Resubmissions

11-12-2024 21:15

241211-z3ywsaymey 8

11-12-2024 21:10

241211-zz95mssrcl 3

Analysis

  • max time kernel
    2696s
  • max time network
    2612s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-12-2024 21:15

General

  • Target

    MalachiTemp (2).zip

  • Size

    11.7MB

  • MD5

    6547f016ad4a2a2ac21830cdc787bf3f

  • SHA1

    7ea0143a1b4bfd234b5df31017d03cf82e914337

  • SHA256

    53288348c08f054b6d7d9a10a74b45c202ccd86ebd6636a889e8600f85b199f6

  • SHA512

    c8037af6e178a9067031fb6c6da5e86a9ec12b71f6f3e536566700719ee5a44d3df5fcbc30d6c2cbc6ef292467962f8c9b2048092d7ae0861888e7228499f801

  • SSDEEP

    196608:E/IbMxdZb3hTqr1dUn//P8djLpaawweZps8im3izDKt1VlenB34M/3vNW3RxtMFM:EaiZbxTqrnUn//OjFJM6Kt1VQ2M/v8M2

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 23 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Detected potential entity reuse from brand MICROSOFT.
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MalachiTemp (2).zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4248
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2892
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:996
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ac50a2-f1fc-455f-969a-0baf437b800c} 996 "\\.\pipe\gecko-crash-server-pipe.996" gpu
          3⤵
            PID:4940
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55769d3c-220d-4d1a-bdf1-62fa6eb9c15f} 996 "\\.\pipe\gecko-crash-server-pipe.996" socket
            3⤵
            • Checks processor information in registry
            PID:4664
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3320 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a7eb609-e716-462a-911b-35ff4daac0ff} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
            3⤵
              PID:800
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0a81e5-c812-48f5-b834-ef1ee0778ca2} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
              3⤵
                PID:1468
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4524 -prefMapHandle 4420 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de98ad04-b6e9-44fa-a658-729ae3df99e4} 996 "\\.\pipe\gecko-crash-server-pipe.996" utility
                3⤵
                • Checks processor information in registry
                PID:1572
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 3 -isForBrowser -prefsHandle 5572 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4901d5be-892c-4f1b-8fa4-f25f77f97631} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
                3⤵
                  PID:1476
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca327564-1620-496b-ba89-0689f97732d3} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
                  3⤵
                    PID:3244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5960 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5888 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ec9b41-c17d-45c5-a3e1-41c51ac91951} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
                    3⤵
                      PID:2368
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -childID 6 -isForBrowser -prefsHandle 6268 -prefMapHandle 6264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e11cf5-c808-4950-8924-b367c27f193e} 996 "\\.\pipe\gecko-crash-server-pipe.996" tab
                      3⤵
                        PID:4956
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                    1⤵
                    • Drops file in Windows directory
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:4012
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ed4fcc40,0x7ff8ed4fcc4c,0x7ff8ed4fcc58
                      2⤵
                        PID:2480
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
                        2⤵
                          PID:2992
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1704,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:3
                          2⤵
                            PID:1996
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
                            2⤵
                              PID:4832
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
                              2⤵
                                PID:3184
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
                                2⤵
                                  PID:2164
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:1
                                  2⤵
                                    PID:644
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
                                    2⤵
                                      PID:4928
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
                                      2⤵
                                        PID:2328
                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                                        2⤵
                                        • Drops file in Windows directory
                                        PID:556
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff765354698,0x7ff7653546a4,0x7ff7653546b0
                                          3⤵
                                          • Drops file in Windows directory
                                          PID:3452
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4392,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
                                        2⤵
                                          PID:3044
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
                                          2⤵
                                            PID:5144
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
                                            2⤵
                                              PID:5180
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
                                              2⤵
                                                PID:5556
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4976,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:2
                                                2⤵
                                                  PID:5324
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4980,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
                                                  2⤵
                                                    PID:5812
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3212,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
                                                    2⤵
                                                      PID:6072
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5268,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
                                                      2⤵
                                                        PID:5592
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3432,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3488 /prefetch:8
                                                        2⤵
                                                          PID:2516
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5344,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:1
                                                          2⤵
                                                            PID:3044
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3424,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
                                                            2⤵
                                                              PID:2880
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4304,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
                                                              2⤵
                                                                PID:5936
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3548,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:1
                                                                2⤵
                                                                  PID:5456
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3120,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1
                                                                  2⤵
                                                                    PID:5520
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5840,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:8
                                                                    2⤵
                                                                      PID:5680
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5852,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:8
                                                                      2⤵
                                                                        PID:5396
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3112,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
                                                                        2⤵
                                                                          PID:5904
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4244,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
                                                                          2⤵
                                                                            PID:4432
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4472,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
                                                                            2⤵
                                                                              PID:6100
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5508,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
                                                                              2⤵
                                                                                PID:5468
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3752,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1
                                                                                2⤵
                                                                                  PID:5240
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5720,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5980
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,3657978466719195900,10451754005150302662,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6116 /prefetch:8
                                                                                    2⤵
                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                    • NTFS ADS
                                                                                    PID:2428
                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                  1⤵
                                                                                    PID:4416
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                    1⤵
                                                                                      PID:680
                                                                                    • C:\Users\Admin\Downloads\VisualStudioSetup.exe
                                                                                      "C:\Users\Admin\Downloads\VisualStudioSetup.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:6004
                                                                                      • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        • Drops file in Program Files directory
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Checks processor information in registry
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:5756
                                                                                        • C:\Windows\SysWOW64\getmac.exe
                                                                                          "getmac"
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:3696
                                                                                        • C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
                                                                                          "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202412112122355317.json" --locale en-US --activityId "bc219bec-9ded-4410-b3b7-18d25fbbd41d" --campaign "2030:e03594ca50234bd2b739f3a9b49943ee" --pipe "d017ec64-6419-4b46-8a07-02fe6ac41e31"
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Checks processor information in registry
                                                                                          PID:6112
                                                                                          • C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe
                                                                                            "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe" /finalizeinstall 6F320B93-EE3C-4826-85E0-ADF79F8D4C61 "Visual Studio Installer" "Microsoft Visual Studio Installer" 3.12.2149.20818 0 "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:2112

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\msalruntime_x86.dll

                                                                                      Filesize

                                                                                      2.4MB

                                                                                      MD5

                                                                                      24178f8a52b4ca98d9b928e2bca7b43e

                                                                                      SHA1

                                                                                      c731ebbda1a3b8ef4274c8ece233e6fbe9a91b80

                                                                                      SHA256

                                                                                      23f826bfe027ba35aef0610f9a55fefeab868e831bed65ab284e9d7a83c5e7fd

                                                                                      SHA512

                                                                                      a8f0d7069de8c20daffe4bf66746a594466f3a26034ca7127d5bb202693f507bf38e99b5924d4f932504dfd503bd904fdabd061779690c0f758fa2795e1ca307

                                                                                    • C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202412112122355317.json

                                                                                      Filesize

                                                                                      162B

                                                                                      MD5

                                                                                      ad891c3b02a02419dc60db8c273a8315

                                                                                      SHA1

                                                                                      141a08ca0e25d56bdb35fc71e1c767667079114a

                                                                                      SHA256

                                                                                      186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

                                                                                      SHA512

                                                                                      64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                      Filesize

                                                                                      649B

                                                                                      MD5

                                                                                      f3436aceb9d7f335625e5fcf8a417e6e

                                                                                      SHA1

                                                                                      4d08a24a6bd7570eb96e5eef2c088d5da0fa13b6

                                                                                      SHA256

                                                                                      1bf4b23f2a95839336467f14484e8b0b9546f77f07a6d9469f9d3a951cf1b2ad

                                                                                      SHA512

                                                                                      3ad5d0d38b9b53236de9e3c88b970615a2932f70d0f832cea2609590b55acf18af080c80fad3b59ae349ef52e368dc174f2ab500f7a10756bb7e29d0e3e44f04

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                                                      Filesize

                                                                                      41KB

                                                                                      MD5

                                                                                      e319c7af7370ac080fbc66374603ed3a

                                                                                      SHA1

                                                                                      4f0cd3c48c2e82a167384d967c210bdacc6904f9

                                                                                      SHA256

                                                                                      5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

                                                                                      SHA512

                                                                                      4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

                                                                                      Filesize

                                                                                      60KB

                                                                                      MD5

                                                                                      3e5991635f4bd50cf896fb998507aa77

                                                                                      SHA1

                                                                                      5acb8f2ff97affeeefe777b857864165d84fd9e5

                                                                                      SHA256

                                                                                      5abecf44756a6cd7d5a75aee4c9f5b138d299a8a2fecb64e3ec92ede6cc89ff2

                                                                                      SHA512

                                                                                      87ed9451460043b6957fab8a7b005c64b02598d3b91cba28167ddf4f162665fb8157f37dea8a9ea8e056d5120e7f9b93bbf4370000055f578bbbdefcc9cc6633

