a295be354e82747f335ab6643fa919e2e0898892e62eb9f7

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                    Filesize

                                                                                    15KB

                                                                                    MD5

                                                                                    90876cf3958abbdd044ee9b60d60ad7c

                                                                                    SHA1

                                                                                    90dad1d55f489f35d89c64648aa3c655172cd591

                                                                                    SHA256

                                                                                    022c216162264cc8eefea81ebd20a707b06e3fcfdff3684ee8ced3d39a751fa1

                                                                                    SHA512

                                                                                    77ac8ea6ff77d0bd0618688f211026ceaff570992b6236d2c6d5c1d26ac021222160023772e7f0535edf45cb6d5948df23b5a5751aa81358043735ef65205b95

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                    Filesize

                                                                                    72B

                                                                                    MD5

                                                                                    4d9b936a97a848f2471830460b27eef5

                                                                                    SHA1

                                                                                    1fbf10f54fc5c563fd6a6bc2ab42271f3ce2bb58

                                                                                    SHA256

                                                                                    10690fc38c5bf9948116ec7ddab8dfb7b30733798018a49fea3aa4bd6674c26b

                                                                                    SHA512

                                                                                    ab6395a6654d201dfe36d569c02e75adf14134734409ea6a5e785407cd52da83bdfe001ad536d3a768bd684fd1ddc0997a29506b08b99653c62732f403f877e2

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    236KB

                                                                                    MD5

                                                                                    0d8c0689d1bd79651d55936a507791a3

                                                                                    SHA1

                                                                                    9c8453d5099a2930be76a377b6fa7fb688966565

                                                                                    SHA256

                                                                                    aee10529b2dc704b026d6778a0ff17be641288a5eae25c03fb3b9d12233ba56c

                                                                                    SHA512

                                                                                    80e99565d8f9e437e06aeda942b5936c6fccc0d6c4bbe10d329f32f17cf9507a7a37e0ef466c0288ffd16e6cd0551026f5cdbfc625be2e609821554c3749f19c

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    236KB

                                                                                    MD5

                                                                                    3df68a1ecd65b443a68c0c488d9de4e9

                                                                                    SHA1

                                                                                    ec7349e359a473ccdcbfb16e7c99c71286635378

                                                                                    SHA256

                                                                                    69ca355ae08f979ce1f6643475d393c49801312eae10ea649464cd24f78e671d

                                                                                    SHA512

                                                                                    7a46dd006cc54e999b79ef6c7a8eb3eadd992488c4b3efdaca7349acc40a82af0ac09e643a76f79faf32f962385010bbabcc308824e286c7c908df2fe930972a

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    236KB

                                                                                    MD5

                                                                                    b1cfb7055e506281dedb4fec9f667cc4

                                                                                    SHA1

                                                                                    1b57e9885baa621670beda4fc7d5c79d2f7347f9

                                                                                    SHA256

                                                                                    d48ebac2d9f11b9b38578f51127fbf39a0af79b2d66f5c9ef59a8b1c80d63b29

                                                                                    SHA512

                                                                                    70f40032139499e8c3b6f09b7be70b183d0ae48602aba367327264d28bbe4e3ebbbdc9b7def377744837fb4e07a311ee532efbe05587bee97789118aa994e858

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    237KB

                                                                                    MD5

                                                                                    390b5fb2f580959649b0a3ab799168a1

                                                                                    SHA1

                                                                                    7660057d657679c945269d9d29b41d63a227376f

                                                                                    SHA256

                                                                                    2895eb22a46dbbd986bcff49d769e620e37898c9ab3c8666666abcbc6e932306

                                                                                    SHA512

                                                                                    19a88fa80fc742d5f431b4e6d106ce6fe15fd33c81ad6df679027e3311e39ffd7a493d7ff9214789b701e73766a8709bfe05f4a910ea8d1018de4c3d603e1250

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    237KB

                                                                                    MD5

                                                                                    0e433e7804ed30ab1dfef698c2592b9d

                                                                                    SHA1

                                                                                    433b64a54c0ec1cdff1b7b520855cb25b1256a6a

                                                                                    SHA256

                                                                                    7116e39e7f179b63b7907f7d9396f362a7e5e57731fd9db23051b5b7d0887a7e

                                                                                    SHA512

                                                                                    7f353333f17ab524af80a6496e28def2d4e568667e91ffa3fe515f110329f9160fb54a8a212aae590566e7ca3f1661df695f2cb48a255b1e0b917b7fa48b73d4

