Analysis

  • max time kernel
    370s
  • max time network
    422s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    26-12-2024 15:10

General

  • Target

    qbittorrent_5.0.3_x64_setup.exe

  • Size

    37.5MB

  • MD5

    83505c82e83bd2e61bd67dfcf30724cf

  • SHA1

    5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9

  • SHA256

    878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f

  • SHA512

    87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833

  • SSDEEP

    786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C

Malware Config

Signatures

  • Contacts a large (565) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 21 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 39 IoCs
  • Drops file in Windows directory 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 30 IoCs
  • NTFS ADS 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:3200
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b62a52-2503-4004-8d18-28d5fe4df825} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" gpu
        3⤵
          PID:1496
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86bcf0bb-6a46-4705-a65e-26f1446d9ffd} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" socket
          3⤵
          • Checks processor information in registry
          PID:3124
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1672 -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3372 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42bb12f1-06e1-437a-8bc8-ecf2fa202b20} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
          3⤵
            PID:2268
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2620 -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d3d74ef-4104-48ae-8d78-4f0dda262e32} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
            3⤵
              PID:1560
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4744 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9853be9-90c5-4611-b040-3f8c3cf4568e} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" utility
              3⤵
              • Checks processor information in registry
              PID:5348
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5372 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad325963-df9b-4c4c-9ec9-530d17f0650a} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
              3⤵
                PID:6132
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ec74db5-3a81-412b-9456-a114045cefb6} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                3⤵
                  PID:2076
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6c49c8-6e26-4501-93e4-bb736138ddf1} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                  3⤵
                    PID:1924
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5960 -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 3180 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee9905e7-12ed-46ca-b77a-ec34e1d69c53} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                    3⤵
                      PID:5248
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6208 -childID 7 -isForBrowser -prefsHandle 6156 -prefMapHandle 5164 -prefsLen 30533 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e3d27c-2156-4310-8d73-98f60fcbad00} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                      3⤵
                        PID:1012
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 8 -isForBrowser -prefsHandle 1612 -prefMapHandle 1600 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9929ca-48d8-4fb0-9034-7ff8f4e0ced5} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                        3⤵
                          PID:5588
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 9 -isForBrowser -prefsHandle 5900 -prefMapHandle 5908 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f596e44-8c98-4657-9eae-d6661e47b96b} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                          3⤵
                            PID:6012
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4480 -childID 10 -isForBrowser -prefsHandle 5892 -prefMapHandle 6700 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31fe11da-276d-457f-969e-bee279237fae} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                            3⤵
                              PID:2912
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6804 -childID 11 -isForBrowser -prefsHandle 6800 -prefMapHandle 4416 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6556b56d-dae3-4722-bb8e-5c9da9361c45} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                              3⤵
                                PID:1720
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3832 -childID 12 -isForBrowser -prefsHandle 5480 -prefMapHandle 6324 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8885383f-0c74-4167-9628-8d2f2196e896} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                                3⤵
                                  PID:2076
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7176 -childID 13 -isForBrowser -prefsHandle 7196 -prefMapHandle 7012 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6beff0c-d4f3-42cc-a979-cef4c79e7226} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                                  3⤵
                                    PID:4484
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6768 -parentBuildID 20240401114208 -prefsHandle 6928 -prefMapHandle 6924 -prefsLen 30575 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad842cca-9feb-4a97-a798-f30569aa6bfe} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" rdd
                                    3⤵
                                      PID:900
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 2940 -prefMapHandle 2824 -prefsLen 30575 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7af05ebd-9d8e-40c5-a246-6159c5f236e0} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" utility
                                      3⤵
                                      • Checks processor information in registry
                                      PID:3520
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7540 -childID 14 -isForBrowser -prefsHandle 7560 -prefMapHandle 7548 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d32e7a0-631a-466d-98f2-4067216832f1} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
                                      3⤵
                                        PID:5708
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:5704
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious use of SetWindowsHookEx
                                      PID:464
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5504
                                      • C:\Program Files\qBittorrent\qbittorrent.exe
                                        "C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\[FreeTP.Org]GoreBox_v1.15.1.6_by_Pioneer.torrent"
                                        2⤵
                                        • Executes dropped EXE
                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                        • Modifies registry class
                                        • NTFS ADS
                                        • Suspicious behavior: AddClipboardFormatListener
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:5308
                                    • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                      1⤵
                                      • Drops file in Windows directory
                                      PID:5612
                                    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                      1⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:5564
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                                      1⤵
                                        PID:1448
                                      • C:\Users\Admin\Downloads\GoreBox v1.15.1.6 by Pioneer\setup.exe
                                        "C:\Users\Admin\Downloads\GoreBox v1.15.1.6 by Pioneer\setup.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5140
                                        • C:\Users\Admin\AppData\Local\Temp\is-RH511.tmp\setup.tmp
                                          "C:\Users\Admin\AppData\Local\Temp\is-RH511.tmp\setup.tmp" /SL5="$103A8,1047734,152064,C:\Users\Admin\Downloads\GoreBox v1.15.1.6 by Pioneer\setup.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of SetWindowsHookEx
                                          PID:3704
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://freetp.org/5384-.html
                                            3⤵
                                            • Enumerates system info in registry
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                            PID:2288
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x11c,0x150,0x7ffac91e46f8,0x7ffac91e4708,0x7ffac91e4718
                                              4⤵
                                                PID:2632
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
                                                4⤵
                                                  PID:2480
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1760
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
                                                  4⤵
                                                    PID:5312
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                                                    4⤵
                                                      PID:3932
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
                                                      4⤵
                                                        PID:4140
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                                        4⤵
                                                          PID:4468
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
                                                          4⤵
                                                            PID:1084
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,1023211941891532609,4707686668572387849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                                                            4⤵
                                                              PID:3100
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:4584
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:5764
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:3296
                                                            • C:\GoreBox\GoreBox.exe
                                                              "C:\GoreBox\GoreBox.exe"
                                                              1⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:5752
                                                              • C:\GoreBox\UnityCrashHandler64.exe
                                                                "C:\GoreBox\UnityCrashHandler64.exe" --attach 5752 2117370908672
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:5892
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x48c 0x4d4
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:3540