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

                                                                                      Filesize

                                                                                      22KB

                                                                                      MD5

                                                                                      2b41d3512250b9521aba871a5707cf23

                                                                                      SHA1

                                                                                      2bf8a039e31b6a549d10482f58d9ae7823ee012d

                                                                                      SHA256

                                                                                      a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

                                                                                      SHA512

                                                                                      9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

                                                                                      Filesize

                                                                                      78KB

                                                                                      MD5

                                                                                      928e335ae44f86a00cf7f1ec706b8453

                                                                                      SHA1

                                                                                      8e152dc44cded0ab8aba560861eee88a63dfabd7

                                                                                      SHA256

                                                                                      a43949c3a5aa704b22159317233a480017ff154d9364def69dba50fdefe7e242

                                                                                      SHA512

                                                                                      ae4743a7599d7c54d0ca034c3da5c9137e3d85dd922924d8632fb757ef83a27fc1672b0b2aa50b762eb570a8940a25483613d657964291d9c3f3d95b133b6820

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

                                                                                      Filesize

                                                                                      40KB

                                                                                      MD5

                                                                                      b786554392ab690a37b2fc6c5af02b05

                                                                                      SHA1

                                                                                      e7347fa27240868174f080d1c5ab177feca6bd84

                                                                                      SHA256

                                                                                      ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

                                                                                      SHA512

                                                                                      b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      6d27f87dcf23f1ac1a24e7b67069f5ea

                                                                                      SHA1

                                                                                      c2e6e9af6b481f419e1fd338027f939eaa1c8c59

                                                                                      SHA256

                                                                                      b70d2c85430af30fda1d5f23ad64c4009fdbc8f18a2f0756ead41f5e74e38e79

                                                                                      SHA512

                                                                                      0ea7baafa2fa69bef19d9c887ac5dbc3911cd574c4330d6023e8ab9662cbc45d32511171f14a7988bf54f0559a07079f5dd2e074288a71d7a44eec27182a2ae4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

                                                                                      Filesize

                                                                                      35KB

                                                                                      MD5

                                                                                      5009982b60a0f93eac4c1728e5ca17e2

                                                                                      SHA1

                                                                                      c0f932d333b91a4b971a52ce88bc96320745064f

                                                                                      SHA256

                                                                                      2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8

                                                                                      SHA512

                                                                                      401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

                                                                                      Filesize

                                                                                      107KB

                                                                                      MD5

                                                                                      b538243e8ba44fff3b24eb94d1f22366

                                                                                      SHA1

                                                                                      688a4cf33c48ab7d64a6efb39a9b8bf82ceb8849

                                                                                      SHA256

                                                                                      281cb163af3db83e5ddef8aca11460b51433bc113e8c75b9751f7566730d54f9

                                                                                      SHA512

                                                                                      caabb652393d1ca596e4be7a44fee7f9d13ecd9161288f0977b5d03204b13b999493b441fda8a3000e3912d666deff0d6f67e55f35d717d53872c4c967bf719e

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      86f6fa90d1c096f6249f7e8a08feeeab

                                                                                      SHA1

                                                                                      612faed423508b95257047aebe4f3d5101b45201

                                                                                      SHA256

                                                                                      f180c8ed347cba78c899c660ab211a9dfaac9df1eeb5321faa768186ccba8fa1

                                                                                      SHA512

                                                                                      bb2358421f08744b7474e81df81768bd0ff84713709877b31efa25a343816ec59a3450a32866ff210956bd454d490597b1f0d0712a58ffd2e131bf46fb1798f3

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                      Filesize

                                                                                      264KB

                                                                                      MD5

                                                                                      ebadc2fe20cc0e5d33b6f186c2777acc

                                                                                      SHA1

                                                                                      8af5b31f0bacfd1a6b11975ba2f1e037c375a439

                                                                                      SHA256

                                                                                      2cecbb293bbb248404ff96cc71cd5c5e0fba4529569a46b6dfb4e473cdfff8c7

                                                                                      SHA512

                                                                                      e0c01730d40b3c5cce0a714dfa91642cec6d8e72b99b05fe286abef3552b4736383c1ac1b07eb484fd01a20f20a5b37e51b021d51aabc8f73aadf3f02bf87aa0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

                                                                                      Filesize

                                                                                      851B

                                                                                      MD5

                                                                                      07ffbe5f24ca348723ff8c6c488abfb8

                                                                                      SHA1

                                                                                      6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                      SHA256

                                                                                      6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                      SHA512

                                                                                      7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

                                                                                      Filesize

                                                                                      854B

                                                                                      MD5

                                                                                      4ec1df2da46182103d2ffc3b92d20ca5

                                                                                      SHA1

                                                                                      fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                      SHA256

                                                                                      6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                      SHA512

                                                                                      939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      bec159d2f374e9dea3e85e7b78a438b2

                                                                                      SHA1

                                                                                      7321c591232127e23fdd5e31f1d2c8480808b8a5

                                                                                      SHA256

                                                                                      a8e702efc09b6744e0fd7b4492ddf3bca0839c7090fbed7f7e2ef181eadfc35a

                                                                                      SHA512

                                                                                      4c40aed13a31e5234db20394c65b6b983fe8f340b6f93bbb0b798fa7e6a98f2e6c5bf3d242309479f0585866042580729d6a96c3e633f62bf47cfac4e1f4cfee

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      d751713988987e9331980363e24189ce

                                                                                      SHA1

                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                      SHA256

                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                      SHA512

                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      0fb05c2d2bbe1e0dc7b653653a06fb24

                                                                                      SHA1

                                                                                      720380eada1230a925abbb4f94a5b0aea2bce88d

                                                                                      SHA256

                                                                                      f61380730f7d0a38f3b89235cb6ae724b1d0d6869798760b20fc118b9b60db04

                                                                                      SHA512

                                                                                      11cb77b08437e99cc34aa0242c9be93da2c2b72ff10c2f95e495260ba2b285efb572bf046be72df7d89a0823f4404a452ba8936a349359e38592b50fa7a6b98f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      60a5a95a901785a57f4d08d13ab0a320

                                                                                      SHA1

                                                                                      1ca5fbd0c5f289cebe1070409899c4fc68889d40

                                                                                      SHA256

                                                                                      fdb9c42fef60c5984f719e8f84396e44cb5f4b7541769fc85a6da22b8223228c

                                                                                      SHA512

                                                                                      719caa655f223d79f8844ed7a227814308fcd6e85e7f3915707d8d87ac61087d22e6317a2657af540072e773dd31cd67165b257af4386720ab32c572537e2999

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      435fac71e7418031c377dd7b5e56cf89

                                                                                      SHA1

                                                                                      452e7094ff14d5a0e394e7cec1b1c0836bcfc1f6

                                                                                      SHA256

                                                                                      d4921d6abfb1182f1af243ae6ccae77512b7aedf5e5d7a095b2e0e88d5622956

                                                                                      SHA512

                                                                                      91a2d82113763aa46050243b172a89487e1358f7c28dca7e9c5bea729ea05e95697cb50ee8b11f4c5dfd374bc088d73e30c1ce1aef650129fa23373e5e53abab

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      356B

                                                                                      MD5

                                                                                      b6e821d27ec5df95bde9548094a38dc4

                                                                                      SHA1

                                                                                      8c1b2416dd7801ccc9fe57e94be75fb211d3b492

                                                                                      SHA256

                                                                                      9a3001cc257f298cf0f9be69338fa4e573317d983954c01d7bec6ceaa7653cf3

                                                                                      SHA512

                                                                                      17c906ae5ec6d3904b9e35cc3571f54ad787dab754227fe2f9ad3e31e163ce62f84d950dd1ae68879ca030ccc7a8f13c151a0c0c87592779300dbcec52d60590

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      692B

                                                                                      MD5

                                                                                      a202541fa0d92f343f3d2065a719260b

                                                                                      SHA1

                                                                                      58461b23a560d0693870639e5cf139b84bb6069c

                                                                                      SHA256

                                                                                      e5e9daab450d7cbe16ea0662e292caa468e26aad2fec8218db4f8a442d4ff315

                                                                                      SHA512

                                                                                      02750372d7f1857a8e43d9fae0068eceecfdd11d57d5e462430ac9240aafb5872303eed74049b2ae48995d03db0e921541337d6650833439a1c9a82ed77bc629

