Overview

overview

10

Static

static

3

7618d939f6...6b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7618d939f65b49c0ad06e7c1a2e07cbde4177913f02b8b218f5fafb4302abd6b.exe

  • Size

    6.9MB

  • MD5

    265faad83894879c85002bd898d61cb3

  • SHA1

    1abc0df0563075b34f8062f7dcef2815a470483a

  • SHA256

    7618d939f65b49c0ad06e7c1a2e07cbde4177913f02b8b218f5fafb4302abd6b

  • SHA512

    270a3150d8dab00605a9e9518a81518340557169ab16e836909efef30c59afaf991413cf5caf22a5e7ec9a774f1baef3a97a15841af0b0cc14c1da67b2a611fb

  • SSDEEP

    196608:ZjOxUy7BUe44Vw1imYA4hyl6wKnfxAxTooNna:ZixXBs4O1iI4hyMwg4oOna

Score
10/10
amadeycryptbotgcleanerlummanetsupportstealcxmrig9c9aa5stokcredential_accessdiscoveryevasionloaderminerpersistenceprivilege_escalationratspywarestealertrojanupx

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://pollution-raker.cyou/api

https://hosue-billowy.cyou/api

https://ripe-blade.cyou/api

https://smash-boiling.cyou/api

https://supporse-comment.cyou/api

https://greywe-snotty.cyou/api

https://steppriflej.xyz/api

https://sendypaster.xyz/api

https://cuddlyready.xyz/api

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

cryptbot

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 14 IoCs
    evasion
  • XMRig Miner payload 2 IoCs
    miner
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 28 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 44 IoCs
  • Identifies Wine through registry keys 2 TTPs 14 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 16 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 6 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 24 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 7 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    PID:3388
    • C:\Users\Admin\AppData\Local\Temp\7618d939f65b49c0ad06e7c1a2e07cbde4177913f02b8b218f5fafb4302abd6b.exe
      "C:\Users\Admin\AppData\Local\Temp\7618d939f65b49c0ad06e7c1a2e07cbde4177913f02b8b218f5fafb4302abd6b.exe"
      2⤵
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Z1K68.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Z1K68.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v0g42.exe
          C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v0g42.exe
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1980
          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1d52N9.exe
            C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1d52N9.exe
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:2888
            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
              "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Checks computer location settings
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Adds Run key to start application
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:1956
              • C:\Users\Admin\AppData\Local\Temp\1020057001\SurveillanceWalls.exe
                "C:\Users\Admin\AppData\Local\Temp\1020057001\SurveillanceWalls.exe"
                7⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:3052
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:1560
                  • C:\Windows\SysWOW64\tasklist.exe
                    tasklist
                    9⤵
                    • Enumerates processes with tasklist
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:860
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr /I "opssvc wrsa"
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2880
                  • C:\Windows\SysWOW64\tasklist.exe
                    tasklist
                    9⤵
                    • Enumerates processes with tasklist
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:888
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                    9⤵
                      PID:996
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c md 370821
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:2492
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr /V "Anchor" Veterinary
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1752
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:3840
                    • C:\Users\Admin\AppData\Local\Temp\370821\Sale.com
                      Sale.com w
                      9⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:1080
                    • C:\Windows\SysWOW64\choice.exe
                      choice /d y /t 5
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:4316
                • C:\Users\Admin\AppData\Local\Temp\1020068001\O8FeZRE.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020068001\O8FeZRE.exe"
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:2620
                • C:\Users\Admin\AppData\Local\Temp\1020155001\1b55561233.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020155001\1b55561233.exe"
                  7⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:1076
                  • C:\Users\Public\Netstat\FuturreApp.exe
                    "C:\Users\Public\Netstat\FuturreApp.exe"
                    8⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    PID:3316
                • C:\Users\Admin\AppData\Local\Temp\1020221001\a355dcb28e.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020221001\a355dcb28e.exe"
                  7⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1752
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1532
                    8⤵
                    • Program crash
                    PID:4556
                • C:\Users\Admin\AppData\Local\Temp\1020222001\08bc6e06f5.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020222001\08bc6e06f5.exe"
                  7⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:4488
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c copy Podcasts Podcasts.cmd & Podcasts.cmd
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:804
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      9⤵
                      • Enumerates processes with tasklist
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1072
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr /I "opssvc wrsa"
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1204
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      9⤵
                      • Enumerates processes with tasklist
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1576
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1436
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c md 99123
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1752
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr /V "follow" Traveller
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:3012
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c copy /b ..\Sky + ..\Images + ..\Similarly + ..\Mp + ..\Investigators + ..\Accompanying + ..\Provincial J
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:4764
                    • C:\Users\Admin\AppData\Local\Temp\99123\Laptops.com
                      Laptops.com J
                      9⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:2532
                    • C:\Windows\SysWOW64\choice.exe
                      choice /d y /t 5
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:2268
                • C:\Users\Admin\AppData\Local\Temp\1020223001\541738cf3b.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020223001\541738cf3b.exe"
                  7⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • Drops file in Program Files directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1816
                  • C:\Program Files\Windows Media Player\graph\graph.exe
                    "C:\Program Files\Windows Media Player\graph\graph.exe"
                    8⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2316
                • C:\Users\Admin\AppData\Local\Temp\1020224001\8457074956.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020224001\8457074956.exe"
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:1504
                • C:\Users\Admin\AppData\Local\Temp\1020225001\decafb5a88.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020225001\decafb5a88.exe"
                  7⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:2336
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:4224
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      9⤵
                      • Enumerates processes with tasklist
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3004
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr /I "opssvc wrsa"
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:2888
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      9⤵
                      • Enumerates processes with tasklist
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4316
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:4076
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c md 370821
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:4640
                    • C:\Windows\SysWOW64\findstr.exe
                      findstr /V "Anchor" Veterinary
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:228
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1276
                    • C:\Users\Admin\AppData\Local\Temp\370821\Sale.com
                      Sale.com w
                      9⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:4516
                    • C:\Windows\SysWOW64\choice.exe
                      choice /d y /t 5
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:4600
                • C:\Users\Admin\AppData\Local\Temp\1020226001\eda1db6a74.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020226001\eda1db6a74.exe"
                  7⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • System Location Discovery: System Language Discovery
                  PID:1096
                  • C:\Users\Admin\AppData\Local\Temp\1020226001\eda1db6a74.exe
                    "C:\Users\Admin\AppData\Local\Temp\1020226001\eda1db6a74.exe"
                    8⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:2516
                • C:\Users\Admin\AppData\Local\Temp\1020227001\7bxDRZV.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020227001\7bxDRZV.exe"
                  7⤵
                  • Executes dropped EXE
                  PID:1696
                • C:\Users\Admin\AppData\Local\Temp\1020228001\c2893b0348.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020228001\c2893b0348.exe"
                  7⤵
                  • Enumerates VirtualBox registry keys
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  PID:2492
                • C:\Users\Admin\AppData\Local\Temp\1020229001\03e6d93a44.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020229001\03e6d93a44.exe"
                  7⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  PID:1080
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 1784
                    8⤵
                    • Program crash
                    PID:6164
                • C:\Users\Admin\AppData\Local\Temp\1020230001\3b36668f47.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020230001\3b36668f47.exe"
                  7⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  PID:2584
                • C:\Users\Admin\AppData\Local\Temp\1020231001\8ef4b99307.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020231001\8ef4b99307.exe"
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:4240
                • C:\Users\Admin\AppData\Local\Temp\1020232001\d56c8b5a32.exe
                  "C:\Users\Admin\AppData\Local\Temp\1020232001\d56c8b5a32.exe"
                  7⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:3652
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
                    8⤵
                      PID:4432
                      • C:\Windows\system32\mode.com
                        mode 65,10
                        9⤵
                          PID:4896
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4456
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_7.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:848
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_6.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1364
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_5.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4188
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_4.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3132
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_3.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3536
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_2.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4800
                        • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                          7z.exe e extracted/file_1.zip -oextracted
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2888
                        • C:\Windows\system32\attrib.exe
                          attrib +H "in.exe"
                          9⤵
                          • Views/modifies file attributes
                          PID:4056
                        • C:\Users\Admin\AppData\Local\Temp\main\in.exe
                          "in.exe"
                          9⤵
                          • Executes dropped EXE
                          PID:4640
                          • C:\Windows\SYSTEM32\attrib.exe
                            attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                            10⤵
                            • Views/modifies file attributes
                            PID:412
                          • C:\Windows\SYSTEM32\attrib.exe
                            attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                            10⤵
                            • Views/modifies file attributes
                            PID:724
                          • C:\Windows\SYSTEM32\schtasks.exe
                            schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                            10⤵
                            • Scheduled Task/Job: Scheduled Task
                            PID:2328
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            powershell ping 127.0.0.1; del in.exe
                            10⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1712
                            • C:\Windows\system32\PING.EXE
                              "C:\Windows\system32\PING.EXE" 127.0.0.1
                              11⤵
                              • System Network Configuration Discovery: Internet Connection Discovery
                              • Runs ping.exe
                              PID:3900
                    • C:\Users\Admin\AppData\Local\Temp\1020233001\348b63852b.exe
                      "C:\Users\Admin\AppData\Local\Temp\1020233001\348b63852b.exe"
                      7⤵
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      PID:1752
                    • C:\Users\Admin\AppData\Local\Temp\1020234001\9a7a5f90b9.exe
                      "C:\Users\Admin\AppData\Local\Temp\1020234001\9a7a5f90b9.exe"
                      7⤵
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      PID:3560
                    • C:\Users\Admin\AppData\Local\Temp\1020235001\666a4bd974.exe
                      "C:\Users\Admin\AppData\Local\Temp\1020235001\666a4bd974.exe"
                      7⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:4144
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /F /IM firefox.exe /T
                        8⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2888
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /F /IM chrome.exe /T
                        8⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1608
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /F /IM msedge.exe /T
                        8⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:392
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /F /IM opera.exe /T
                        8⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4252
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /F /IM brave.exe /T
                        8⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4596
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                        8⤵
                          PID:348
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                            9⤵
                            • Checks processor information in registry
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of SetWindowsHookEx
                            PID:1456
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4ef713a-d1e1-4a03-b32d-004f4d86001e} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" gpu
                              10⤵
                                PID:2056
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2484 -parentBuildID 20240401114208 -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f68f6183-3b05-427b-9ec0-170d11cca5e7} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" socket
                                10⤵
                                  PID:888
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7decc3a2-1c95-4c43-82b4-e3e84be024d0} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" tab
                                  10⤵
                                    PID:2256
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {067465fb-500c-4677-b3b4-323f2a77f95e} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" tab
                                    10⤵
                                      PID:3872
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4476 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 4452 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c21d6de-c38d-4573-9460-a44394f874e0} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" utility
                                      10⤵
                                      • Checks processor information in registry
                                      PID:6628
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 5168 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f232a2a0-7368-4411-b8dd-4d337fd30b81} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" tab
                                      10⤵
                                        PID:2720
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5312 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea9dae54-bb1f-4c06-876e-f9a445a53c4b} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" tab
                                        10⤵
                                          PID:224
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5324 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d6cf018-32c6-43ad-91cd-4b24194a495e} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" tab
                                          10⤵
                                            PID:5144
                                • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z9698.exe
                                  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z9698.exe
                                  5⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:680
                              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3x96j.exe
                                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3x96j.exe
                                4⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Identifies Wine through registry keys
                                • Loads dropped DLL
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • System Location Discovery: System Language Discovery
                                • Checks processor information in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of WriteProcessMemory
                                PID:4448
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  5⤵
                                  • Uses browser remote debugging
                                  • Enumerates system info in registry
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of WriteProcessMemory
                                  PID:2260
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd3a0cc40,0x7ffdd3a0cc4c,0x7ffdd3a0cc58
                                    6⤵
                                      PID:1276
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:2
                                      6⤵
                                        PID:1892
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
                                        6⤵
                                          PID:4468
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
                                          6⤵
                                            PID:1072
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
                                            6⤵
                                            • Uses browser remote debugging
                                            PID:1428
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3472,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
                                            6⤵
                                            • Uses browser remote debugging
                                            PID:3796
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
                                            6⤵
                                            • Uses browser remote debugging
                                            PID:2608
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
                                            6⤵
                                              PID:4328
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
                                              6⤵
                                                PID:1296
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
                                                6⤵
                                                  PID:4824
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
                                                  6⤵
                                                    PID:1840
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8
                                                    6⤵
                                                      PID:3856
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5304,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
                                                      6⤵
                                                        PID:3932
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5296,i,11228392473069681776,139470405130572827,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:2
                                                        6⤵
                                                        • Uses browser remote debugging
                                                        PID:4224
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      • Enumerates system info in registry
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:4440
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718
                                                        6⤵
                                                        • Checks processor information in registry
                                                        • Enumerates system info in registry
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5056
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
                                                        6⤵
                                                          PID:1508
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
                                                          6⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2492
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 /prefetch:2
                                                          6⤵
                                                            PID:4588
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 /prefetch:8
                                                            6⤵
                                                              PID:1300
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2900 /prefetch:2
                                                              6⤵
                                                                PID:4480
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3252 /prefetch:2
                                                                6⤵
                                                                  PID:4244
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2752 /prefetch:2
                                                                  6⤵
                                                                    PID:4380
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
                                                                    6⤵
                                                                    • Uses browser remote debugging
                                                                    PID:4768
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                                                    6⤵
                                                                    • Uses browser remote debugging
                                                                    PID:4764
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2764 /prefetch:2
                                                                    6⤵
                                                                      PID:4372
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3184 /prefetch:2
                                                                      6⤵
                                                                        PID:4416
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3256 /prefetch:2
                                                                        6⤵
                                                                          PID:2332
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,1477956323017324337,398429960464102305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3924 /prefetch:2
                                                                          6⤵
                                                                            PID:908
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\Documents\IIEHCFIDHI.exe"
                                                                          5⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:972
                                                                          • C:\Users\Admin\Documents\IIEHCFIDHI.exe
                                                                            "C:\Users\Admin\Documents\IIEHCFIDHI.exe"
                                                                            6⤵
                                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                            • Checks BIOS information in registry
                                                                            • Executes dropped EXE
                                                                            • Identifies Wine through registry keys
                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:4744
                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4z424u.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4z424u.exe
                                                                      3⤵
                                                                      • Modifies Windows Defender Real-time Protection settings
                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                      • Checks BIOS information in registry
                                                                      • Executes dropped EXE
                                                                      • Identifies Wine through registry keys
                                                                      • Windows security modification
                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:3060
                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                  1⤵
                                                                    PID:3872
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                    1⤵
                                                                      PID:936
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 1752 -ip 1752
                                                                      1⤵
                                                                        PID:4948
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:4188
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        PID:2176
                                                                      • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                        C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        PID:1164
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          2⤵
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:3172
                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                                                                          2⤵
                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:6384
                                                                          • C:\Windows\system32\PING.EXE
                                                                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                                                                            3⤵
                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                            • Runs ping.exe
                                                                            PID:6604
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1080 -ip 1080
                                                                        1⤵
                                                                          PID:5916