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\GoreBox\GoreBox.exe

                                                              Filesize

                                                              638KB

                                                              MD5

                                                              fcf4b8c40546ea6a34e9146ca4ae5e27

                                                              SHA1

                                                              f0615378ec90e649238b9d733438346cded04190

                                                              SHA256

                                                              902030f29d24e20e263dea29a19c06d0d02ee28541895feb84e4a446e59c4a3c

                                                              SHA512

                                                              283bc4c10be47b53acdb6e0ff1b0d6b4653b3c008afd6c5b8ff97a2a1fe39bf245db22403b3d3ee38397deb1c7c1df5707cfea38da0df7533c875374dfd921a3

                                                            • C:\GoreBox\GoreBox_Data\Plugins\x86_64\AudioIn.dll

                                                              Filesize

                                                              142KB

                                                              MD5

                                                              c761d504977ccb55c1b98b3d171c3620

                                                              SHA1

                                                              88c98ff7224b267bfa7a3b06f9186ee2c78dde7c

                                                              SHA256

                                                              50f8407d6cd5625d2a8811885a1917989c92186e8106b1dad8e39cc4f7f9a62e

                                                              SHA512

                                                              9ff3e033e1505f1e9926e254296fb7ca82c298b6cf3e307408a09ba6b2d884abc8646e2ae64ddea1c5ffe1b329fc2d2f9a5998fcaeef464bacf1d12ae7d909a4

                                                            • C:\GoreBox\GoreBox_Data\Plugins\x86_64\local_save.txt

                                                              Filesize

                                                              10B

                                                              MD5

                                                              fb0646ccb4696da53a733ca173b78c38

                                                              SHA1

                                                              8eb77954ad82a175def3cef32d62bf7d3e848552

                                                              SHA256

                                                              89c03df7c63200e88f3f04861619f1e9d58375355923db539aa3b6dd435ea908

                                                              SHA512

                                                              17730803d9b91baf624a894aa50ac3a0c665f0550c3b3fd7a34b7e09e2367863a28b6a4dec528718dae31d4edb6c54dd6f00ccd41bef5aa1bf23318ff407a943