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      394b290c8a81ad27b762f8b5e4766d4d

                                                                                      SHA1

                                                                                      b5cb6a46a7d2b5dcad530d9f06418e9fc37760ea

                                                                                      SHA256

                                                                                      01414af3f1658b18f0f9b43277a933ecf39e8a55c54194ef80b852bacc96a8c9

                                                                                      SHA512

                                                                                      4972e223bec07d258bf42181217e7f60baa74260014145b10e4074b300769c58f8fc124fc9d120b53a952f5d22ebce082ceadd670c3b3b78e0a8d59c1005ba15

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      aa68bf9fe17f494ad9d8afaaa20b955c

                                                                                      SHA1

                                                                                      ffa27e158b2c052c76a9a7056d91e73b9486744f

                                                                                      SHA256

                                                                                      fc579782b59c4faea48db6edea3079c206ac160e55d13896b0f9d2151db607a0

                                                                                      SHA512

                                                                                      8116cad9f52b39d6895c4da3f68a0dd0d4118724e4fcd3c741c4c00c98f55394e381ae56cd56b6be5ab6e8563df71b4d5f909e131772a1cb5e643d6d66472b0d

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      367e049b0a008c52aa2ee222a95cea33

                                                                                      SHA1

                                                                                      f8b8a06f033f30a096ebee2d75c1a5536a0ea592

                                                                                      SHA256

                                                                                      b5b7d99d250821fb22947922f1d36135b12249543b0ae1659ff02aaf0b833194

                                                                                      SHA512

                                                                                      93cd5555bdf24473cf39e64c33098186849c5ba1eceb0cb6dc3c5c73c4a25dbf3de6745bac71012b99f79a9ed03edf33e659a68e829d3801eca042dbe6175fa0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      65b9ffc6189b9b94222a17df38d19514

                                                                                      SHA1

                                                                                      7ac7a333f68fb92a4016925ca3a47222f22c8e29

                                                                                      SHA256

                                                                                      04917c9785192617a7dc69ed93b077f7356b4429fcea16bb2d6b770e70eef899

                                                                                      SHA512

                                                                                      49145aa42a63456e39e409a6926bdb081b067236108a7fe9cbc05d4197fababe4580df032b37a29e91a38aa6e8a26d6d9b55ae6ac2b0353bd938747198b0e564

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      9KB

                                                                                      MD5

                                                                                      8fbfe2fd196bb8dbfba2809317bbc86d

                                                                                      SHA1

                                                                                      57634cb49facdf9100792bbccc96c87cf4c7d1fe

                                                                                      SHA256

                                                                                      88f3674c5bfab4207c435b9f17f128a49dfeec4816c2ced01aa287c282777f77

                                                                                      SHA512

                                                                                      5bc16f9e676da0b619cee40fc145dadbd275e9e1d42201e4685ba3f8844eab894868118482de9c98bf89e63a1e1dd59293e4fee341889a20afb46d5cfaf8b07d

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      c0a352c7ef4263ee8c4a6e5d9be982cf

                                                                                      SHA1

                                                                                      f8b704efc776f6cdc1d9ba08fae8e023e1949ef0

                                                                                      SHA256

                                                                                      37a9fcf224c141b2c0cb8d3493c51a248565296931207f926c68ecfd381926cc

                                                                                      SHA512

                                                                                      a8715c2f91eee64e71d1b080b1d363d75b509db48a5daf6d68cd6c5a8f3e3764a7023cc64b112c335583d079efe9c33fdd106adc5885ed6c1882686adbfd54ae

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      678e59919e8ba2773f5c53ce636d7c1b

                                                                                      SHA1

                                                                                      9791454039865842ba16fb3b0d0e284d71733dd4

                                                                                      SHA256

                                                                                      d3a795493cd654204de2eb5aeeaac2c1a84f691e71a144633ca433b28131d428

                                                                                      SHA512

                                                                                      005b4c6838ecd7b787db7d7a076626b298bbc61748d6606e6f29e5f250784c9b0d121f501b596b1c06dd01ff83dba6aa77184e50d305d57932e5991393710ddc

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                      Filesize

                                                                                      15KB

                                                                                      MD5

                                                                                      f3738883c8efe8169de373dc7a93553f

                                                                                      SHA1

                                                                                      51d2d650b25ad458e06dc9c859f28e251c12dbdb

                                                                                      SHA256

                                                                                      233836840ecad4dcdf05131b2f8d2dcc376998302a230ca4032f5212d35f475d

                                                                                      SHA512

                                                                                      66014c0e337f07015606aeceeafcc2a219044da5eecfe95c44e51feca24fe399d8c582b9a1f3226cdd9e8c01d2bc0f7062f8c6a4c7d67dfe4a20db50503df0b4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                      Filesize

                                                                                      72B

                                                                                      MD5

                                                                                      7a8b255bf2e4b49441e2e46f64144c13

                                                                                      SHA1

                                                                                      9309b88ac0ff59bde0fa5281b7499c4ccf7afe42

                                                                                      SHA256

                                                                                      d59bb5880988306123eb0829bf87b49c20124ad7f897d0f1421828a4b6e890ba

                                                                                      SHA512

                                                                                      736dcec2eb6d1e272605016cd1f0e7ee5bf48448e99d374dfcdab88516812b5953d53d553163d5a69b4fcb44326dcc810af97abf557311785435aed6405ff0f8

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      230KB

                                                                                      MD5

                                                                                      3a581dcf2d21dfd8fa8394378595d552

                                                                                      SHA1

                                                                                      e48e6d823273689bf60de6cd5de76673893b0d2d

                                                                                      SHA256

                                                                                      4b3ea6e3ca1cd24ceebeb9652819e6f3242184ba1f5ae47a8315400297cdbb7e

                                                                                      SHA512

                                                                                      24452ede56364b0fee391c89dfb3e7eda4f1f2873d72bfe858dedbd807dda40ec8fa0752a7be2ca2785dbd2fa1134d9a876d431ccefd2b66cf9b334905cf0ef2

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      230KB

                                                                                      MD5

                                                                                      2557ddc7335ac0537621dd29890b14e7

                                                                                      SHA1

                                                                                      36f75870e8102f00a084683def18f77398400075

                                                                                      SHA256

                                                                                      405b01867f5394f10483ac46d73418973a5d1d7dc181f11e1bd8570f415db359

                                                                                      SHA512

                                                                                      f1cf5b16883d1b5cf01885b935d05474df4d149b9f42aef57bae825bf6213cc2072eca21004472a13e5f2742d491f41b5aa963eddd61e418aa642716d0eace96

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      230KB

                                                                                      MD5

                                                                                      402cd35c4eefc0617317a765c07faffd

                                                                                      SHA1

                                                                                      4a0b5e0fd598c202adc24c02c6c8feef74d0287d

                                                                                      SHA256

                                                                                      229aa9e7e8fa7c1172acfe8edb6b5d722cb6abe33410a96260b6bc86acad3f3e

                                                                                      SHA512

                                                                                      d325c6169f8e3a016e161507ef9bb87e3d02b18328ad6667b7a3846e726018d5645bef44aac526507f67f994fb2469b82688fa96c17dbf2eaee7fca0869ccdd3

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20241211212306_8078df8a4e484b9f9b2722cb1cf7c3d6.trn

                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      eebfc50d6db40496aacca364b87be389

                                                                                      SHA1

                                                                                      00f0e15289f1c866322b2779fb5f2286dd17011c

                                                                                      SHA256

                                                                                      78bde931149780e697c3265271ac8434659fdb77aacca9eb3acea4f01bb24d75

                                                                                      SHA512

                                                                                      2297ccf0bab9bf283c881ec560be33b43d92d13f175b1ff1c4092b04ad999f6fbb668c11aa265b37b215185b31b0e8a1a32ec5f985cfabbbdd880b3a07f54b98

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20241211212335_509ea3a5649945839f27d093c3a64af1.trn

                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      5a5d35a15bc3ddd9d6130eed04376ba6

                                                                                      SHA1

                                                                                      61e1faf4c6896a87fcb73aa43e4bc83c2ff776b1

                                                                                      SHA256

                                                                                      4ef6a1a0d46de8c7382691de5d2d7dee1211f86021784c362746db6d233df301

                                                                                      SHA512

                                                                                      b581a788d3fd065b8558d85224415d7c04b8581fc536711b885e7138eb2fe45203c318cdc9e67fc88bebe2ebe7a5344a4245ba90c21606d0c16a37db2b3b5bd2