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v15

                                                                        Reconnaissance

                                                                        Resource Development

                                                                        Initial Access

                                                                        Execution

                                                                        Scheduled Task/Job

                                                                        1
                                                                        T1053

                                                                        Scheduled Task

                                                                        1
                                                                        T1053.005

                                                                        Persistence

                                                                        Boot or Logon Autostart Execution

                                                                        1
                                                                        T1547

                                                                        Registry Run Keys / Startup Folder

                                                                        1
                                                                        T1547.001

                                                                        Create or Modify System Process

                                                                        1
                                                                        T1543

                                                                        Windows Service

                                                                        1
                                                                        T1543.003

                                                                        Event Triggered Execution

                                                                        1
                                                                        T1546

                                                                        Component Object Model Hijacking

                                                                        1
                                                                        T1546.015

                                                                        Modify Authentication Process

                                                                        1
                                                                        T1556

                                                                        Scheduled Task/Job

                                                                        1
                                                                        T1053

                                                                        Scheduled Task

                                                                        1
                                                                        T1053.005

                                                                        Privilege Escalation

                                                                        Boot or Logon Autostart Execution

                                                                        1
                                                                        T1547

                                                                        Registry Run Keys / Startup Folder

                                                                        1
                                                                        T1547.001

                                                                        Create or Modify System Process

                                                                        1
                                                                        T1543

                                                                        Windows Service

                                                                        1
                                                                        T1543.003

                                                                        Event Triggered Execution

                                                                        1
                                                                        T1546

                                                                        Component Object Model Hijacking

                                                                        1
                                                                        T1546.015

                                                                        Scheduled Task/Job

                                                                        1
                                                                        T1053

                                                                        Scheduled Task

                                                                        1
                                                                        T1053.005

                                                                        Defense Evasion

                                                                        Hide Artifacts

                                                                        1
                                                                        T1564

                                                                        Hidden Files and Directories

                                                                        1
                                                                        T1564.001

                                                                        Impair Defenses

                                                                        2
                                                                        T1562

                                                                        Disable or Modify Tools

                                                                        2
                                                                        T1562.001

                                                                        Modify Authentication Process

                                                                        1
                                                                        T1556

                                                                        Modify Registry

                                                                        3
                                                                        T1112

                                                                        Virtualization/Sandbox Evasion

                                                                        3
                                                                        T1497

                                                                        Credential Access

                                                                        Credentials from Password Stores

                                                                        1
                                                                        T1555

                                                                        Credentials from Web Browsers

                                                                        1
                                                                        T1555.003

                                                                        Modify Authentication Process

                                                                        1
                                                                        T1556

                                                                        Steal Web Session Cookie

                                                                        1
                                                                        T1539

                                                                        Unsecured Credentials

                                                                        4
                                                                        T1552

                                                                        Credentials In Files

                                                                        4
                                                                        T1552.001

                                                                        Discovery

                                                                        Browser Information Discovery

                                                                        1
                                                                        T1217

                                                                        Process Discovery

                                                                        1
                                                                        T1057

                                                                        Query Registry

                                                                        9
                                                                        T1012

                                                                        Remote System Discovery

                                                                        1
                                                                        T1018

                                                                        System Information Discovery

                                                                        5
                                                                        T1082

                                                                        System Location Discovery

                                                                        1
                                                                        T1614

                                                                        System Language Discovery

                                                                        1
                                                                        T1614.001

                                                                        System Network Configuration Discovery

                                                                        1
                                                                        T1016

                                                                        Internet Connection Discovery

                                                                        1
                                                                        T1016.001

                                                                        Virtualization/Sandbox Evasion

                                                                        3
                                                                        T1497

                                                                        Lateral Movement

                                                                        Collection

                                                                        Data from Local System

                                                                        3
                                                                        T1005

                                                                        Command and Control

                                                                        Web Service

                                                                        1
                                                                        T1102

                                                                        Exfiltration

                                                                        Impact

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\ProgramData\mozglue.dll
                                                                          Filesize