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    236KB

                                                                                    MD5

                                                                                    01b76f68e692acdbdda8e9857325c714

                                                                                    SHA1

                                                                                    95de844b1e67b06cbf21daffc4b8aad47ee8e173

                                                                                    SHA256

                                                                                    0c92236b4af90cb404e099078e15f47f2ed35f595cfc05c61363f28c705d715d

                                                                                    SHA512

                                                                                    9c6f83fff971444fa564947291db4329820d48b204a330905ed3087de2ca09e4c480a9320300c8358ce5a5462763186179da0956ee59737eba8ad69b58920394

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    32d05d01d96358f7d334df6dab8b12ed

                                                                                    SHA1

                                                                                    7b371e4797603b195a34721bb21f0e7f1e2929da

                                                                                    SHA256

                                                                                    287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

                                                                                    SHA512

                                                                                    e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    b5fffb9ed7c2c7454da60348607ac641

                                                                                    SHA1

                                                                                    8d1e01517d1f0532f0871025a38d78f4520b8ebc

                                                                                    SHA256

                                                                                    c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

                                                                                    SHA512

                                                                                    9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                                                    Filesize

                                                                                    70KB

                                                                                    MD5

                                                                                    e5e3377341056643b0494b6842c0b544

                                                                                    SHA1

                                                                                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                    SHA256

                                                                                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                    SHA512

                                                                                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    0962291d6d367570bee5454721c17e11

                                                                                    SHA1

                                                                                    59d10a893ef321a706a9255176761366115bedcb

                                                                                    SHA256

                                                                                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                    SHA512

                                                                                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    41876349cb12d6db992f1309f22df3f0

                                                                                    SHA1

                                                                                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                    SHA256

                                                                                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                    SHA512

                                                                                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    4KB

                                                                                    MD5

                                                                                    72ac76ae6015c9ac2006a11e11984b77

                                                                                    SHA1

                                                                                    8bd0f3bf20f656a30fb01401197606f40ae55494

                                                                                    SHA256

                                                                                    34dec69825b26f94a57db0bb8f76cf476b09f29dd54f2dd014fd884b2967b382

                                                                                    SHA512

                                                                                    7b762b2b11cd3938a99e9390f9bf504becd1089543b07ca2736fe3809184925b21a23661457f2120e50b0ce55a641c406b069cc1027eb8ca706e293f0699b3b9

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    e6c974da75ebdf2e39d29294eefde41c

                                                                                    SHA1

                                                                                    e3d4fde75d4a277b845b009fa138ee72d84b8e05

                                                                                    SHA256

                                                                                    bbbb5ed8a64649adbf4ac0444ec5b9de7df4884d8c5bbc84c42498a6a14faa9c

                                                                                    SHA512

                                                                                    3f6b3f3d3bb74c9e72b17b785ae26d1e98e622b783dd69679e4bf10bb9e41f758713562bdea5e614a1b11cb0672edaafc91be9a205997ce13d9dd16b4c97e3a5

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                    Filesize

                                                                                    24KB

                                                                                    MD5

                                                                                    6e466bd18b7f6077ca9f1d3c125ac5c2

                                                                                    SHA1

                                                                                    32a4a64e853f294d98170b86bbace9669b58dfb8

                                                                                    SHA256

                                                                                    74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

                                                                                    SHA512

                                                                                    9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                    Filesize

                                                                                    24KB

                                                                                    MD5

                                                                                    8d97ac65c35acc2a4db41c029f23d1b6

                                                                                    SHA1

                                                                                    ce80016b5268436e332d39de26a1d08c46e0319f

                                                                                    SHA256

                                                                                    535f78b19014b6a4412df37250262332869c74fbe4f63eb80c9a46d507c306f7

                                                                                    SHA512

                                                                                    8f14210be7b8a85ca4edf54c8f6a4a80c9cdb5abbdb3a500463db2225a0c39f89977f523da327e725cd8d1fdb73b055a44900b704f33a8e7ba0797a554adaffd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                    SHA1

                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                    SHA256

                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                    SHA512

                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd22f7f0-b4be-43b4-af5a-c325fb93d0ec.tmp