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20241211212356_f8c71c17af12434a91bc27cb79797b30.trn

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      52c4f38f816099dc39913da95634bb13

                                                                                      SHA1

                                                                                      e318818c4b52d0dc40c31271091ec8e37ea0d4ed

                                                                                      SHA256

                                                                                      3c3adeaffa7d29f63b1d1345ed11f8bfb56f80501cf040149e777168d700b63c

                                                                                      SHA512

                                                                                      bd13ca1875379e1904679d004283763010afa1863908c403eef93b810e508bb1d9e69136092c266daa5b2c2e4def4d3c51cac9d4d0d699ff5ec9b942c78d1080

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\channels.json

                                                                                      Filesize

                                                                                      74KB

                                                                                      MD5

                                                                                      54f911e4f0655fe6c7b0fded505f190b

                                                                                      SHA1

                                                                                      3d6d61b03c4b45c49420a30ad70694f6fc239b95

                                                                                      SHA256

                                                                                      12e4e149342cd923bbb4d857f3a87796428e59fc8879a62a44551e5beea275bb

                                                                                      SHA512

                                                                                      a6a76d595e0696fc80b742445fc179a2ec8e95227c21adda75cba30443b2da8bf458114fe5a3add5b9c8c945a7d3e9ae4606beb726e95500d5faca9e9d7b1920

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Channels\922c5fd6\channelManifest.json

                                                                                      Filesize

                                                                                      103KB

                                                                                      MD5

                                                                                      cca82efca0542a93f8b5c80ebeac5aaa

                                                                                      SHA1

                                                                                      3ce7ceb9d1cdaf69e1f683ae5c3925881e2b8c0e

                                                                                      SHA256

                                                                                      1e538b3f7293f02de270cc4cd730e823709b3467d657db965ad3592dfca71e01

                                                                                      SHA512

                                                                                      cf5f71ba542c3f2950177a4e95273c31cad7c4c969adfbe533a3443c0f71b9a58b0b8050eaf23daebeec0d2c03996214cfd1e2bd7453c37ce74f1321e1d47cb0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_LatestInstaller\latestInstaller.json

                                                                                      Filesize

                                                                                      22KB

                                                                                      MD5

                                                                                      fe372d06082881e4e575635849cff5bc

                                                                                      SHA1

                                                                                      09a4a11ab6b39f4e2c9202f6f9c2736c309e4793

                                                                                      SHA256

                                                                                      b7b84389a07f8d8700fe2965e5a9fe6eacfcce8f7ca8e2db3c56983bf0b21355

                                                                                      SHA512

                                                                                      a1d80e91d7a6edc56f3327762bf004a4b4c74a8c5bc5a6da18f30b68613d31d4a99c96f7751aad05f20cf737b763a0d1a786c09cf5bf12375d81b25dda80edc5

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TAHUDLQ\dyntelconfig[2].cache

                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      a81af9b600cecf3e01eddea606bf21e0

                                                                                      SHA1

                                                                                      b3738835239aff12fa725b05a8e084b85a3a1108

                                                                                      SHA256

                                                                                      b069ee3f8a316aef4c8350b7a161a87a81f36956ed8989760c8408483383cc10

                                                                                      SHA512

                                                                                      3014482521635e1c6e51becf58be53b7fae5165db340b5f14390bcd4817ce8425c95d4ebc06497fa7366ec693c95cdafb92ce44dafa2954a72c6b8b218a19b68

                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json

                                                                                      Filesize

                                                                                      22KB

                                                                                      MD5

                                                                                      031763df99bb97f8dbd33f440a53b016

                                                                                      SHA1

                                                                                      a9889e11274e7c3aa072d93e1efc73eeef84de2f

                                                                                      SHA256

                                                                                      00badbec53d5cdb31073948ad2ccdf85c4db4d12eeea02f678280eaaff26502e

                                                                                      SHA512

                                                                                      8f88bdbc5fa2bf75e4021b285040cccb67e85ec1d7db89491bd9714ec5c427dba8f8d9c560f77fa5a8d0ed448c00aeadcefd58c521c99342df52081ae12f073a

                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\183E2680605B56F24D804B991A30FEF1163A9594

                                                                                      Filesize

                                                                                      61KB

                                                                                      MD5

                                                                                      06128b9f9467abb9551f7ccc0c314143

                                                                                      SHA1

                                                                                      1cd57ebf12da94297a5fac8f631b6627960a64bd

                                                                                      SHA256

                                                                                      af51791571f17a89097aeb2301cbfc89cfe26a12969caf90fca01545b850f10d

                                                                                      SHA512

                                                                                      9f1e45d5bd1d0aa580aca329d1a61690592743c66e4f03937e7846da018f5942b055929b72a09e354d302ee32e1e94610a17a517ee74bdf60fce66d5df40516c

                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\DC904F6FE13AF2FDD1A89E5DC2045B0E5EE12A27

                                                                                      Filesize

                                                                                      224KB

                                                                                      MD5

                                                                                      b34e004ea62b029d2a89834bb35e3ea7

                                                                                      SHA1

                                                                                      8d8afb6ed7a84b710bbd8dbb23c9bfb58fceadc1

                                                                                      SHA256

                                                                                      4b9006e26d6ed507d73157de7025e82d4668400f984b686f217c8cf3cc7216c5

                                                                                      SHA512

                                                                                      eb17f0f16c494a71db44698bf87d118bc99555c6755ef414860b5f275ad6986466c1dc1d60e44d1bce9e22298f83ee035a4a38a379581d8e355eb70d14221875

                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                                                                      Filesize

                                                                                      15KB

                                                                                      MD5

                                                                                      96c542dec016d9ec1ecc4dddfcbaac66

                                                                                      SHA1

                                                                                      6199f7648bb744efa58acf7b96fee85d938389e4

                                                                                      SHA256

                                                                                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                                                                      SHA512

                                                                                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                                                                    • C:\Users\Admin\AppData\Local\Temp\340d998b-9bc0-4eb0-86e4-007ba6766ab5.tmp

                                                                                      Filesize

                                                                                      135KB

                                                                                      MD5

                                                                                      3f6f93c3dccd4a91c4eb25c7f6feb1c1

                                                                                      SHA1

                                                                                      9b73f46adfa1f4464929b408407e73d4535c6827

                                                                                      SHA256

                                                                                      19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

                                                                                      SHA512

                                                                                      d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

                                                                                    • C:\Users\Admin\AppData\Local\Temp\3r0o5yg1.tut\lusr5oeg.json

                                                                                      Filesize

                                                                                      16.0MB

                                                                                      MD5

                                                                                      706ff9c0f78625129f5f13ea64756c2c

                                                                                      SHA1

                                                                                      ff0b02a22aabbba7ee5246453b0dc9f5236723e4

                                                                                      SHA256

                                                                                      e732281b61877f3304981b3a3e1df63e89ee0e6682f0fdfe1338c94676729aae

                                                                                      SHA512

                                                                                      88847456d9d847571dde952efcd851d7b9b2a2f6c5ea8ee768ee8b65288dfb43e5daeff7077bcfdb0b045c21415b7a362d4dfa06792cefceab3ed9a881f89c3c

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

                                                                                      Filesize

                                                                                      19KB

                                                                                      MD5

                                                                                      3374eab90af5842f1f07c1f60e74441f

                                                                                      SHA1

                                                                                      5c7f58d46e19713e785351ae0f17086071b9a881

                                                                                      SHA256

                                                                                      f1ae5d2c81ebb819706682b0b7ce311eb19162f1ec51fdffee2f469e283f68c5

                                                                                      SHA512

                                                                                      0d66a8ebebb6d2df8772089cb829ac038a929d7ba3ef82c5ea221f972777279929b982504b612931d4e52ea44ac6d12c48c06e07d26ae7942125e0020bd84c4b

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      a11bd4da1799d6983a662073ce40281f

                                                                                      SHA1

                                                                                      6e85aca84bb83fd356a5f3018351a3152c696cc1

                                                                                      SHA256

                                                                                      d3265f1cab1188ebac29c78e0f114ff3a0b2701c8a2f5442bd4080afe92519b0

                                                                                      SHA512

                                                                                      424bdb2db612da935c570fed005de6cc2b0bb718c0e9c9c6942b0658169a41ac0ea1ea24a4542f7181c4ab102d3ca9190de695026304c834987e32417ef82825