                                                                          593KB

                                                                          MD5

                                                                          c8fd9be83bc728cc04beffafc2907fe9

                                                                          SHA1

                                                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                          SHA256

                                                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                          SHA512

                                                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                          Filesize

                                                                          649B

                                                                          MD5

                                                                          b409455c78b06ac1184d27734873797e

                                                                          SHA1

                                                                          a88e693cc61b139aa0fbe4887537d025afc9787d

                                                                          SHA256

                                                                          784e33033a2350b489b5ff43a4fa76d4d11cc5551c351b7add5abbf0458b912b

                                                                          SHA512

                                                                          41c5a761ce56878e9f30625c4934458cc8cd6ccb39763e9028548a281aec8a5965dc823b6624565389c7f8625d2453b035780913ba24776e1a19d944acd90746

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                                                          Filesize

                                                                          851B

                                                                          MD5

                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                          SHA1

                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                          SHA256

                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                          SHA512

                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                                                          Filesize

                                                                          854B

                                                                          MD5

                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                          SHA1

                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                          SHA256

                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                          SHA512

                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                          Filesize

                                                                          2B

                                                                          MD5

                                                                          d751713988987e9331980363e24189ce

                                                                          SHA1

                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                          SHA256

                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                          SHA512

                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                          Filesize

                                                                          150B

                                                                          MD5

                                                                          814c0dcbc4e72f55a76e233b4083192c

                                                                          SHA1

                                                                          bdf5f616e626567bb314f48c6d83d44d0cab14b1

                                                                          SHA256

                                                                          2b51668c6ef78ddcac7ff492838e65eb3441437d2c7f45cbb6fe3c03b17d7a0d

                                                                          SHA512

                                                                          554ae8e40f59fb5faaabdc87972ae376fff01114f6e939632b3e384de8c75e0d9424ba034e010a6c9183f77c0d944e5473c02d55e68075ddd422fdd5985fdaba

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b09ca03e-317b-4460-8da5-64a9f86a1b43.dmp
                                                                          Filesize

                                                                          10.4MB

                                                                          MD5

                                                                          a3c20441ccf171db9ba0491b141c2391

                                                                          SHA1

                                                                          13721e677603eea66eccbd2ffa558fd978eeaa49

                                                                          SHA256

                                                                          e3d4df13cfbb19ddcbb384dba2a4efb08e3bc1c26ee67efd1cdd5026e27b350a

                                                                          SHA512

                                                                          30cccc093d5f80bb69ee4c6ea2b589c86a533e30fb5f53681306e3bd8ca964f4a9738b5e8f426038ab6aceb4e7447b0e6d851758afb85e5dd3bc1dd1ab5c6238

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          37f660dd4b6ddf23bc37f5c823d1c33a

                                                                          SHA1

                                                                          1c35538aa307a3e09d15519df6ace99674ae428b

                                                                          SHA256

                                                                          4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                                                                          SHA512

                                                                          807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          d7cb450b1315c63b1d5d89d98ba22da5

                                                                          SHA1

                                                                          694005cd9e1a4c54e0b83d0598a8a0c089df1556

                                                                          SHA256

                                                                          38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                                                                          SHA512

                                                                          df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5feb9d64-f700-4e80-b0ee-0106904d6c24.tmp
                                                                          Filesize

                                                                          1B

                                                                          MD5

                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                          SHA1

                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                          SHA256

                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                          SHA512

                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                          Filesize

                                                                          5KB

                                                                          MD5

                                                                          59ba959e268385686e5dd972b0443b28

                                                                          SHA1

                                                                          15898d865ea53bfdcb893bf0cefdabc021c382b0

                                                                          SHA256

                                                                          60359ed269d684183abfca501f12ae8c0a749f033bb26477f185bdd4713c7ce4

                                                                          SHA512

                                                                          9bb1885dbc16ad0dbb4e8022a910fa1afbd2ab5d06453542fc609d1e51215960cd4623facf443d7d0d6a39f09738313b328d630304c4c11264d0559b2ad03fc9

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                          Filesize

                                                                          264KB

                                                                          MD5

                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                          SHA1

                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                          SHA256

                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                          SHA512

                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EFY08QA2\download[1].htm
                                                                          Filesize

                                                                          1B

                                                                          MD5

                                                                          cfcd208495d565ef66e7dff9f98764da

                                                                          SHA1

                                                                          b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                          SHA256

                                                                          5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                          SHA512

                                                                          31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json
                                                                          Filesize

                                                                          19KB

                                                                          MD5

                                                                          ec7e538f0862d8dc8e17a5e93573749e

                                                                          SHA1

                                                                          a59b145bc16c36d552d3cddf17dc0182b3f4aa51

                                                                          SHA256

                                                                          e85f0eb20f535299eb57f9247750f87f371c3fa8ee1cb95c3405fb049b395978

                                                                          SHA512

                                                                          7fb87a71b4c4dcb1fc89cef61a20266ca427e067d5f54be636f76cb2adcdf8e4e84998bc533a772ffe0b01124c5ee08ab3dafb109dc6fb71e7a0825a85d64a2c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31
                                                                          Filesize

                                                                          13KB

                                                                          MD5

                                                                          341ffd64596ba35d10d8d58eab5148dc

                                                                          SHA1

                                                                          911ae6668661a91697585ed9f0b93f70dac2065f

                                                                          SHA256

                                                                          23bf63992b22af10b6f8abb90f41a445bb9b986141abb189a602ba5fca4f7153

                                                                          SHA512

                                                                          7d64ff93040ce33cde1fd3c91dceb44e871f83b40e58f065d79102bf0f21aaf5db338a45254e9d67abfece1663fa5b1e9ed7532fe85c0cc1cd02a3177e489f7b

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                                                                          Filesize

                                                                          15KB

                                                                          MD5

                                                                          96c542dec016d9ec1ecc4dddfcbaac66

                                                                          SHA1

                                                                          6199f7648bb744efa58acf7b96fee85d938389e4

                                                                          SHA256

                                                                          7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                                                          SHA512

                                                                          cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020057001\SurveillanceWalls.exe
                                                                          Filesize

                                                                          1.2MB

                                                                          MD5

                                                                          5a909c9769920208ed3d4d7279f08de5

                                                                          SHA1

                                                                          656f447088626150e252cbf7df6f8cd0de596fa0

                                                                          SHA256

                                                                          5f2c26e780639a76f10c549e7dea1421c4f06093c1facbf4dd8cf0a8b2fee8cb

                                                                          SHA512

                                                                          c6038048bd09c8f704246a6ba176ea63b1c8d23f2e127600c50bac50f3032c1b751ea8e405a2fe1ea707f75f21cf6516447345a84751bc677d94874d4b91090b

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020068001\O8FeZRE.exe
                                                                          Filesize

                                                                          295KB

                                                                          MD5

                                                                          ef9b9ffab9d91e590c6bda0280686d52

                                                                          SHA1

                                                                          bcbdca605606f483e76ae821b7bf81ca3e1b529a

                                                                          SHA256

                                                                          1345ad4c782c91049a16ec9f01b04bfc83a4f0e1e259cfed2b535f8ec6b75590

                                                                          SHA512

                                                                          3b362b306ba8357ac2eecd7354799e203d42fdee849584b26ee2c4c7b2c632c64558fd84f22c1dff35957f6950e333d005a225a54bdab4b3f53812041ea6345c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020155001\1b55561233.exe
                                                                          Filesize

                                                                          2.0MB

                                                                          MD5

                                                                          e5f8753995c0b30b827aa2b17f3e1d22

                                                                          SHA1

                                                                          b268ee165073321cb893fc6dc682adbe38af87b5

                                                                          SHA256

                                                                          c3a4ec523039d5969745279b8909fbb82bfc999d9241e24b5cefea23a3f2c04f

                                                                          SHA512

                                                                          dba6104720c45c3201878c515dac487b0f66522e85db56cf19b4378d4da94d38e640eb48259a6ca3fd8602b083283915bdebdc8bb57039f1cdd2fe84792ba2fa