                                                            • C:\GoreBox\GoreBox_Data\Plugins\x86_64\opus_egpv.dll

                                                              Filesize

                                                              430KB

                                                              MD5

                                                              8b45c7ec84adc6a071bf5837f1038cf5

                                                              SHA1

                                                              6bf74519b96558dabaaa219a83e7ebb97b59ba8d

                                                              SHA256

                                                              4f74f4a21512f4cc13bee08c043cf98e0a4c92c02d265283058a19f7c70d7ee7

                                                              SHA512

                                                              f960fb5ac6cb50e1dc17f9e2553c4c6fe305c7eaeb83f3d4a742854bbeefb029f2b8c9e4e813fc47eaa6f5a928ac612c48d893841aa3d0c7dc4f6f19fb2ba403

                                                            • C:\GoreBox\GoreBox_Data\Plugins\x86_64\steam_api64.dll

                                                              Filesize

                                                              1.9MB

                                                              MD5

                                                              c7ce820020b0900eb44d2a72f2ab9294

                                                              SHA1

                                                              f057a14bf15864c83bc99809ee248034d55993f6

                                                              SHA256

                                                              0cfe547ea82071953cf99daffa3bd11bb468eec0e400961e7e33e4dc36674ea8

                                                              SHA512

                                                              61a99f16e162f7590e10d18577aadfdf8aad203d7539627318ffa0c6c06a0370ca56709dd6f07ea3406978cdea7afd7253a80aeba3c199a23ccb41af439c5933

                                                            • C:\GoreBox\GoreBox_Data\Resources\unity default resources

                                                              Filesize

                                                              4.6MB

                                                              MD5

                                                              7e793272a9c82d816f4cd5d9923afe44

                                                              SHA1

                                                              7197615ae346797f01eb00883cae39bfa3344d9c

                                                              SHA256

                                                              f0ec4ec61e03c9382ee9e93ac1206a58a969d8652639d914850bfa05919ac82e

                                                              SHA512

                                                              a35d85cc006011212d4807d40836090b69f0ca8dcb8e16bb7c53f42e5670e7d04efc8050a217194a3fff299cc4e2cf8910b16a2e42190dc59507f174e5b4de45

                                                            • C:\GoreBox\GoreBox_Data\RuntimeInitializeOnLoads.json

                                                              Filesize

                                                              4KB

                                                              MD5

                                                              221c8a62763c7d9683f603c3675682e3

                                                              SHA1

                                                              cb6f40b66588082e5abde188436eb29204b433be

                                                              SHA256

                                                              d8e65ea728d77dd30c059441db31690bbecb9bc79c52b278dc25a89760ad6826

                                                              SHA512

                                                              fa031fa74d7f8400362ce489923721890a15a56655cbaa51ac9f67f215daf68ff9f499684348efec74da5306ab29d185a682c5a8651d8d00826685d6bd3ac9db

                                                            • C:\GoreBox\GoreBox_Data\ScriptingAssemblies.json

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              fadeeffae42cef563cc6c262b2a0041c

                                                              SHA1

                                                              17c2700792f6cc36ea48279f1c3d045222b77469

                                                              SHA256

                                                              fddf5a9e3f9931ec4c87386d4d1f1ceef80a41299bce4168ac96dd8f99b24210

                                                              SHA512

                                                              b9a5609a2848c3e7a9c8f7bc531fc700bd1cb72721ab6eeaedd13b861042179efb22043db7aa30603796007edeedc99de5a8f0ae38cf09c82134f571ce1b5c79

                                                            • C:\GoreBox\GoreBox_Data\app.info

                                                              Filesize

                                                              15B

                                                              MD5

                                                              382e9e70f6240b79ff04914f520c8fce

                                                              SHA1

                                                              d197fa2eac991c36b9147d9ad577980b5fc4bacc

                                                              SHA256

                                                              db1ab6935b40a252632bc28db559c1a0d3eb66ae9c082bd8f21cd5bf8da4ff90

                                                              SHA512

                                                              1a6a7df58cf279fb701e0b50a8036fb0d7b973f489491e89dc0f45ea001b81482ffdd915925f04cad180be6bf2732ab05bb7e4b9e0d5038fb1bb039fc6abee8f

                                                            • C:\GoreBox\GoreBox_Data\boot.config

                                                              Filesize

                                                              93B

                                                              MD5

                                                              1ee6024ce78e053b3af74194b7ab1392

                                                              SHA1

                                                              e502872e67ee77240c1ba6a8e76825ed5bf7f9e9

                                                              SHA256

                                                              08f1811458bfc8636d7d62781ff7cc8cd060bf7e88ed6e323c9f4a7564738daa

                                                              SHA512

                                                              4c939912aad72f079e0adfbf7f6bdb46d4461b9730c887bd284ce8fe22f596694e4204be536e3267c83c9923fbbe8be7f44a61528866dfc7d447968012b65c6c