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

                                                                                      Filesize

                                                                                      580KB

                                                                                      MD5

                                                                                      04775edbc8687663870e4236d0ee1ebe

                                                                                      SHA1

                                                                                      e508a323371be598aaabb6a7142258f1197f7e00

                                                                                      SHA256

                                                                                      a34e047e3957f51b993bd1f2819a37f67545f6b49f335575d8ca819dece3cd67

                                                                                      SHA512

                                                                                      9ff5b16797651c9ef4af4fb5d9d38c8f25d2e996770db7289bba12ad468b028074393f7fbd10ad0a1fc4601196d17b10086ffcb53edf28c60ddfe0dbb28adc44

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

                                                                                      Filesize

                                                                                      307KB

                                                                                      MD5

                                                                                      8533bebaa025a397f10e588324494e97

                                                                                      SHA1

                                                                                      93c30a4bb46c59451bf4b02662bc282f1984ed6c

                                                                                      SHA256

                                                                                      1675c894fb208e6412e017854b835144a2fe55a8ebbde1f2b4b14bfe4cfbc821

                                                                                      SHA512

                                                                                      cb12809a3a7590d50f900197ef2752e181ee9d1f6d163293e78a754de4952e7405a7c70ff94c12659502134be64968741f04e8ad804c9d62b61c36ea237bf5f2

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

                                                                                      Filesize

                                                                                      1.4MB

                                                                                      MD5

                                                                                      2a001dc022ee695ebd293494fc9febd4

                                                                                      SHA1

                                                                                      d5426adbc98ac17e468e3bd7e97c8b8f3ccc6624

                                                                                      SHA256

                                                                                      ba2a7ce28aeaa0e052b196006cd24e8672fe4dfefb56485f203ef1a614e67d0b

                                                                                      SHA512

                                                                                      95ee5863bb8fcf6b0959e41040f5d29d508b35f782a6f40f83723291f9e295cf179254ff5e79bcea4046884ffcb07b415d53f4b37d2ac1695db899e5063ca959

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

                                                                                      Filesize

                                                                                      989KB

                                                                                      MD5

                                                                                      812e35d00498b49bdb36b1c5c832b601

                                                                                      SHA1

                                                                                      6754bd78dd97fe0cf8a4a4d4e9e3850a6c296336

                                                                                      SHA256

                                                                                      181c4de1cf0721243d58ebbce905ab3c2c255ec70455a9b59420d6bcbe5e5aa9

                                                                                      SHA512

                                                                                      248166bc45fefc6ad43a4262b9d47174ba06f997addb6da6d6b799e3bd04891ee50f95171670e01f33fa1374b4874bf80a12dd2eac401fb9c7feb916555be096

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

                                                                                      Filesize

                                                                                      60KB

                                                                                      MD5

                                                                                      bbe6955b4695866de27bb1c1822a25ed

                                                                                      SHA1

                                                                                      adfa2f33e22fd852bf20f396ab8b908e772c1d5a

                                                                                      SHA256

                                                                                      b6f38af430ff17e9ce5721affdbb361cc8a35f7f4a81a1a03c7a4710ea2da124

                                                                                      SHA512

                                                                                      14c1ea1dcf6e3e98e79eed2fd2f5d79eeed48ae52992309ed8e68e0c3d62d3d761b3f103093d6ca8e48cff945a1f42e80eccf7b43eae828c5413edf47aab8864

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\Newtonsoft.Json.dll

                                                                                      Filesize

                                                                                      705KB

                                                                                      MD5

                                                                                      dc926df28065a5d355ad64107f7302a8

                                                                                      SHA1

                                                                                      3dd6bb9c69726eaa05cf198f5e0b7c14e03cda4c

                                                                                      SHA256

                                                                                      5ef06959f1d3355c4f15fbcc2aad17a31740dbdc74284bfd2dca6a7d651bc14d

                                                                                      SHA512

                                                                                      8745575c9099ab6a046098814c8135a1b85e61d8d73c6aaf9f41f04206624f0b625e1a4c73e1fb6f430d625080b7a8dada5119dc98a79a13f4807899b10a591e

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\System.Memory.dll

                                                                                      Filesize

                                                                                      138KB

                                                                                      MD5

                                                                                      f09441a1ee47fb3e6571a3a448e05baf

                                                                                      SHA1

                                                                                      3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

                                                                                      SHA256

                                                                                      bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

                                                                                      SHA512

                                                                                      0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      c610e828b54001574d86dd2ed730e392

                                                                                      SHA1

                                                                                      180a7baafbc820a838bbaca434032d9d33cceebe

                                                                                      SHA256

                                                                                      37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

                                                                                      SHA512

                                                                                      441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll

                                                                                      Filesize

                                                                                      3.0MB

                                                                                      MD5

                                                                                      96221a9536911bb7b04b78f0026b9439

                                                                                      SHA1

                                                                                      208d52ab83b1ee7e368c4ee4ad8c257b96a228ae

                                                                                      SHA256

                                                                                      a7adf1c32576e2350a692bbe575c6e47dbbc252bc7d3fa220d76635e08017966

                                                                                      SHA512

                                                                                      68b9f2b13ba79974c4b363104ee443fea7c5ca1cf3eaf8094149ada7488651edad9c8a9dad7c2ab70d41b9d58cb80b4410b80630115ff0d35a4378854788972f

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll

                                                                                      Filesize

                                                                                      2.8MB

                                                                                      MD5

                                                                                      c4b719fcbf6e1a0929a0e0fb63238f04

                                                                                      SHA1

                                                                                      a80c8f75053217c9ed6372ade34a9dad08bfae93

                                                                                      SHA256

                                                                                      e27d3fe39da1d019c3b419229c70798cab2ef739c2ff57d0f0197e203b7dd0c1

                                                                                      SHA512

                                                                                      ab13a2f1fd234d0e0443cd73c9e4ae67b4bd5b1d5a670b6ecf5a572a76a2c02db006412b7798fbdfe72ffa9c1cc76eb151735a00f7a06ce3b9c6f19c8b041c57

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

                                                                                      Filesize

                                                                                      403KB

                                                                                      MD5

                                                                                      2fba884456524b453b0ddc8c422e3013

                                                                                      SHA1

                                                                                      b9e83827457f790e0b89895e1a30ea1b84866c0d

                                                                                      SHA256

                                                                                      9d19fe12134339923d815c4ba0d195d5cb55215427cdfffec7d7da821f416272

                                                                                      SHA512

                                                                                      b0ac2a5ebb5b7e56680e66aa5574bc5f343f879b7698a59286a925c3746357a67bdcc4d20d2394e99195b759542065772708f8c07b471ab862fbf83a1c1100f9

                                                                                    • C:\Users\Admin\AppData\Local\Temp\5cdf48e836ef03e620de940a3b\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      6e70f080f0a5f3f052eeb0ce6703dc4d

                                                                                      SHA1

                                                                                      fd5fde5247508b4c4583a75ca020af6e140e23ba

                                                                                      SHA256

                                                                                      7314eb4bf1be5d751eb7a7939921972b7b34b58ce7aac743c82bbdded66f9236

                                                                                      SHA512

                                                                                      1c2f824255bb24ca02e9687ee7367eec4398ee5b84b448edfe00751122bce2ee07afb35a1824649b149b7160c3cb57d2eae2a3f93388a3d998494c129be5709c

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\.vs\MalachiTemp\FileContentIndex\bf8b18f6-2e0f-47a5-bd2d-6e40d1e05fd9.vsidx

                                                                                      Filesize

                                                                                      107B

                                                                                      MD5

                                                                                      05e7d72df28fce48c84163b2a59ee8aa

                                                                                      SHA1

                                                                                      3d79db8b37db1d17fedca4e0d34e7b35211f610b

                                                                                      SHA256

                                                                                      e2c5aa10dea21878151263d01cf64aa6ce3f146ea42c473511b3a35ce6b91205

                                                                                      SHA512

                                                                                      bc171c72fb8074678a1f98f072b615e323abeb6097772f4fb85f9be42d499adc7aa93e0999f8a87736d0ab457d9f310ed37149d8c663c875aca26788789a0176

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      6a5f88c606e3959f31e9da2480879503

                                                                                      SHA1

                                                                                      12b0e7fd7a52f4c5b8a8bf32d4f8c3f1370dd00d

                                                                                      SHA256

                                                                                      061c634272ffb2b9fd9aea2a7622511720cd133ed95a67ad18a80bad084cdf08

                                                                                      SHA512

                                                                                      e2d1ee64bf13b2ea916974be5fbb24ed87d1661a87ea6a392923ffae54d950b927da4f560b10563052bbe1eb671bb56d9a67109b61cf3c26a6ff65249a1f68b0

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\de\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      7421bab30807ab002211033a86ffdd7f