                                                                                    Filesize

                                                                                    1B

                                                                                    MD5

                                                                                    5058f1af8388633f609cadb75a75dc9d

                                                                                    SHA1

                                                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                    SHA256

                                                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                    SHA512

                                                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    ee75f1e345ca26bf003362ed5e48c33c

                                                                                    SHA1

                                                                                    86353c9fcb95e9ce9c7e981ce27ad4de746d13cf

                                                                                    SHA256

                                                                                    79c0da9f02a0dd4ad476f943fa006bc4af87422918444876068f44611a6e8efc

                                                                                    SHA512

                                                                                    50ba0343e4ed23e44597e5d88f4fd42d7719bc18013bcab2516ef12196379cc8580eb053113c236cf594d32ad703a338236e782b79403b588a4ae316a01529f5

                                                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                                                                    Filesize

                                                                                    15KB

                                                                                    MD5

                                                                                    96c542dec016d9ec1ecc4dddfcbaac66

                                                                                    SHA1

                                                                                    6199f7648bb744efa58acf7b96fee85d938389e4

                                                                                    SHA256

                                                                                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                                                                    SHA512

                                                                                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir4756_305976605\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                    Filesize

                                                                                    711B

                                                                                    MD5

                                                                                    558659936250e03cc14b60ebf648aa09

                                                                                    SHA1

                                                                                    32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                    SHA256

                                                                                    2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                    SHA512

                                                                                    1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    4c8204017fc2bd35d55dcd5ed4be1845

                                                                                    SHA1

                                                                                    acd8563be635557a2616a9cb5f65cf48228c45c1

                                                                                    SHA256

                                                                                    23a26924e2d14c9e2080d73462e9df9dabea57b74225140a394c980c080e7cd9

                                                                                    SHA512

                                                                                    a93b4d2074f57fbcefb528eaeb513f7f301302175106bf503335990e6efb4ae434117d50c23c922319fb07828bdcabc61ed0e14202e268691fe8d70d6f48747f

                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    2293b5d88d0cd04aab0df5973d0f514c

                                                                                    SHA1

                                                                                    a8dd7652f6198cf0a9f182322b17072c9bb8307e

                                                                                    SHA256

                                                                                    88e634bada355a2e2266cece22c15400fc5dd64e46c6aa62f926a98f81b6670f

                                                                                    SHA512

                                                                                    144473765e6ccb95bf9f5e139c829b13804505bddac7538a1603a04aadbc1db326fa726f24bfd3a9f5c472231859826e51e3a2157250b63a3099d5c2ca882779

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    5a7a23e5b4ebd5f6140d8bb0770b9eee

                                                                                    SHA1

                                                                                    ffbaae948e30e04df5379b48864395c42278e397

                                                                                    SHA256

                                                                                    0cead2c3d93905eca423f0a2cb373694c5c5208dbdc6dff1a862a84064a370cb

                                                                                    SHA512

                                                                                    576f79fdedf9c6c45f9bed0ff6809e997c22b66b575c0c476d44ca1a51f8bebea77abac18aa2586669e0219055b48c847a07849362fc1f708ce859a4fb4f48f4

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    f709d85369f97f1df83365c4e8663495

                                                                                    SHA1

                                                                                    11f486b11c152fb9658516ba29426c31b87e5ad1

                                                                                    SHA256

                                                                                    1f0b05a25ff39fb9177a9a24ba6013df1102c6360e3b8dac315d35f99d9eccf3

                                                                                    SHA512

                                                                                    c891217a345bf41747a7e330c2404e667b8ea9c9ce1215a98529129b660931d0a63ffd6d1ed51350cb1d0f97b3bc7ca8d0f2e18ee822c07004a1b89be35d5ce7

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\0691c581-57c8-4d3b-a3a6-3b5a4383b7bb

                                                                                    Filesize

                                                                                    28KB

                                                                                    MD5

                                                                                    3737729fad221e8db0b81a59b09f4955

                                                                                    SHA1

                                                                                    b22a04bd764145372816f32e89424777566e7e86

                                                                                    SHA256

                                                                                    96d3e4bcd8ed71bd0611d1e329c784badbdb46e8baecd3d0659b621ce0ca944a

                                                                                    SHA512

                                                                                    36814f54ec35fac4dbd2055948a2956f8b88b67de50137df48e5175a5a452a3c13bd228d56f62a517214a6ab24472be377ecb3e45629b694d0defbc2a7451929