                                                            • C:\GoreBox\GoreBox_Data\il2cpp_data\Metadata\global-metadata.dat

                                                              Filesize

                                                              12.0MB

                                                              MD5

                                                              986c13f2b5b9c9457252558cac608edd

                                                              SHA1

                                                              75354d24ef2c79a9cd8a9a8eda592aed1c296846

                                                              SHA256

                                                              0fe89aac669e7b86197ddc2b2cd360ae9d6e6ba523952f793dc6fb81ae3a831c

                                                              SHA512

                                                              e516fbb39af34c2949eacae3b48470797dbaea33d04ac41a9374baf6a3c65a38118b94a79aedffec0a348ec6d30a7dbd38da11dd045e694dfe7a20941dd29f1e

                                                            • C:\GoreBox\GoreBox_Data\il2cpp_data\Resources\mscorlib.dll-resources.dat

                                                              Filesize

                                                              329KB

                                                              MD5

                                                              21d06dbc8af6432b2b49536ed30609af

                                                              SHA1

                                                              11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d

                                                              SHA256

                                                              c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f

                                                              SHA512

                                                              2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

                                                            • C:\GoreBox\GoreBox_Data\resources.resource

                                                              Filesize

                                                              36.7MB

                                                              MD5

                                                              f8247c23eacdf5bf23233014211e3f50

                                                              SHA1

                                                              d51560d7389622e678a03a8b38e0d79903e2ce06

                                                              SHA256

                                                              7f76ecc4cd3cc4b22bd9f65f495dc60bff139e6903d2a0725d914790932be4eb

                                                              SHA512

                                                              bcea3aeb948a4fb3d3e183a301549c424b2f2e97909150bac6f4d8294501295410a6532542be27699020c7516727a74be23f17cce28b319d47e8a2b333987d0b

                                                            • C:\GoreBox\GoreBox_Data\sharedassets0.resource

                                                              Filesize

                                                              15.4MB

                                                              MD5

                                                              adaaacd1b42e03c328841c6746b5a4e6

                                                              SHA1

                                                              1e1d3dcfe0a54b5c7e358d85d96e32e58506b21f

                                                              SHA256

                                                              1b4d5432bc34e3598ec5adf138ef6115777caec9ebde43af7d46efda12e6a9e6

                                                              SHA512

                                                              f6c97e6c247f59f2ff85ea960b9fc711a5c8a656c5dc6b55707edae4fff397491df64304db08719e8c3103503de253b60b02426d55cb0cf273d966a71a755f3c

                                                            • C:\GoreBox\GoreBox_Data\sharedassets1.resource

                                                              Filesize

                                                              6.5MB

                                                              MD5

                                                              65da07d99c2dbd7b0e04fad1444b9787

                                                              SHA1

                                                              56ddf35e734beffef35e72cae0d2975f07ae50a5

                                                              SHA256

                                                              1a4e950a09062b1eb7bada78cd647801eb2e28826cf98afca6a5f02d4c3b14bc

                                                              SHA512

                                                              e364805338c92136b9f8a64a729a4f98c802ec6c763f8ef66900d78f1af6799d37c30e7ccf8876664fb61f417e6d852d9105b2dd2c0840507db1a0d18bf9294e

                                                            • C:\GoreBox\ReadMe - Как играть по сети.url

                                                              Filesize

                                                              55B

                                                              MD5

                                                              bbd5c68b2533b2e0a1084d7ebbfae1a4

                                                              SHA1

                                                              fc53156add35ed2629a7e4171382028ebdd1f2ed

                                                              SHA256

                                                              e10783b25bb3bd5103da6820117c9d3a6ad0163dc707ca51c0474e47427e88c2

                                                              SHA512

                                                              b5985e320ba06e20e7fab6b57dc331b1d6ac14a41cce2ff9c58be59c350bb49dbb15ee8005e70800e025dc3be0f0cb735d35ca247b72b7f42a6c519f96510263

                                                            • C:\GoreBox\UnityCrashHandler64.exe

                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              906f3ff25cdb9e2008537f7f8b630344