                                                                                      SHA1

                                                                                      5750000c82a08c02b9b567362426e5ff669a763e

                                                                                      SHA256

                                                                                      f525c6e963e98a0d12c2f5f3d7f43864d1d58dde3801a7bb6bf332c21b2b0533

                                                                                      SHA512

                                                                                      44fe650ca0a08e041f83b5b9e250e5875b2516c4c9fae4fe773ebd1f7db3d14a651748578a5595abfa267890248d225f244bb3f3e534b383f6c8541c3d672ace

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\es\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      b7ffc389093f78f139117f65a29c0d89

                                                                                      SHA1

                                                                                      d9e552a2e15d8f725243bbeea882292f23c6d5e5

                                                                                      SHA256

                                                                                      fe011502e2e8212c9778b1662c62e17fe925ef330635bf014311c59b08622beb

                                                                                      SHA512

                                                                                      469f736486a7d03216e48b03747d5a2f1149a658d68748aac374975be25c22afbaf5a0ec6714ec7d5d3225e698872660c19c345ddb0e58f424240c300e1f2382

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\fr\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      8046177264c9ad3638737bc6e71a20c0

                                                                                      SHA1

                                                                                      07b5b6239e2aa771310519fbe23b1a48134d9caf

                                                                                      SHA256

                                                                                      07ca29b7b8c9e20d3ea191a646ce3b94b6ee5070fc7bd82f09a4b1327393ccb1

                                                                                      SHA512

                                                                                      818621beddf9d138327f3a44188f70ca4095841e03e0f4fc99e3ccb8fb711aad0a545f74b26952901bb162d4891da8973d1f2f56f9f7008dd6e0fd00f160bc7d

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\it\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      c90620c3d56b934e0a329002e92b1db3

                                                                                      SHA1

                                                                                      286ba75d1e5f1229cf1bebcba61255dbe2e98713

                                                                                      SHA256

                                                                                      2f3498073dd68153e12fb88d75a4a93b1e1f11e502949197580b71849934aad9

                                                                                      SHA512

                                                                                      45a3e5dfe3502c29b18aaaa4c61da08b221174ef3334d5cfdbab1ddd375ae798536c64901fa1d052eb04d5700a395949567de53fb7fd87aff867eb68ca1437fa

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\ja\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      19KB

                                                                                      MD5

                                                                                      cf87d63b06f68704cc39e2e6029fbe59

                                                                                      SHA1

                                                                                      030e3c88a7e247461b96996afd73eae91c652f75

                                                                                      SHA256

                                                                                      eedb9fabd93dee4edfa46cb0f166b912b6c1944a821d1df38b4ecbb6925428ea

                                                                                      SHA512

                                                                                      c6dc509e54a1922c5c332db5d2e117e6e3e0414009adc5f357d4064137ef034fc1212d426f4cbdf9693d87ccbf3d56482cc171926c49090997c31f53c4bd8b02

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\ko\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      232903e85302162cf27e767189756b86

                                                                                      SHA1

                                                                                      e61e5fd28bf81ac8a9a8a3a24f469452c3a723f1

                                                                                      SHA256

                                                                                      0878bc493921e1d2648de9d2455e5243f2af87a92435a45e2807b779d943a067

                                                                                      SHA512

                                                                                      861f7ace65f629ead6f7a269d62c431580ad85008dd97f88d36e7b9ee76bd7c921ea1ef115c300508484c5bc7bc9fd9acd7640d741bb1519fdf121cb16486b73

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\ru\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      23KB

                                                                                      MD5

                                                                                      2caa21bfd3e49f7709abe9085f6e71f9

                                                                                      SHA1

                                                                                      fb564a33a3abe644468c17712c92f597ef9eeb83

                                                                                      SHA256

                                                                                      812225445bf7747544656b78a8a7124b474a88de09efcdf3e5bae2bbb5dab7c6

                                                                                      SHA512

                                                                                      cac7d2782fbcd51624fbbaa179283f9b3088a9d6f125608e3df9e48011b8376d5b5bc17e57c716313726c237d5a32a3ceebea44eeed8e56684d2b289160a9591

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\zh-hans\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      33b266ff406eada9755461d0bf964a6c

                                                                                      SHA1

                                                                                      f8f4396325cbc0b2226a4fdc18043cf200e940fd

                                                                                      SHA256

                                                                                      5d4e90abbef96fb28f03860a40dd0d4ae3a81d6173716b78af3a23e7f5d0005a

                                                                                      SHA512

                                                                                      5fe504634f26a8c85a283046d4c5dd2133e197725f4622fc860d40866b817affe482814572e4d9496a2382bbefc3deb0191314511b0c429e1aefc2c62af87dfc

                                                                                    • C:\Users\Admin\AppData\Local\Temp\MalachiTemp\packages\System.Runtime.Serialization.Primitives.4.3.0\ref\netstandard1.3\zh-hant\System.Runtime.Serialization.Primitives.xml

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      199a885886b17db63f3e8b391d040650

                                                                                      SHA1

                                                                                      61434ed60f257c72d3b4eedb5b7300a65e267c24

                                                                                      SHA256

                                                                                      1ef286575c8d068e26b2eca645a1b26c9ce31ae4431ef87ca29a1f2a756b06c1

                                                                                      SHA512

                                                                                      ecfaf06ec848bcb75ffacdfc482389e856061058e0da7e45d1712630ed96a9f87a41e7c06deea064c2d2d05508b44fd77f563e6d2fadfae7537a49103e9490bc

                                                                                    • C:\Users\Admin\AppData\Local\Temp\gsvthesb.rlw\ue4tafnw.json

                                                                                      Filesize

                                                                                      103KB

                                                                                      MD5

                                                                                      043c00d4d0b65f591fa3e6230c303a9e

                                                                                      SHA1

                                                                                      b8d7aa799801234ff456709ac2d5172190536235

                                                                                      SHA256

                                                                                      c2c476231c78476f70a02754d055c7e21d6fedfa33dc17779a14b79f3bd1f851

                                                                                      SHA512

                                                                                      8b80ac516fa4092e1a4d495da5f7db15294e28d6c50825320c21a1af6c92d7e6ecbb145da493766f49f76fa8f7037bf15454601b8d3d3ab7f6efb2c2d8ef8297

                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir4012_1145859760\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                      Filesize

                                                                                      711B

                                                                                      MD5

                                                                                      558659936250e03cc14b60ebf648aa09

                                                                                      SHA1

                                                                                      32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                      SHA256

                                                                                      2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                      SHA512

                                                                                      1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                                      Filesize

                                                                                      479KB

                                                                                      MD5

                                                                                      09372174e83dbbf696ee732fd2e875bb

                                                                                      SHA1

                                                                                      ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                      SHA256

                                                                                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                      SHA512

                                                                                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                                      Filesize

                                                                                      13.8MB

                                                                                      MD5

                                                                                      0a8747a2ac9ac08ae9508f36c6d75692

                                                                                      SHA1

                                                                                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                      SHA256

                                                                                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                      SHA512

                                                                                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      f3b25701fe362ec84616a93a45ce9998

                                                                                      SHA1

                                                                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                      SHA256

                                                                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                      SHA512

                                                                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

                                                                                      Filesize

                                                                                      12KB

                                                                                      MD5

                                                                                      cbb4370699439f39b49d01e121be6a2c

                                                                                      SHA1

                                                                                      f5808eaf735146303f7715a246db65f79c9f9994

                                                                                      SHA256

                                                                                      bd143e63d8d61c5df6197a311ced9651d127fce8eeab0d355f0412a77232db4a

                                                                                      SHA512

                                                                                      8697337c7b0f8c467bf07c6e2e1604cb438bfa61bbd81b2372ac410fe5b9c9dd6ae8d0c09f22baadeaa69cdea4d307b58d997bdd525dfa344dc63bf132b5fa34

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      9d9924fb353dd0df659b9367fd5351d5

                                                                                      SHA1

                                                                                      80c1ddf44f450ca3041d3bf6f2ab53b38b8d2331

                                                                                      SHA256

                                                                                      d101b711148fa8642e5b36db917dba54d0429e73cc08b6e20e0d26fd44f8bbeb

                                                                                      SHA512

                                                                                      f9074ab35b63a19b624f0058f66eb30b24b825274e4690223b5be5c455a8ede7d27ea7c8f1afcd3cd7bb2038c040c01f5919c91f5f73a7ff2b9ffa8f2a5d6dd5

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      bc3ec699f9b5ba9f35cb0552b30907eb