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020221001\a355dcb28e.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          15709eba2afaf7cc0a86ce0abf8e53f1

                                                                          SHA1

                                                                          238ebf0d386ecf0e56d0ddb60faca0ea61939bb6

                                                                          SHA256

                                                                          10bff40a9d960d0be3cc81b074a748764d7871208f324de26d365b1f8ea3935a

                                                                          SHA512

                                                                          65edefa20f0bb35bee837951ccd427b94a18528c6e84de222b1aa0af380135491bb29a049009f77e66fcd2abe5376a831d98e39055e1042ccee889321b96e8e9

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020222001\08bc6e06f5.exe
                                                                          Filesize

                                                                          1017KB

                                                                          MD5

                                                                          af97661ca877fa1c644ead6567388945

                                                                          SHA1

                                                                          6ecb6d1a317e72a39a88f86c1f47b4e00427b8fc

                                                                          SHA256

                                                                          f88e4323299b2af453ce04ef6f5dc55b753d9210d7e598a0085bf3c21a5a4f0a

                                                                          SHA512

                                                                          9f99c8f1f4c343fc920146dd3c8d130d724b838a80ed2b4514172bbdfea2e5bc98fd27d42a2748cfec73a5680861bcf170c70ae9e45a2fed86ad6ec621899713

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020223001\541738cf3b.exe
                                                                          Filesize

                                                                          591KB

                                                                          MD5

                                                                          3567cb15156760b2f111512ffdbc1451

                                                                          SHA1

                                                                          2fdb1f235fc5a9a32477dab4220ece5fda1539d4

                                                                          SHA256

                                                                          0285d3a6c1ca2e3a993491c44e9cf2d33dbec0fb85fdbf48989a4e3b14b37630

                                                                          SHA512

                                                                          e7a31b016417218387a4702e525d33dd4fe496557539b2ab173cec0cb92052c750cfc4b3e7f02f3c66ac23f19a0c8a4eb6c9d2b590a5e9faeb525e517bc877ba

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020224001\8457074956.exe
                                                                          Filesize

                                                                          2.5MB

                                                                          MD5

                                                                          87330f1877c33a5a6203c49075223b16

                                                                          SHA1

                                                                          55b64ee8b2d1302581ab1978e9588191e4e62f81

                                                                          SHA256

                                                                          98f2344ed45ff0464769e5b006bf0e831dc3834f0534a23339bb703e50db17e0

                                                                          SHA512

                                                                          7c747d3edb04e4e71dce7efa33f5944a191896574fee5227316739a83d423936a523df12f925ee9b460cce23b49271f549c1ee5d77b50a7d7c6e3f31ba120c8f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020226001\eda1db6a74.exe
                                                                          Filesize

                                                                          758KB

                                                                          MD5

                                                                          afd936e441bf5cbdb858e96833cc6ed3

                                                                          SHA1

                                                                          3491edd8c7caf9ae169e21fb58bccd29d95aefef

                                                                          SHA256

                                                                          c6491d7a6d70c7c51baca7436464667b4894e4989fa7c5e05068dde4699e1cbf

                                                                          SHA512

                                                                          928c15a1eda602b2a66a53734f3f563ab9626882104e30ee2bf5106cfd6e08ec54f96e3063f1ab89bf13be2c8822a8419f5d8ee0a3583a4c479785226051a325

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020227001\7bxDRZV.exe
                                                                          Filesize

                                                                          2.2MB

                                                                          MD5

                                                                          f0389b89fc65d7c8cc98e40f1412796e

                                                                          SHA1

                                                                          7ecd48c055f89880299a3b10ee45bd522b402f05

                                                                          SHA256

                                                                          cd6c119a7ae1dee28a0d68f136b76cd05ae3486ce47788aa77af5dc3d4a44798

                                                                          SHA512

                                                                          11a68183ae94e34d5fdce3175aeae90193b1b02056627be7bbd81739900cc295ae01a202832cc4da88691345f4248a04ce73fc447aaceb26296541dc712384b4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020228001\c2893b0348.exe
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          10e8ef90835832169a076d05e774f142

                                                                          SHA1

                                                                          c51471d93ba9f63141f9c31d77ec8d856d4e0e56

                                                                          SHA256

                                                                          e0fe5fa47cd60c499a3c082fdb3a6fbfae1eb2637ac133a7ffa317c334c62735

                                                                          SHA512

                                                                          1ec9511b56bcf1f000f006cb522659787c7a10842f3febfc5b9afe86b425285ee1bd2e182f9bf1eefcf911de3236e8dfa5dc380b7cfd64bf0f4b6aa78fc81fe9

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020229001\03e6d93a44.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          b1a68753825e890e22168a4c73258001

                                                                          SHA1

                                                                          9e07d4b37c784755eac9593a78bac5e2d06a8204

                                                                          SHA256

                                                                          42965cf4d4b1610ff7006210ed48b2ed7d426cc43c13eae9dab916d62054c307

                                                                          SHA512

                                                                          cf74f1cc8a0cb2e1591dede7fb4bbc45523079dd7dc92cf9e73f2095505f52e821eb7b8de868f54bbecacf8396bfb125f6c43de26b556bdbd11e3076b33c71d1

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020230001\3b36668f47.exe
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          5fcf1c70847c8d629264384d6d6c8acf

                                                                          SHA1

                                                                          d9edad7806c30dd9b980d4705a0891339621cf7a

                                                                          SHA256

                                                                          e78ed16dc1488e89f074a3b7f92683910d50f3849c7e94531b13cccf5eface73

                                                                          SHA512

                                                                          5f317afdee88fadd924f2f3f3eb95226a627ccf8061357fe0a3fb7e2d8ace5da2bf5fc383038c2b191eea94a804e36611bcc2226b565955fa6e3d6f8510f4175

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020232001\d56c8b5a32.exe
                                                                          Filesize

                                                                          4.2MB

                                                                          MD5

                                                                          3a425626cbd40345f5b8dddd6b2b9efa

                                                                          SHA1

                                                                          7b50e108e293e54c15dce816552356f424eea97a

                                                                          SHA256

                                                                          ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                                                                          SHA512

                                                                          a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020233001\348b63852b.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          bbd986316ac11a79363a8f2a60b13120

                                                                          SHA1

                                                                          dd849952d4bafa2858c26ba373778ca1e48eede5

                                                                          SHA256

                                                                          ca7c42d87b7c086ae91256bcba201e50c2dbd96892d4f66dcb7a4ef47c1002a6

                                                                          SHA512

                                                                          9870f1cf78e401024b45b0b98337de2db0d5d9fb54f152ddb3b5565bd6cbec362db1cdda2461f21556cd3d98e4b2b42aa0a00e20f698d8eef10897de046914b6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020234001\9a7a5f90b9.exe
                                                                          Filesize

                                                                          2.8MB

                                                                          MD5

                                                                          311bc9ee5151134ca3add8e9aa79cdce

                                                                          SHA1

                                                                          68d1de56f8e82e5e5f1ed3c1bc9ef3f1032c177d

                                                                          SHA256

                                                                          c229461bbc36e4cb5c4b0a5cfb6679d206310e97b7072cc223c933c8a24dd0ca

                                                                          SHA512

                                                                          9834ecda8cd9dc0afaaa81e6700a267df765171b449b3e2f1dae1c95b646f8897b8d9afcd42b716b6f4aaaade7234620d46ec9d87515786a312f966a13c9f1ab

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\1020235001\666a4bd974.exe
                                                                          Filesize

                                                                          947KB

                                                                          MD5

                                                                          cd890bf618fcdd089d1f1f8ad6af73cc

                                                                          SHA1

                                                                          f8abd9143067bebd97c5b075b51a3a6078a73f03

                                                                          SHA256

                                                                          5b5d805b830393f042b8f9a980cde179094cb1955aa857ffa5292f2d25428ada

                                                                          SHA512

                                                                          3c51ad5c9dc8ab1d893af9cc5095976c2de5eb2c3328afcecfa660bd60b43e46bafe1339f7b566ae529735cd6a59f50167643cb17c3061f2609f74fb7ebd4095

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\370821\Sale.com
                                                                          Filesize

                                                                          925KB

                                                                          MD5

                                                                          62d09f076e6e0240548c2f837536a46a

                                                                          SHA1

                                                                          26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

                                                                          SHA256

                                                                          1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

                                                                          SHA512

                                                                          32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\370821\w
                                                                          Filesize

                                                                          445KB

                                                                          MD5

                                                                          d02f356cc528bf6eaa89051942a0b1be

                                                                          SHA1

                                                                          dfecb4ae80274697f0d86e497cd566020ea23739

                                                                          SHA256

                                                                          5ed7e1f92a6bb08458ca99fdc83236095845f5939c6b9f7e423c6db70869b95c

                                                                          SHA512

                                                                          91ec78343e91db20edf97f39c293a5a8a45851c510ad6499c85b26738dfd9e918edda14e8710ece22d855d51d1417e722f19530ce3979e491c2b0dccb5198e57