                                                              SHA1

                                                              a14b32e331e5c74c9b4f21bd698bee4543a6f33c

                                                              SHA256

                                                              1bd7a44d9cca1aec2fce8aa0dafee9754f9185e53a7958b6971649cf36cb164e

                                                              SHA512

                                                              95c6af54cc314ff0422d5765bcc5d4c590d286a23f57df2835ebe6b45e7c49fabbaf4d97f3489ad11983a87788c87ca9e3ef1cd0ffe6cadf88af98ebe6f58824

                                                            • C:\GoreBox\UnityPlayer.dll

                                                              Filesize

                                                              28.1MB

                                                              MD5

                                                              957cd6db35ab73c8110d0e21d921d498

                                                              SHA1

                                                              523a7c79e5c3f56e5349cf71e0db68ef1ea6ab8e

                                                              SHA256

                                                              f64218029f1b56fb67128bbc270c693edec402f2359583b8b456df83172442c9

                                                              SHA512

                                                              0b79c45eaf0d1a4658d95bfc39f31654d4b07cc0fa6c59cb2603561ee48606ea6d1e2bb9c569aab5ffcfe9c3ed717f4ab0e796df9e64db3fe85e6cb3e6756b06

                                                            • C:\GoreBox\baselib.dll

                                                              Filesize

                                                              396KB

                                                              MD5

                                                              751080b8e0b43ba11bb3de6091bb694d

                                                              SHA1

                                                              df448b52a76d3196e272c56bd34b3c128c68fcbb

                                                              SHA256

                                                              cae0fa0858997f3302ef101bca9f1b0a6fc9dbbe338524865fb9c57ab2f70664

                                                              SHA512

                                                              b9ca68d727a2523ca5ec8b8d5357ac062e1422df88b9ee3873465e976b7f897578d41c1e92f8215338f0914861a15259206be892ba858d5b26b2ec609913f7a4

                                                            • C:\GoreBox\settings\account_name.txt

                                                              Filesize

                                                              10B

                                                              MD5

                                                              83f63324e519813c12721a94f4961d76

                                                              SHA1

                                                              b08d9692ef3ffebe2966cc89c1e7275c8c9bcb80

                                                              SHA256

                                                              0d07ad46e0c49822cb833a7da1d84ac0819a120c431bd6155335ea9837080fa2

                                                              SHA512

                                                              e0fecc832d82adee459c746a2e68e650baac7b8e0be81cf2875e325daa170527fb83106c69742305d47cce0ee1d0dd9c657464e4cbd9d258cf94ecfe64afebb8

                                                            • C:\GoreBox\settings\language.txt

                                                              Filesize

                                                              7B

                                                              MD5

                                                              11eb6dd2f9dcf57686be6f609d853f9c

                                                              SHA1

                                                              f8fd5fa7675349b5c4bdd55d271ca94e845580cf

                                                              SHA256

                                                              aa304b5d1d724b004084cbbda0c148aaadafd171bd6c5c519e42292ef18696f8

                                                              SHA512

                                                              2167cce687d181e75b53ebfa33f77bc2d3d7e3b6fca388dc336868610b4c0e8640aaf974810e8a1dbabdfd8573459ba6a799a74719fb1b1497e6926bcabec76f

                                                            • C:\Program Files\qBittorrent\qbittorrent.exe

                                                              Filesize

                                                              35.0MB

                                                              MD5

                                                              7a47d50bdb7a84a1fa58653f55eb2697

                                                              SHA1

                                                              fd767a6225bfdcca0537043b8f647d6ce33f7d1c

                                                              SHA256

                                                              6864e1a85198efb8ecf5f26564f7565d4d4e93f1ba7e4359bc05910ad74e83f0

                                                              SHA512

                                                              8c292a2a0bd6be2dac30e0f2cefe9bfd73aaff96e0cbb1301bba283fa8eabf378bbbc2c45667ec0cb0092e92d54bc02f054fb74b51eaa9068839225c3915d753

                                                            • C:\Program Files\qBittorrent\qt.conf

                                                              Filesize

                                                              84B

                                                              MD5

                                                              af7f56a63958401da8bea1f5e419b2af

                                                              SHA1

                                                              f66ee8779ca6d570dea22fe34ef8600e5d3c5f38

                                                              SHA256

                                                              fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3

                                                              SHA512

                                                              02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              23fa82e121d8f73e1416906076e9a963