                                                                                      SHA1

                                                                                      7cfa040fbc8ed8d1ae90f236194125de26146372

                                                                                      SHA256

                                                                                      3985556f0c8bd712171b226ea3f57de0fc05a2e4d41483069c41f16f3fc3b77a

                                                                                      SHA512

                                                                                      b1484df12d07ea68097fc39b106d614614f809d67ea0becd2b92ec4545bda5aaf536cc0af90d1e167a07d3f5665283c43c29975ab8ada9ec41f702f69c5b40f8

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      1d85f2f12ecdfa1bd4836ba27a69620d

                                                                                      SHA1

                                                                                      13f675ad5ebfbfffc608ad1952d1fd35817f368a

                                                                                      SHA256

                                                                                      a8fd25dd87fe39c5a96a1d716e52d18b2d8a5ecc1c7b86e8cd0cdcf0a0011aa4

                                                                                      SHA512

                                                                                      042fa6f2a4cea1386a366e2557e2864d995295d17cf2a5c7525e7a53d23fc93be04f0ccf3d9fe83acf0b1f44d39977e0bfe063f102010b2d63a7089cc5ead985

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\46561d67-64fd-4098-a5c8-497dedb6c850

                                                                                      Filesize

                                                                                      982B

                                                                                      MD5

                                                                                      6f51d0c27d79672a08690713b56fea4e

                                                                                      SHA1

                                                                                      37a785cbffea8a462d574053e64d2fec280c54a4

                                                                                      SHA256

                                                                                      b698ce1dd46902337446d9725555730c3cbbc4b925045063e2bf26f9f774b77c

                                                                                      SHA512

                                                                                      9fb40bfdb40c016e958ca873eeb39dcc36526f29518465a8879ffc7ba2ad3ed3280a6a05ec2ed55c0662ac6a3129b98ec56888ef969877efd71c33da2e1613f7

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\49f96950-57bc-4c43-bdbe-f1b6bf2c814d

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      2343f874555d32cccc5a9d050de880b6

                                                                                      SHA1

                                                                                      0aa378dbc07725b749a758ce8afb3d41bd413b61

                                                                                      SHA256

                                                                                      d8851cb6ed7f83555e88664971ede938f7badf4c2e573c16688fc3f1df94a12b

                                                                                      SHA512

                                                                                      b45e45ac7b216dcda44ab0e6ea81b7fd26ad21f9c055d6a95c89974d64b2b01a122a83dec2a0f8a89d643911e9a4c187d67d5a753d4ff77d98163b67c0ef0849

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\9783c8b4-171c-4ef8-ab39-51d7f041fbe1

                                                                                      Filesize

                                                                                      671B

                                                                                      MD5

                                                                                      3e10103715c99d785feec27f935bd51a

                                                                                      SHA1

                                                                                      913f74e03e07ed07e5ef02694352087916dc83b5

                                                                                      SHA256

                                                                                      acb2910adfea7980c72aeb68af20d70a8fa941e4d73b69fc3ea796b1bfa8b517

                                                                                      SHA512

                                                                                      ddc1c4606a9b0ab5802bcf4aefaffa4eb217ac12f8882a8293aa45a7928d28334239c088b718c9fc0ebd934548956a4b913374796fbd824c4cca22fbdc2a8d2f

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\aab6f2af-e9f8-4a9b-b988-a5224cb28c18

                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      90de294292adc352558931c72cceb09d

                                                                                      SHA1

                                                                                      c6c98b383a60825665ce7e43a2e91475d556bdff

                                                                                      SHA256

                                                                                      4815793bcc926ac4d1c786f0aaf37f96bd43266ea13b56193741e8e7040c26b5

                                                                                      SHA512

                                                                                      6f504db7ad0addb2548fb656399c74e8c3552480cf71f73aa98bdd85aaaa3dfec5ddc829fe961534b601b1f46b7854166293ecbd3b9cd22d9489d29e379738f0

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                                      Filesize

                                                                                      1.1MB

                                                                                      MD5

                                                                                      842039753bf41fa5e11b3a1383061a87

                                                                                      SHA1

                                                                                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                      SHA256

                                                                                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                      SHA512

                                                                                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                                      Filesize

                                                                                      116B

                                                                                      MD5

                                                                                      2a461e9eb87fd1955cea740a3444ee7a

                                                                                      SHA1

                                                                                      b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                      SHA256

                                                                                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                      SHA512

                                                                                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                                      Filesize

                                                                                      372B

                                                                                      MD5

                                                                                      bf957ad58b55f64219ab3f793e374316

                                                                                      SHA1

                                                                                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                      SHA256

                                                                                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                      SHA512

                                                                                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                                      Filesize

                                                                                      17.8MB

                                                                                      MD5

                                                                                      daf7ef3acccab478aaa7d6dc1c60f865

                                                                                      SHA1

                                                                                      f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                      SHA256

                                                                                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                      SHA512

                                                                                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      716880db59387f06c401bbd7fa05cf3a

                                                                                      SHA1

                                                                                      84ab18bebb8f4368f2f93deab88f036f9eac93c9

                                                                                      SHA256

                                                                                      1347e23c8634ad7bca93ada8ec11f2cefb253698eca552d13db6085cbea84b91

                                                                                      SHA512

                                                                                      2b2814565193c3bf4babc5155091d4775d0fe84adc21344da9fc4c2440bc0cade900fde3127de9bc7ccd7040333783b2e2c05c2030d65ec76c577760cc978a6a

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      7b2679d2c4b14a38f261af1771cdb6a7

                                                                                      SHA1

                                                                                      830d334ea02323b05dff5db8df9a3e7f435dd680

                                                                                      SHA256

                                                                                      6ce3a24355803b7691d458520df0e102816fa28dc5fccb319d2340eb7fc09564

                                                                                      SHA512

                                                                                      4ebfad587b27dda08d0283208810d8f7923ac882f55a5539700ce46cf9ba2bceaa770dde06db974c6a53c119f4030e6c0e52228faf2838b27b52909ff2ca3f44

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      25edd8829abde9242cce6d7ecbc3763e

                                                                                      SHA1

                                                                                      4ba77a5d8db40c0f22bacd1388f3a44bf331bffb

                                                                                      SHA256

                                                                                      8f3987cffca5dc67d876a281f71e665b79842942b51f5f3e9f78cb446bcaae61

                                                                                      SHA512

                                                                                      c10cbbc3e1d1f07a05677d534208887e1a55a7ee601c4affe88b258abd214cd06decb8bd71a4ac0d90e8c7a2aaaeffaa265588a6482524299a94c0b8777dc362

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      ca30ae3846642d3b502ee08092598f1c

                                                                                      SHA1

                                                                                      ee28636c5015d5b243f58de461b3595c17f1e353

                                                                                      SHA256

                                                                                      878335a8945c59cfa1d9503bdcc21d9ce3bed97e003d7a56f23ab1802a3229ed

                                                                                      SHA512

                                                                                      507b88e9c0d76cad661476f0ffde0cf9f0f94b51411018367cd6688c394b7552091c4174fdd62053e4c5520dee10a6c030624ec0c61e46b278c6c5fd7ef05c04

                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 193624.crdownload

                                                                                      Filesize

                                                                                      15KB

                                                                                      MD5

                                                                                      32b0f5410541e5056e4d21052884a006

                                                                                      SHA1

                                                                                      5791283093fbe7165b798c0c712f5f158f12d456

                                                                                      SHA256

                                                                                      69560d040883513aa2725fa3545a097cc9d475e6334c77306461ec080f223f5e

                                                                                      SHA512

                                                                                      5afeacfe27a81bb08c61e86e058e20b036b6fcc123dd421fad6db5f8489b2dcbc4333a45b8e2a56c9ef410aec5cb3bb4a76c742a225671b9d95fdcbd8eb45f2b

                                                                                    • C:\Users\Admin\Downloads\VisualStudioSetup.exe

                                                                                      Filesize

                                                                                      4.2MB

                                                                                      MD5

                                                                                      1ec10cd7aa279506e7d9327d64380868

                                                                                      SHA1

                                                                                      0683584299f46a88657a98885c1fb98a8c833c29

                                                                                      SHA256

                                                                                      551d3d8e084c85ead986298c9bb4adce88b5aea356f868bcb0ae985f185bdbe4

                                                                                      SHA512

                                                                                      4379329696416f87cc0b695af30a51bcb814f90ccc030e03c6f5c380e86ded4d7fceefc094a698d7ea52cd914282c2bb1196dca5673ab4487aba1846ff5bad89

                                                                                    • C:\Users\Admin\Downloads\VisualStudioSetup.exe:Zone.Identifier

                                                                                      Filesize

                                                                                      26B

                                                                                      MD5

                                                                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                      SHA1

                                                                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                      SHA256