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\c760ca0b-4f55-45d0-9a47-9de5de839f49

                                                                                    Filesize

                                                                                    982B

                                                                                    MD5

                                                                                    fd5d222186f37d1f1b3af8131ec082c7

                                                                                    SHA1

                                                                                    d7d369b574350ad3382f4dccecfc942e2b9e87ee

                                                                                    SHA256

                                                                                    4f40b4e426380d2f9913207c198130390bacdad8577aefe17dd872f12ac47e74

                                                                                    SHA512

                                                                                    87d7c3c79126651c39b3a69622a7d797ee56554b9deff005c1371d8629bffbd445d76af958b5b66de00d490045b0bf47066e5fdea2745f0b59bd1bf3fea0212a

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\da105a9e-5c6e-4cf4-8433-9f33cf0b3381

                                                                                    Filesize

                                                                                    671B

                                                                                    MD5

                                                                                    eec17d295480c06d619fbc1f4d98c110

                                                                                    SHA1

                                                                                    c952845970a8288781fdd88f9efd1d2b618e9e71

                                                                                    SHA256

                                                                                    9bc969000ffd4b84ef77e4aa10cccfbefa2fe8e53de81e8d8b06c6b32b0829b8

                                                                                    SHA512

                                                                                    4df625cd880e30adb89b651678be4569fbac8ac2bfd214469aa2ed2219da54824be2c51931120bb4a0562a0f293a270392756d44401f9652cb639873ca3dfe02

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    4d7b7fdab95355ef4b1b003db2d9d4c6

                                                                                    SHA1

                                                                                    85abbb3b70b7e353abd6f11e728a92114244afef

                                                                                    SHA256

                                                                                    d2a17b1d2558883a80dbfe0e18949de1abea66f3e4f1b007162a1ab227f16d3b

                                                                                    SHA512

                                                                                    282c5748ad4e2b319d2fc10b9ee02325fbafcd7f82dccf53975edcdffe41ca81c60642047b1997e89827e745fffce8844d5db990e5806e9160114d97b4816e5a

                                                                                  • C:\Users\Admin\Desktop\Top4smm Dinero Ilimitado.exe

                                                                                    MD5

                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                    SHA1

                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                    SHA256

                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                    SHA512

                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                  • C:\Users\Admin\Desktop\Top4smm Dinero Ilimitado.exe

                                                                                    Filesize

                                                                                    3.2MB

                                                                                    MD5

                                                                                    74474ce327c2d8e2b74eba981a7e3249

                                                                                    SHA1

                                                                                    48544696b4ce7c96559a791efb58ec7481092454

                                                                                    SHA256

                                                                                    46ca3722c1851d6a68aea45c19e64a4c735eb236403e172422d02bbff4e35cca

                                                                                    SHA512

                                                                                    0c5b75305b19e0dcaacb9f3df556cdb136c002a5732625cb096fdd0a69e4a6a4b96507bb2948b847e2726d98e424462a237e0c0cecb1210c45cef52c7c1accc1

                                                                                  • memory/2116-7-0x00007FFD4DD40000-0x00007FFD4E802000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2116-10-0x00007FFD4DD40000-0x00007FFD4E802000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2116-6-0x0000000000960000-0x0000000000C92000-memory.dmp

                                                                                    Filesize

                                                                                    3.2MB

                                                                                  • memory/2116-5-0x00007FFD4DD43000-0x00007FFD4DD45000-memory.dmp

                                                                                    Filesize

                                                                                    8KB

                                                                                  • memory/4476-11-0x000000001B370000-0x000000001B3C0000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                  • memory/4476-48-0x000000001DC20000-0x000000001E148000-memory.dmp

                                                                                    Filesize

                                                                                    5.2MB

                                                                                  • memory/4476-16-0x000000001C850000-0x000000001C88C000-memory.dmp

                                                                                    Filesize

                                                                                    240KB

                                                                                  • memory/4476-15-0x000000001C7F0000-0x000000001C802000-memory.dmp

                                                                                    Filesize

                                                                                    72KB

                                                                                  • memory/4476-12-0x000000001C8B0000-0x000000001C962000-memory.dmp

                                                                                    Filesize

                                                                                    712KB

                                                                                  • memory/4476-17-0x000000001C810000-0x000000001C840000-memory.dmp

                                                                                    Filesize

                                                                                    192KB