                                                              SHA1

                                                              b4666301311a7ccaabbad363cd1dec06f8541da4

                                                              SHA256

                                                              5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

                                                              SHA512

                                                              64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              7b19b7ecb6ee133c2ff01f7888eae612

                                                              SHA1

                                                              a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

                                                              SHA256

                                                              972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

                                                              SHA512

                                                              16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

                                                              Filesize

                                                              54KB

                                                              MD5

                                                              2824611f8433ad7ebca63f40dca15b70

                                                              SHA1

                                                              fbc457de6dbefed390792fe3444b74868e89ee6b

                                                              SHA256

                                                              44695c0054d50d76229d52011f0a2590d06a1f98506ea595038b61a353787dcf

                                                              SHA512

                                                              6bc2e9fdd57cd940b9e6c1f5118878575fefdded78579fd5ea702798f60843113198170a63be58bf5883a432d09c967d18ca4145bd6bac902a6cfeec9ae64202

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              240B

                                                              MD5

                                                              fc4fcd8f7d3ed325c2daec157f94174a

                                                              SHA1

                                                              2a1b9688b0ea87a383edaa8bd5cb76f75e672e04

                                                              SHA256

                                                              3a03c37fb6996e4718d4fb4ee583cc3bc45704bb9a59aff3d489463e214416fd

                                                              SHA512

                                                              432b02e9d2f1ca8c98d5ebc52d59e7c7c44ca0ffa6fffdb52895a9b339596ebef7827e20c6cefeb6ca28a36b1218c4e5c6cc97d007b70f82b1edbbb0aca75d0b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              48B

                                                              MD5

                                                              cdcd960f9496bba6e8facc13ff9d72dd

                                                              SHA1

                                                              887c0dc714ce61e8addf47b42d303126eaf1305a

                                                              SHA256

                                                              152152a1358d7f1a5f86f7d74aa8628ba21757fe31ffc364460c34ca0ebbc565

                                                              SHA512

                                                              4c9a94c042a5c5968d0e0c9a0bbba2126df27faa5bce4ebc9df2a72b004b898be180e8460c8ad50c7261bb6a98380681b362874009b1be897954f7b4b8fe98d5

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                              Filesize

                                                              70KB

                                                              MD5

                                                              e5e3377341056643b0494b6842c0b544

                                                              SHA1

                                                              d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                              SHA256

                                                              e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                              SHA512

                                                              83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                              Filesize

                                                              264KB

                                                              MD5

                                                              f50f89a0a91564d0b8a211f8921aa7de

                                                              SHA1

                                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                              SHA256

                                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                              SHA512

                                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              41876349cb12d6db992f1309f22df3f0

                                                              SHA1

                                                              5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                              SHA256

                                                              e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                              SHA512

                                                              e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              4KB

                                                              MD5

                                                              3a59e6c1f4f632d3257063af26dc8cc0

                                                              SHA1

                                                              09ea171cd51bf369780ccfc1844f4ba74aaa048d

                                                              SHA256

                                                              29a1d404526cf9e098a3568888a29a8d130ad765915ade17c27a86328f611640

                                                              SHA512

                                                              8ff76eedd04f99ef2cfd548ec2942ad0f26c5f1ad184164cf66439f9fd966cf139456e6782b2ef745de7c5c658290583722403e1d9b612a80fbaac15b9b3edc4

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              fe1838f4524104ce05d411ab7c34742c

                                                              SHA1

                                                              2bc410ceb0839166eddc60927658b3d0edc5d6f4

                                                              SHA256

                                                              015b728a8a981110beed9381b7a3bb6636a3acd0b98a2052fd211e8de740b190

                                                              SHA512

                                                              faa41a784ad216446ffb56da306900eb4017922b8b25398c7f44d5cd349b11d763395e9887f8967d9918aecc0492aa6344a29d8a544ad7614e2f0a65aa3ead67

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                              Filesize

                                                              24KB

                                                              MD5

                                                              8cd513127214e252edf0454f329bc002

                                                              SHA1

                                                              6f47fac6be8e7331e54203a7865e86b32cddf16b

                                                              SHA256

                                                              3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

                                                              SHA512

                                                              0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                              Filesize