                                                                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                      SHA512

                                                                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                    • memory/2112-3294-0x000002184EA60000-0x000002184EA6C000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                    • memory/5756-2757-0x0000000006B90000-0x0000000006BB2000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/5756-2726-0x0000000007AC0000-0x0000000008066000-memory.dmp

                                                                                      Filesize

                                                                                      5.6MB

                                                                                    • memory/5756-2728-0x0000000008290000-0x000000000834A000-memory.dmp

                                                                                      Filesize

                                                                                      744KB

                                                                                    • memory/5756-2730-0x000000000A3E0000-0x000000000A3E8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5756-2731-0x000000000A400000-0x000000000A408000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5756-2732-0x000000000AD40000-0x000000000AD78000-memory.dmp

                                                                                      Filesize

                                                                                      224KB

                                                                                    • memory/5756-2733-0x000000000A4A0000-0x000000000A4AE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/5756-2737-0x000000000B330000-0x000000000B338000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5756-2745-0x0000000006A10000-0x0000000006A60000-memory.dmp

                                                                                      Filesize

                                                                                      320KB

                                                                                    • memory/5756-2725-0x0000000007470000-0x0000000007502000-memory.dmp

                                                                                      Filesize

                                                                                      584KB

                                                                                    • memory/5756-2756-0x0000000006A80000-0x0000000006A8A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/5756-2724-0x0000000007170000-0x00000000071D6000-memory.dmp

                                                                                      Filesize

                                                                                      408KB

                                                                                    • memory/5756-2748-0x0000000006B70000-0x0000000006B82000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/5756-2722-0x00000000064D0000-0x0000000006827000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/5756-2721-0x00000000064A0000-0x00000000064C2000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/5756-2680-0x00000000006F0000-0x0000000000758000-memory.dmp

                                                                                      Filesize

                                                                                      416KB

                                                                                    • memory/5756-2684-0x0000000005360000-0x00000000054CA000-memory.dmp

                                                                                      Filesize

                                                                                      1.4MB

                                                                                    • memory/5756-2688-0x0000000005770000-0x0000000005804000-memory.dmp

                                                                                      Filesize

                                                                                      592KB

                                                                                    • memory/5756-2692-0x0000000005910000-0x0000000005A0C000-memory.dmp

                                                                                      Filesize

                                                                                      1008KB

                                                                                    • memory/5756-2700-0x0000000005720000-0x0000000005770000-memory.dmp

                                                                                      Filesize

                                                                                      320KB

                                                                                    • memory/5756-2696-0x0000000005330000-0x0000000005338000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5756-2704-0x0000000005D50000-0x0000000005E02000-memory.dmp

                                                                                      Filesize

                                                                                      712KB

                                                                                    • memory/5756-2716-0x0000000005CE0000-0x0000000005CE8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5756-2712-0x0000000005CB0000-0x0000000005CD6000-memory.dmp

                                                                                      Filesize

                                                                                      152KB

                                                                                    • memory/5756-2717-0x0000000006060000-0x0000000006070000-memory.dmp

                                                                                      Filesize

                                                                                      64KB

                                                                                    • memory/5756-2708-0x0000000005C90000-0x0000000005CA4000-memory.dmp

                                                                                      Filesize

                                                                                      80KB

                                                                                    • memory/6112-3249-0x00000222E61F0000-0x00000222E627A000-memory.dmp

                                                                                      Filesize

                                                                                      552KB

                                                                                    • memory/6112-3266-0x00000222E9020000-0x00000222E911C000-memory.dmp

                                                                                      Filesize

                                                                                      1008KB

                                                                                    • memory/6112-3243-0x00000222CC0E0000-0x00000222CC0EA000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/6112-3244-0x00000222E5A80000-0x00000222E5AA6000-memory.dmp

                                                                                      Filesize

                                                                                      152KB

                                                                                    • memory/6112-3246-0x00000222E5A70000-0x00000222E5A80000-memory.dmp

                                                                                      Filesize

                                                                                      64KB

                                                                                    • memory/6112-3247-0x00000222E4BA0000-0x00000222E4BA8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3248-0x00000222E5A60000-0x00000222E5A6E000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/6112-3242-0x00000222CC0F0000-0x00000222CC104000-memory.dmp

                                                                                      Filesize

                                                                                      80KB

                                                                                    • memory/6112-3250-0x00000222E63E0000-0x00000222E6540000-memory.dmp

                                                                                      Filesize

                                                                                      1.4MB

                                                                                    • memory/6112-3251-0x00000222E6540000-0x00000222E65FA000-memory.dmp

                                                                                      Filesize

                                                                                      744KB

                                                                                    • memory/6112-3253-0x00000222E61B0000-0x00000222E61BC000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                    • memory/6112-3254-0x00000222E6670000-0x00000222E66B2000-memory.dmp

                                                                                      Filesize

                                                                                      264KB

                                                                                    • memory/6112-3256-0x00000222E61C0000-0x00000222E61CE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/6112-3255-0x00000222E66C0000-0x00000222E66F8000-memory.dmp

                                                                                      Filesize

                                                                                      224KB

                                                                                    • memory/6112-3257-0x00000222E8C10000-0x00000222E8C18000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3258-0x00000222E8C70000-0x00000222E8CC0000-memory.dmp

                                                                                      Filesize

                                                                                      320KB

                                                                                    • memory/6112-3241-0x00000222E5C90000-0x00000222E5D8C000-memory.dmp

                                                                                      Filesize

                                                                                      1008KB

                                                                                    • memory/6112-3260-0x00000222E8D70000-0x00000222E8E1A000-memory.dmp

                                                                                      Filesize

                                                                                      680KB

                                                                                    • memory/6112-3261-0x00000222E8E70000-0x00000222E8ECE000-memory.dmp

                                                                                      Filesize

                                                                                      376KB

                                                                                    • memory/6112-3265-0x00000222E8CF0000-0x00000222E8D0C000-memory.dmp

                                                                                      Filesize

                                                                                      112KB

                                                                                    • memory/6112-3264-0x00000222E8C50000-0x00000222E8C6E000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/6112-3245-0x00000222CC310000-0x00000222CC318000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3263-0x00000222E8ED0000-0x00000222E8F20000-memory.dmp

                                                                                      Filesize

                                                                                      320KB

                                                                                    • memory/6112-3262-0x00000222E8CC0000-0x00000222E8CE2000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/6112-3271-0x00000222E8D10000-0x00000222E8D22000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/6112-3240-0x00000222CC2F0000-0x00000222CC30A000-memory.dmp

                                                                                      Filesize

                                                                                      104KB

                                                                                    • memory/6112-3239-0x00000222CC0C0000-0x00000222CC0CE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/6112-3234-0x00000222E5BD0000-0x00000222E5C82000-memory.dmp

                                                                                      Filesize

                                                                                      712KB

                                                                                    • memory/6112-3310-0x00000222E4470000-0x00000222E45A2000-memory.dmp

                                                                                      Filesize

                                                                                      1.2MB

                                                                                    • memory/6112-3315-0x00000222E4350000-0x00000222E4358000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3316-0x00000222E4360000-0x00000222E4368000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3329-0x00000222E46A0000-0x00000222E46A8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/6112-3336-0x00000222E45D0000-0x00000222E45DE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/6112-3335-0x00000222E45E0000-0x00000222E45F8000-memory.dmp

                                                                                      Filesize

                                                                                      96KB

                                                                                    • memory/6112-3337-0x00000222E4620000-0x00000222E4632000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/6112-3235-0x00000222CC110000-0x00000222CC14C000-memory.dmp

                                                                                      Filesize

                                                                                      240KB

                                                                                    • memory/6112-3236-0x00000222CC290000-0x00000222CC2B2000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/6112-3237-0x00000222CC2C0000-0x00000222CC2EA000-memory.dmp

                                                                                      Filesize

                                                                                      168KB

                                                                                    • memory/6112-3233-0x00000222E4D30000-0x00000222E4DCE000-memory.dmp

                                                                                      Filesize

                                                                                      632KB

                                                                                    • memory/6112-3232-0x00000222E4AF0000-0x00000222E4B84000-memory.dmp

                                                                                      Filesize

                                                                                      592KB

                                                                                    • memory/6112-3231-0x00000222E4BC0000-0x00000222E4D2A000-memory.dmp

                                                                                      Filesize

                                                                                      1.4MB

                                                                                    • memory/6112-3230-0x00000222CA170000-0x00000222CA468000-memory.dmp

                                                                                      Filesize

                                                                                      3.0MB