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Aka
                                                                          Filesize

                                                                          42KB

                                                                          MD5

                                                                          14422967d2c4b9a9a8a90e398b24f500

                                                                          SHA1

                                                                          7031018af43bcc5550a8b0a55680596d693334dc

                                                                          SHA256

                                                                          93db8e88945b7de88e98a7c50d64bffa8b73c3b002c744c8d62c2eadf767cf6f

                                                                          SHA512

                                                                          4b5795f15774a7768a42aa3a2308b9366f47b30c92babf688a67d2abeca0037b63762f3e21154212dc5c8a31bcdd69f029e849e1d4def5676a04b64e2ae90c75

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Anybody
                                                                          Filesize

                                                                          121KB

                                                                          MD5

                                                                          c89fd1314a2184d5d7b4a66de377d5b2

                                                                          SHA1

                                                                          f0ebbc2c8c6f9ebadc6ace713aec1b06f3f841e8

                                                                          SHA256

                                                                          9d1e82e2e430b87b28867ff9745a74e53a128671e9d300f111b1904786c2f856

                                                                          SHA512

                                                                          4b0b16e99d0cacab0b7af1d65cbf9226988752d8fa020b955bf54c634d9d64a05bb036ef590fa0d852d513621a84f4c3dc3c341aa8feffdf350dd8a5dbc75778

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Campbell
                                                                          Filesize

                                                                          11KB

                                                                          MD5

                                                                          e7567ec4057933fa6e06322b7c08b72a

                                                                          SHA1

                                                                          4e733e77915c7dfb7d25e31738e9d596962d4177

                                                                          SHA256

                                                                          1896ef25a6223f19f770da125a4b1bc7c90815ccb682ec7ca780d231a01c28b0

                                                                          SHA512

                                                                          d8a14e5c8225ad8bdbb45317fd41588c12e9e60f1c9ff819d0d15cbc35801b82e7c7981b7dbc815666354950a7f5362fc00765f8a67c9478bd95dc5a31b12c83

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Conferencing
                                                                          Filesize

                                                                          130KB

                                                                          MD5

                                                                          638e7812c5e9c55c5f339cc64d197b28

                                                                          SHA1

                                                                          5ef8a953ef65ab7d0620a5d144f2c410e2a77a2f

                                                                          SHA256

                                                                          347a3459dd74aea0a6b2f62955d1bc9bdb091bb66ca8a42274f7ebf310527fd8

                                                                          SHA512

                                                                          194b0d8799a83210968746c4d3e364ee512669e6080c6b3d215d97c141e8ef7f09152ea524691efcd2276acb1dc158ffd484e3f595ddf2cceb690bd1996c8266

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Debug
                                                                          Filesize

                                                                          112KB

                                                                          MD5

                                                                          d9daf89d86b32df3d7da7ec1cfbf7212

                                                                          SHA1

                                                                          59e1ba3dd32168a3d79a9da2626c99c52970a53e

                                                                          SHA256

                                                                          06f48747a4acb2ee437d03a9e8331cca5c76ee5684e118f491e4faf7799adcc4

                                                                          SHA512

                                                                          24d26b6112417d75915f08562af53eb1bb7ddef2e89e779db52ae0f674ea8ce102984fa2628cee5588c7dc34df00a32497e49ee18f7259c51e4d1c855ab69a6c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Discs
                                                                          Filesize

                                                                          68KB

                                                                          MD5

                                                                          00646a2066d51d9790f52bae3c446c87

                                                                          SHA1

                                                                          ebda2b25b5a46cc6d9d5494050cc4b3a0bf81984

                                                                          SHA256

                                                                          57afab1cec987da27f5e92baa6dc21d83f8c83edf734fc590313102e75844c3a

                                                                          SHA512

                                                                          a74c02ed1b704912a8945e60cacc892f7e832e5cf15c87632b0fd3cbf9ddd8f36b01a5ba87fd7ef87d6becbb297161bb69dc750b8dac6f952892d45cd95f46f0

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Dod
                                                                          Filesize

                                                                          3KB

                                                                          MD5

                                                                          682d77b5a6d22691a869ab4bea11ad53

                                                                          SHA1

                                                                          f56fab8959a05c77570652f5f8e9e4103489e676

                                                                          SHA256

                                                                          c269725998f8f5acdab6a0067457065cc9059326ee0a38ff353c2939a0190c1b

                                                                          SHA512

                                                                          c42d04178ed59683fc4597b83496d7b3c61c1a075b4542abb491c9639531f9737d70ae4172186fd6a3450c26701d794496bd4ae0f5e50db8a3818cd78ed7fd27

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Ejaculation
                                                                          Filesize

                                                                          148KB

                                                                          MD5

                                                                          2e9e29f8ed97f2de8ebb1652bdbd545a

                                                                          SHA1

                                                                          5577d360b25daffa0af907fc5d852894b784f81d

                                                                          SHA256

                                                                          aeb399054cff321f752d4f93143815ff1a2cc2398668c2e1110065a2c6f502f1

                                                                          SHA512

                                                                          f4f925daf3f576441d2b7a0e250a51400b23e714d76870a640734912da783d83ac113586f121161d96d7f06eb70b8d89eb4e0524d591232b0b2a342063e8bcb6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Execution
                                                                          Filesize

                                                                          112KB

                                                                          MD5

                                                                          42fb34ddb94507c5a125bf02c2983904

                                                                          SHA1

                                                                          4e400c020121235e3de490f5cbb38c4a25e686dc

                                                                          SHA256

                                                                          d59efea25d1e316b8a9248f52081ab14113c97603f3e90d533f4f373f743b3c7

                                                                          SHA512

                                                                          639d90cd1cd451ebcb9e5e1c165f7eebb62b30d6bf24c596990ca40e08bce5d0b5864e7a4f0a83624c7cf9ac4ec5c1e7385f59602b206f3346554d62721cd71d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Genre
                                                                          Filesize

                                                                          88KB

                                                                          MD5

                                                                          5ce4409c4aaa9fd5a27ec4974734f1df

                                                                          SHA1

                                                                          bf7ee5465ef96ee0186388b5b0685ad727ed9493

                                                                          SHA256

                                                                          a401b4cd0afbaee57d8025bf4fce12583c825cbc2e3d3f308eb0627cd5bba412

                                                                          SHA512

                                                                          1155b1c58221ba1c809d9d60cd440ebd8788dcd3169ee87bda72fb7061b1e2f849f8bc79ac7053df5de8bc7955db088df778af66900d6f303bde6d61925014e6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Z1K68.exe
                                                                          Filesize

                                                                          5.1MB

                                                                          MD5

                                                                          02a74811f0e553e4bc5606e0e8a0ebc8

                                                                          SHA1

                                                                          b412d6e53d2f5112b9cbdf19444c2eb82b027eb5

                                                                          SHA256

                                                                          d04d93f7554e3b6b8a3229eaea3f13250a1eb2b601f1fa0bd9cb42a5f56b1d75

                                                                          SHA512

                                                                          d7a72679c89141282e1ad5adc6e5aedc88e25779928441f5383a3e9e2b48583c0b2df8c9564b5d29dc11e09d6325bc80cb45f1aae12eda9eef5f81a3b671d3dd

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3x96j.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          696ee1c9d08773339efe314269dcf7f5

                                                                          SHA1

                                                                          21bfb4fcb39ccc3969a0d07cf743b113d64a1c63

                                                                          SHA256

                                                                          57014fe84559fa166db76f925753b65e9b18fc6e175e7c6900b67b4487e6c519

                                                                          SHA512

                                                                          eb7b0ca0510d332c123c2cdd998e7c8af22f1922ff5f1f8075c8774a93e46268e7965d9ec763f45ad8cd70a0e649dd3041338c2638792a9552590f3922463e14

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v0g42.exe
                                                                          Filesize

                                                                          3.5MB

                                                                          MD5

                                                                          ee0fb3894d0062a808e5f2d083af6ee0

                                                                          SHA1

                                                                          44355f47fd82f2d6decc7a549e8272782e936f4a

                                                                          SHA256

                                                                          770e7f0f286139409effbec10d065e5dae3ba07ac0c8d0f5362f8e355faee4ab

                                                                          SHA512

                                                                          43edce7f283a50db481a3a784b4597c7adea2d332bc83462812011c0c7bbf6ad1016bd394ea864226ca8327c9c15805a431df591ef2a9124475dfae9765a7fe4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1d52N9.exe
                                                                          Filesize

                                                                          2.9MB

                                                                          MD5

                                                                          b48526e3264a9ebf9ae221df76f8511e

                                                                          SHA1

                                                                          51141f95d23355a1891b88e470b2c9a3e44ba92e

                                                                          SHA256

                                                                          42ee113ccf756a8e8950cb81a36558e707f20f59aef11401ca08269cce065c0f

                                                                          SHA512

                                                                          ad26656d29e916e06d26de91f0da8703c1f677bd369196e282f6e1eec3a0baca504a564607b4e6f7d18b8ac350428aaff01e2f39ccc435715526daaae1a0e100

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2z9698.exe
                                                                          Filesize

                                                                          1.7MB

                                                                          MD5

                                                                          157a5af38553ccb117f6d278b2b046f0

                                                                          SHA1

                                                                          9793935e64772bb6fa3665d090fb7e9d448ad438

                                                                          SHA256

                                                                          a0d75064673f21a234d5556762f77ee96daad893e015824d7526cb965df0dd44

                                                                          SHA512

                                                                          0798f89180e91f76c357683f05cfe1103db048fdb4428f25417e141530275bb753aaf96cc5d16b5d9497878434cf05047b8e515a5a155d57e3e3b0005b7b66b6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Marijuana
                                                                          Filesize

                                                                          58KB

                                                                          MD5

                                                                          d830821fe60d6cd810fb9ec7102838f3

                                                                          SHA1

                                                                          9264b78903fa373e0a1b697cc056decc1dfafb5f

                                                                          SHA256

                                                                          00a96ac0e8600a9fa0a00ef1f939b58be93618c4fe4e3be9d0bfab0a4a0ff57d

                                                                          SHA512

                                                                          2a8e2bb9d599964ca112aacbb0fda37c01466898a7af5d7c8543013949b0bc6e5665402692a1072845b1a72211d350963c608a81a7c3450c19a56a948ced5d4d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Mj
                                                                          Filesize

                                                                          97KB

                                                                          MD5

                                                                          ff77a17e4cade79760f0f8b87c857c6c

                                                                          SHA1

                                                                          b05075d65229af0063e6e85da14ab940062818dd

                                                                          SHA256

                                                                          cc8a9523b67f764e447cd5042751e1de77b04ffc5664e6f5c41d1c3cce0ec60d

                                                                          SHA512

                                                                          6df97dcb14736d2f0ce9762b7246050b488e054375c78f42294119d80cacedcf53f4b3868b7a4c948dd7b1f9545b4135f5bd5ed69611424129cae63a372994d0

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Mysterious
                                                                          Filesize

                                                                          89KB

                                                                          MD5

                                                                          beef30c9a0c6a41985e081cd4ff23049

                                                                          SHA1

                                                                          4e09ffaf608baf3a98cd94794cb7cc23e41c3086

                                                                          SHA256

                                                                          fc64f325cdd473adb5b7c15221f7b2773a064395612eff9ad1c76fa973a6738a

                                                                          SHA512

                                                                          ec71cdb716b684b241a2fa2bca84cbced9aa86ba0954009dc003ef1f80640c01d49911ec6e031e9f8e8139d30bf5a77d7a79ee38f66b8fd43a6e4f957cb8e1ca

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Podcasts.cmd
                                                                          Filesize

                                                                          19KB

                                                                          MD5

                                                                          270e797dcc891238ecb4753b12ad9740

                                                                          SHA1

                                                                          2714eaaf585411ca91ee2ffb905d6271bfee6d9e

                                                                          SHA256

                                                                          2b87d3a5678436374f66000bc263763f35d1662b675f004b55002cb4f473a3d0

                                                                          SHA512

                                                                          409f2d91ea614e28a6a966cc52769bedd8786d1e655629da544d93a9d0547c8d151798f3f5010e11cd4308d58a419616dc35a4273df17afb94022a29f6f26a64

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Producing
                                                                          Filesize

                                                                          71KB

                                                                          MD5

                                                                          aa4d881ea35979e4eab13c982d3d0898

                                                                          SHA1

                                                                          cf301086d6e43e603571762fbc7d754f0246fb74

                                                                          SHA256

                                                                          31d85bebe7949c9b7b40af007fbbe61c8cd6c25f8e4fc7dcfe9b7dcd8a1d79e7

                                                                          SHA512

                                                                          f64491753f2cf57b72740ca91f10c2bd677219bc89bf86d2476a8567cf83955f986a481c92d19bef9c466438af97d071686ea2fc496c5e477c900568f129b5f6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Receiving
                                                                          Filesize

                                                                          61KB

                                                                          MD5

                                                                          8d5cf0056a8be7ca1485969fc23f72a5

                                                                          SHA1

                                                                          5727bc17cd958d06b1e7d52c8d38a761a1ae2bf2

                                                                          SHA256

                                                                          bd1b00dea1cddb3345443a35ae3b71883443722edbb48016f829ac500f5f505b

                                                                          SHA512

                                                                          b0f5fb69a565fc9690f307175c606ce9f9484bc309ac00b8a359cb6b77d19a938052ec584919a256fdb7c0b1557e155b414090b771432acb9419102f794b61ec

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Solely
                                                                          Filesize

                                                                          105KB

                                                                          MD5

                                                                          2fadd2bf6f3cdc055416baa1528652e9

                                                                          SHA1

                                                                          342d96c7ce7b431e76c15c9a7386c2a75e3dc511

                                                                          SHA256

                                                                          8df18d17c715e689b9cb222beb699120b592464460fd407dbb14f59ccec5fdb3

                                                                          SHA512

                                                                          08bc19703dad1441e1da8fb011c42241a4c90d8355575b7f41d465e3e84d797ecac7d6bf9af6163e6f4ef506cd98561f62d06446f861aeba2d7644beb7f6abb8

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Sunrise
                                                                          Filesize

                                                                          62KB

                                                                          MD5

                                                                          9e4fe1f2538c08f75ae16a3e349c9ef2

                                                                          SHA1

                                                                          559879228568b2f405400b34dfb19e59f139fa2c

                                                                          SHA256

                                                                          22ce756672aca3a4ba015903b4c36e7667e15c73157759e5a2212e7d4e727cc0

                                                                          SHA512

                                                                          a1f6bf183c590cc62000dddb0fea63bae2bdc30fce8ebfa24286b9fb8b2415c67b2363f739d36b32cc7b477e608397efbe45173173aa3f27ed44e9b75448b9ec

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\Veterinary
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          6f07c56590cb57e03b68f9e2f994390c

                                                                          SHA1

                                                                          aee254034b1f3394a97304c8dfbae1911440e2c0

                                                                          SHA256

                                                                          1772cfd25c5deb74dacc6fc88aa8793a74c89a81452b27e886ca49557ba32d84

                                                                          SHA512

                                                                          0af18e6d07c161a5088cec9a56654c9f661ac003f0e22b68b6dbfe2920bb344f4d9a1326c261957c2309bb44dcb39453630f33068a057a1a6c2960edfbd39001

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_54nlhiku.nlz.ps1
                                                                          Filesize

                                                                          60B

                                                                          MD5

                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                          SHA1

                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                          SHA256

                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                          SHA512

                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2260_1349793805\84a458b0-aa6f-45f1-8ec0-fbfc5582f2fa.tmp
                                                                          Filesize

                                                                          150KB

                                                                          MD5

                                                                          14937b985303ecce4196154a24fc369a

                                                                          SHA1

                                                                          ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                          SHA256

                                                                          71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                          SHA512

                                                                          1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2260_1349793805\CRX_INSTALL\_locales\en\messages.json
                                                                          Filesize

                                                                          711B

                                                                          MD5

                                                                          558659936250e03cc14b60ebf648aa09

                                                                          SHA1

                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                          SHA256

                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                          SHA512

                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                          Filesize

                                                                          479KB

                                                                          MD5

                                                                          09372174e83dbbf696ee732fd2e875bb

                                                                          SHA1

                                                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                          SHA256

                                                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                          SHA512

                                                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
                                                                          Filesize

                                                                          6KB

                                                                          MD5

                                                                          5a33f32c8501e6e450ac29a5369e84de

                                                                          SHA1

                                                                          4e2649d09cbe05b8d2d84dee320b8d91d5ed8ee6

                                                                          SHA256

                                                                          d1c3f97d9a724fe167b90b1ce2280be4d7b2a376b007df7ce15aa607d9875903

                                                                          SHA512

                                                                          6eebce71c4b352c97ec34587d084d024eb9028c09a548314e762d8e8c0802d1775c6161b2204a832873c8fb136920edb2201741cf4607553455eda2dc0dc487e

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          a86d97df1a00996d3dc156fc9929203d

                                                                          SHA1

                                                                          db3e193c635037e83842e113fd677053d8720e5a

                                                                          SHA256

                                                                          597fb50a07898fb4b9e9df74739c122ec720b5820e10cc83091d1800976099d1

                                                                          SHA512

                                                                          e03fec1e45d0b73362c3c754490d1f3ae3f664a000ee2b5ea7bfd877181e450e943c909d66f81e04378ee4db72503bf0465aca6f59a938fc10cc532212c48770

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          c6a02506b4b61cd73ff943825610f98d

                                                                          SHA1

                                                                          be8598bec2b6eeefe5497e0fa7a6d38253fc8cd2

                                                                          SHA256

                                                                          c37701fa1950f28a541994d5a5983b63de5c60b00a61a5b39999dbac24b03926

                                                                          SHA512

                                                                          2f51051ea405c5620d3652a60888e730da5e89cd8e4dcbbb987d201c2fe9547179e7623a19de310904d1864dc876d0d849d6507fd7c8a7b6cd93c89aab32da45

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin
                                                                          Filesize

                                                                          23KB

                                                                          MD5

                                                                          f85093bb868c0aa6ebefc797b72e8a6d

                                                                          SHA1

                                                                          698b7cd526b6f527a3956f47ba5f928f620c142c

                                                                          SHA256

                                                                          a1d83be95d557c0212205e5d862763fdc9149603283294ae67c743e0efc60ed4

                                                                          SHA512

                                                                          1f45b9df230f37c539f21a98235d6bec3f28ee3b18dd6218df366c2db086e6baca1dafed9d7d4c219bef20363191a3c521ee7e9361aaed5ba005bbf928ce8ff3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin
                                                                          Filesize

                                                                          15KB

                                                                          MD5

                                                                          ec77023c0269b52e896c080d89a3027a

                                                                          SHA1

                                                                          225fa029853dc3d26c0e1c43dccf2bb814030a14

                                                                          SHA256

                                                                          2667c4794f8d0b8caba6eadab813e314e14ec88fb502234fc8893f0b8bf5f43a

                                                                          SHA512

                                                                          e32b2db65b707d5edfdeae9fd4f80425011fe93189b71a6a8e0429cc33113f476d1386168e5c7b7add8c64dd8f6dc1a2a412d1f811b35149294c2e688b150858

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin
                                                                          Filesize

                                                                          5KB

                                                                          MD5

                                                                          79e0938fad9f605cc1cc9579ff87c239

                                                                          SHA1

                                                                          7685e8c9cb07c295547cb306ffc76485fb0bb02a

                                                                          SHA256

                                                                          576881b0cfb5fa3aa4ef33b0b1e62d4980e8da1a557f129891c1f8a2d48e0d00

                                                                          SHA512

                                                                          37e94c01901996ecb1abd3458c6f4b64cd9c4d28762ef257c5acb3975f1cec806a15a7c7dfeabbe4ed7749d1cfceb5cd14edf49ee6b826307fe5dc95fae294fa

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                                                                          Filesize

                                                                          5KB

                                                                          MD5

                                                                          3e5ac187bc5b80c486b4d0aeaaef3310

                                                                          SHA1

                                                                          d750bf52a6d8c7724c5af60e37d828b613c3ac06

                                                                          SHA256

                                                                          80cd3e460b14642e2b2eacb89618fdbc31ac694e6bb4db3a864b88aa274f8304

                                                                          SHA512

                                                                          d765e0d28ae9918793be0a363d2d21facbf89e45983394e6848737ea14ee1d506efa80ac7968dcbd6aba769e8ec1c163abe989532dcd684ce8f690c8528ebc47

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                                                                          Filesize

                                                                          6KB

                                                                          MD5

                                                                          3e497c33968da61da8bd0d617d2fd30b

                                                                          SHA1

                                                                          c52e6dd9c4923225f6d117cda49af08ac95bb8bb

                                                                          SHA256

                                                                          cbf09f6b4671d1e68eeca639bb9f1681233ea61ffb1ebac3862a2c8a6dd72aa2

                                                                          SHA512

                                                                          33a931edec7b70c404eb2d12dba2f9a0c0b8e212f6a6b0c61853201af6f606924c242926ec3c83cb7c6b57cac4a30cc6796751b6a00af3abbb29102183924654

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                                                                          Filesize

                                                                          15KB

                                                                          MD5

                                                                          8679369b91b271b888cb6ff0cd9f75df

                                                                          SHA1

                                                                          afcf65899db2f862fab116e06dce29987075d157

                                                                          SHA256

                                                                          0bbcbff6f809390caf14d89b7cb6bcae35efde7bfe207fd9413403adaeb33cf9

                                                                          SHA512

                                                                          61d1bd149694de14523e5c7cfc49ff1d78bd2a9695f9cd6395c7a91bbd2286176eb0eb7e58b6db02bd05eb290911d76390c480d85749ae4e08c81b0b3791f3fa

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\2707a0d2-3c3e-433d-ad02-d78410941427
                                                                          Filesize

                                                                          26KB

                                                                          MD5

                                                                          6429765d18b2696b5033effc20c85b01

                                                                          SHA1

                                                                          03f1ea10b8ab9c32be92fb8a49c251c27961b7fb

                                                                          SHA256

                                                                          99362008a8a22d919b85ff15026bfc1081c336c5064550fd65e4447d7b6cef32

                                                                          SHA512

                                                                          849ca9f0a8f96a0cf0fa859e658c5cfa78204518c1b42a1e3e0e436a4856ad73008076e1d1898602aa4f57fbead4ce855737e2534a90e325f4d528dd843f99c3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\324657cc-f4fd-4763-acc3-9b677570a1be
                                                                          Filesize

                                                                          982B

                                                                          MD5

                                                                          6e2953f3fc04b3eb56ce741985aa646c

                                                                          SHA1

                                                                          78632b95e6860e6ec977854dc1e4408e021cdfb5

                                                                          SHA256

                                                                          4feff56d348a9ead5eaed083b4b6fa25deb703cb3684e0e9c87a99babca3e8ce

                                                                          SHA512

                                                                          0d22dbfe6bcec464fd6c8117ddd763416a11ba379460136fdf7fea6c3f65f4a53471aab2ab4dcd94d797c59a5591951a0c5e415532be535f28fd0e3992a9847c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\6be4b4e9-7ef1-459c-9ed5-c168795bdad6
                                                                          Filesize

                                                                          671B

                                                                          MD5

                                                                          4d0a76cd9b231c56dc18f3f1db03de29

                                                                          SHA1

                                                                          5713b69741a483721bf440adc22e8c9b03f89468

                                                                          SHA256

                                                                          18cff373211b1b25344141cf7b9576cf095b196bcca31d4f743e3ed4bcc32fe2

                                                                          SHA512

                                                                          2560d3ea2e4ea0b1cee29231401ba75aa5200330ad5aa5cb23921b17b46584b75eaec1e5a34813c2b62a12989534526f38e602ce4ab1ed644bb00cb4ad7ee5a7

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                          Filesize

                                                                          1.1MB

                                                                          MD5

                                                                          842039753bf41fa5e11b3a1383061a87

                                                                          SHA1

                                                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                          SHA256

                                                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                          SHA512

                                                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                          Filesize

                                                                          116B

                                                                          MD5

                                                                          2a461e9eb87fd1955cea740a3444ee7a

                                                                          SHA1

                                                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                          SHA256

                                                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                          SHA512

                                                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          41975fcc2778abe3ebdd7a1232f26bcd

                                                                          SHA1

                                                                          5a674f99634b67f72cceea84711e6c76f76d313f

                                                                          SHA256

                                                                          0ca219763b9224d0bd6e0f2af48b58bad32da818254331de37219f65bcc95684

                                                                          SHA512

                                                                          6bb475635026b4b844c1e10140ba4098c4a1d5abcb8f663600d2ae771e104aa583828c7ce0911177f0d4405eb89887f5d0e346c35c1921b6ccbb6f5e5f2ac79d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
                                                                          Filesize

                                                                          12KB

                                                                          MD5

                                                                          ecdcc52a9ae14e8f0d82b1885f80bd24

                                                                          SHA1

                                                                          0559f1f14d22370db0a9eeea137d916ac3a44d33

                                                                          SHA256

                                                                          6d79ae77057ab212a55c12cffe0737b6d3a2da9556bdefc167aed9e35146e7bd

                                                                          SHA512

                                                                          860c41fd3348846a68f0c40160fd750db3b9119eef65659adba1f8a0a6a32b1569a3ecfb803e59e1ac4a28547f3378ae7ba8d67d0540e1c4bbd75a16ff476c0a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          7f475f373cba5cdfd6643c13a712f92e

                                                                          SHA1

                                                                          3f63be66e589717745cab32ac389de4a440ada5c

                                                                          SHA256

                                                                          df4d569d7bda8046499fe17c1b08eb8af7ba1e97c3ace44685d0be9bfb5d3ff5

                                                                          SHA512

                                                                          71be8048312fe1542211be24eb355604088a60f4f6a6614afe93767367d5ed6243055c083f4d1cae8f826a655cafc0b3206062a86140b4fff0c0e3b46ff65f31

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          82c047926039f7d1f21d0f308cf73a4e

                                                                          SHA1

                                                                          719dd922fa84c9053338d0cd4443cd22fdb11d6f

                                                                          SHA256

                                                                          b20e918a84ca5811a13db10122347d84f7fc8e3609463a75eb0d935830b0ca0e

                                                                          SHA512

                                                                          b423ab3e0403a6271b7b554c07bf77e40140238c3521916b05d8215671e69c8660326c19e3824a092fb79307a53dc7042e7c64121465a7751dfa7327c9b52aa8

                                                                          Download Submit

                                                                        • C:\Users\Public\Netstat\FuturreApp.exe
                                                                          Filesize

                                                                          103KB

                                                                          MD5

                                                                          8d9709ff7d9c83bd376e01912c734f0a

                                                                          SHA1

                                                                          e3c92713ce1d7eaa5e2b1fabeb06cdc0bb499294

                                                                          SHA256

                                                                          49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3

                                                                          SHA512

                                                                          042ad89ed2e15671f5df67766d11e1fa7ada8241d4513e7c8f0d77b983505d63ebfb39fefa590a2712b77d7024c04445390a8bf4999648f83dbab6b0f04eb2ee

                                                                          Download Submit

                                                                        • C:\Users\Public\Netstat\MSVCR100.dll
                                                                          Filesize

                                                                          755KB

                                                                          MD5

                                                                          0e37fbfa79d349d672456923ec5fbbe3

                                                                          SHA1

                                                                          4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

                                                                          SHA256

                                                                          8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

                                                                          SHA512

                                                                          2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

                                                                          Download Submit

                                                                        • C:\Users\Public\Netstat\PCICHEK.DLL
                                                                          Filesize

                                                                          18KB

                                                                          MD5

                                                                          a0b9388c5f18e27266a31f8c5765b263

                                                                          SHA1

                                                                          906f7e94f841d464d4da144f7c858fa2160e36db

                                                                          SHA256

                                                                          313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

                                                                          SHA512

                                                                          6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

                                                                          Download Submit

                                                                        • C:\Users\Public\Netstat\PCICL32.dll
                                                                          Filesize

                                                                          3.6MB

                                                                          MD5

                                                                          00587238d16012152c2e951a087f2cc9

                                                                          SHA1

                                                                          c4e27a43075ce993ff6bb033360af386b2fc58ff

                                                                          SHA256

                                                                          63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

                                                                          SHA512

                                                                          637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

                                                                          Download Submit

                                                                        • C:\Users\Public\Netstat\pcicapi.dll
                                                                          Filesize

                                                                          32KB

                                                                          MD5

                                                                          dcde2248d19c778a41aa165866dd52d0

                                                                          SHA1

                                                                          7ec84be84fe23f0b0093b647538737e1f19ebb03

                                                                          SHA256

                                                                          9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

                                                                          SHA512

                                                                          c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

                                                                          Download Submit

                                                                        • memory/680-40-0x0000000000D40000-0x00000000011C5000-memory.dmp

                                                                          Filesize

                                                                          4.5MB

                                                                          Download

                                                                        • memory/680-39-0x0000000000D40000-0x00000000011C5000-memory.dmp

                                                                          Filesize

                                                                          4.5MB

                                                                          Download

                                                                        • memory/1080-1300-0x0000000004210000-0x0000000004265000-memory.dmp

                                                                          Filesize

                                                                          340KB

                                                                          Download

                                                                        • memory/1080-1302-0x0000000004210000-0x0000000004265000-memory.dmp

                                                                          Filesize

                                                                          340KB

                                                                          Download

                                                                        • memory/1080-1438-0x0000000010000000-0x000000001001C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/1080-2402-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1080-1474-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1080-1473-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1080-1606-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1080-1562-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1080-1299-0x0000000004210000-0x0000000004265000-memory.dmp

                                                                          Filesize

                                                                          340KB

                                                                          Download

                                                                        • memory/1080-1303-0x0000000004210000-0x0000000004265000-memory.dmp

                                                                          Filesize

                                                                          340KB

                                                                          Download

                                                                        • memory/1080-1301-0x0000000004210000-0x0000000004265000-memory.dmp

                                                                          Filesize

                                                                          340KB

                                                                          Download

                                                                        • memory/1080-1431-0x0000000000400000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          8.3MB

                                                                          Download

                                                                        • memory/1164-1608-0x00007FF704C80000-0x00007FF705110000-memory.dmp

                                                                          Filesize

                                                                          4.6MB

                                                                          Download

                                                                        • memory/1164-2411-0x00007FF704C80000-0x00007FF705110000-memory.dmp

                                                                          Filesize

                                                                          4.6MB

                                                                          Download

                                                                        • memory/1712-1557-0x000002505C310000-0x000002505C332000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1752-758-0x0000000000800000-0x0000000000C98000-memory.dmp

                                                                          Filesize

                                                                          4.6MB

                                                                          Download

                                                                        • memory/1752-1605-0x0000000000220000-0x00000000006AC000-memory.dmp

                                                                          Filesize

                                                                          4.5MB

                                                                          Download

                                                                        • memory/1752-1550-0x0000000000220000-0x00000000006AC000-memory.dmp

                                                                          Filesize

                                                                          4.5MB

                                                                          Download

                                                                        • memory/1752-1607-0x0000000000220000-0x00000000006AC000-memory.dmp

                                                                          Filesize

                                                                          4.5MB

                                                                          Download

                                                                        • memory/1752-747-0x0000000000800000-0x0000000000C98000-memory.dmp

                                                                          Filesize

                                                                          4.6MB

                                                                          Download

                                                                        • memory/1956-1600-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-696-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-32-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-125-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1523-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-134-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1458-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1065-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1294-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1417-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/1956-1397-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/2176-1604-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/2176-1601-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/2492-1433-0x00000000001C0000-0x0000000000E39000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2492-1478-0x00000000001C0000-0x0000000000E39000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2492-1411-0x00000000001C0000-0x0000000000E39000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2492-1434-0x00000000001C0000-0x0000000000E39000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2516-1321-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2516-1322-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2516-1324-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2532-1415-0x00000000048B0000-0x0000000004906000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2532-1416-0x00000000048B0000-0x0000000004906000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2532-1412-0x00000000048B0000-0x0000000004906000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2532-1413-0x00000000048B0000-0x0000000004906000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2532-1414-0x00000000048B0000-0x0000000004906000-memory.dmp

                                                                          Filesize

                                                                          344KB

                                                                          Download

                                                                        • memory/2584-1455-0x00000000000F0000-0x0000000000D64000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2584-1457-0x00000000000F0000-0x0000000000D64000-memory.dmp

                                                                          Filesize

                                                                          12.5MB

                                                                          Download

                                                                        • memory/2888-21-0x0000000000F50000-0x0000000001276000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/2888-35-0x0000000000F50000-0x0000000001276000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/3060-1319-0x0000000000A50000-0x0000000000EA4000-memory.dmp

                                                                          Filesize

                                                                          4.3MB

                                                                          Download

                                                                        • memory/3060-1184-0x0000000000A50000-0x0000000000EA4000-memory.dmp

                                                                          Filesize

                                                                          4.3MB

                                                                          Download

                                                                        • memory/3060-1160-0x0000000000A50000-0x0000000000EA4000-memory.dmp

                                                                          Filesize

                                                                          4.3MB

                                                                          Download

                                                                        • memory/3060-1335-0x0000000000A50000-0x0000000000EA4000-memory.dmp

                                                                          Filesize

                                                                          4.3MB

                                                                          Download

                                                                        • memory/3060-1183-0x0000000000A50000-0x0000000000EA4000-memory.dmp

                                                                          Filesize

                                                                          4.3MB

                                                                          Download

                                                                        • memory/3172-1611-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                          Filesize

                                                                          7.4MB

                                                                          Download

                                                                        • memory/3172-1610-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                          Filesize

                                                                          7.4MB

                                                                          Download

                                                                        • memory/3172-1609-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                          Filesize

                                                                          7.4MB

                                                                          Download

                                                                        • memory/3560-1582-0x0000000000930000-0x0000000000E2B000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/3560-1579-0x0000000000930000-0x0000000000E2B000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/4188-1081-0x0000000000160000-0x0000000000486000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/4448-1158-0x0000000000C20000-0x0000000001113000-memory.dmp

                                                                          Filesize

                                                                          4.9MB

                                                                          Download

                                                                        • memory/4448-552-0x0000000000C20000-0x0000000001113000-memory.dmp

                                                                          Filesize

                                                                          4.9MB

                                                                          Download

                                                                        • memory/4448-551-0x0000000000C20000-0x0000000001113000-memory.dmp

                                                                          Filesize

                                                                          4.9MB

                                                                          Download

                                                                        • memory/4448-63-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                          Filesize

                                                                          972KB

                                                                          Download

                                                                        • memory/4448-44-0x0000000000C20000-0x0000000001113000-memory.dmp

                                                                          Filesize

                                                                          4.9MB

                                                                          Download

                                                                        • memory/4448-746-0x0000000000C20000-0x0000000001113000-memory.dmp

                                                                          Filesize

                                                                          4.9MB

                                                                          Download

                                                                        • memory/4640-1536-0x00007FF611470000-0x00007FF611900000-memory.dmp

                                                                          Filesize

                                                                          4.6MB

                                                                          Download

                                                                        • memory/4744-1151-0x0000000000A50000-0x0000000000D6A000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download

                                                                        • memory/4744-1153-0x0000000000A50000-0x0000000000D6A000-memory.dmp

                                                                          Filesize

                                                                          3.1MB

                                                                          Download