                                                              24KB

                                                              MD5

                                                              ffbe7d9b2e7283f7ae3ed1324237ad7e

                                                              SHA1

                                                              2ee52d1d1e549524aa1abd2ecedcb9d4fbafaa4a

                                                              SHA256

                                                              a55cd3929ea7ed84e238bcc0723f8c3ba34fc3ede6085b635641e8cfca31af07

                                                              SHA512

                                                              6fa41727c1392a6480854d30aa4a86efb3e2efc44f73f051f895b67341f06d7d4be7e08fbf4df78a695d1143fa6fd57413f7d9177b486387c2ae9bf3a69e553d

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                              Filesize

                                                              41B

                                                              MD5

                                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                                              SHA1

                                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                                              SHA256

                                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                              SHA512

                                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

                                                              Filesize

                                                              16B

                                                              MD5

                                                              46295cac801e5d4857d09837238a6394

                                                              SHA1

                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                              SHA256

                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                              SHA512

                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              0962291d6d367570bee5454721c17e11

                                                              SHA1

                                                              59d10a893ef321a706a9255176761366115bedcb

                                                              SHA256

                                                              ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                              SHA512

                                                              f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              a0cebd80aa720513ea1fa0b6f3eeacf7

                                                              SHA1

                                                              eb5fb5c7b6f0c29840da3db5270d649c8561fe3a

                                                              SHA256

                                                              5f27262fcec049b426f48cddeea6793c09ff7f45ba6e4225e81c39f26315cbd8

                                                              SHA512

                                                              31da57a0486529c539ad672fafd12eb59299df3dd2a9f71d86eecbf993592ffd776a257bdd2b28c508fb07a7d01af28e56a5e6ecce883193b86800eee8b8edd7

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json

                                                              Filesize

                                                              19KB

                                                              MD5

                                                              fd7fa8c95ecda1e474fd3d43fe164747

                                                              SHA1

                                                              c11c0a30bde0409290c922cdaa8058913ae36bbd

                                                              SHA256

                                                              f23d220125640264689bd6f0fed4e5adf8793d876eb42ba713beaef84d2a1d66

                                                              SHA512

                                                              3b6bca54495ec1668850a0eb68efd99fb85cf8c85779ea15854ce4262f1c88cbf68ec7552dbb5bb8170559374a56ced5251f11a26ac77c265c04cd007bd2896c

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\0496E33B07BB9340090B6FF9A653DA5443DBD403

                                                              Filesize

                                                              224KB

                                                              MD5

                                                              88654557db45f210c3924d071783b3e9

                                                              SHA1

                                                              ed9a4ee5790b80355956e1e80997b1572d1a53d1

                                                              SHA256

                                                              b1c21ef2966c375f33e7d8fe7b3aee73aac577ccd803caa73543eae0fc024d68

                                                              SHA512

                                                              7d6e53089f0be46ee97dc8a797aecb9642fe5ceca8214333ecfda69d87029a0d7959f9da55752b4a9607a9071941c607316c45451dbd50e0fad038c1fdc2e267

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\0C0E12ED83B149D6A68D87C705EAEF00394A7588

                                                              Filesize

                                                              61KB

                                                              MD5

                                                              fe5e1d4ae4a9c338268e7c88990fb3c6

                                                              SHA1

                                                              5dc62dad58136e21cdfb74bf39bfb2a131fe36dc

                                                              SHA256

                                                              9b889b1fc925a6ee2ddd58878e4d2338ab128821ac0f228ec13683346cde49a8

                                                              SHA512

                                                              5f987ec5343e15797f64e2ed571274e088311dc97eb9c3677f237fa3b2a3493ae9ced643aa65b9dd6a3864e71cc56917ccf80abb43268e8fd3e8e184a20a2066

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\344A214253D3E5BDF9F13705BD242D9715BAF32C

                                                              Filesize

                                                              15KB

                                                              MD5

                                                              36dcd594c66ee36b9e7cd9eb92acc39d

                                                              SHA1

                                                              98e327f54c9b28f15f8f3a4bd4e2c0a19a8ed343

                                                              SHA256

                                                              665e3a5175820167a555afd47199b2e95f89bce3f28fb007f311c2060d1ec8e0

                                                              SHA512

                                                              d3ffc5f8e6f24ea34c974ae277d75669417e232a188e2d7102cce80955057d9109c044a9f65b1e2123aff2a81605f0ecb523d670ab43b2fa8542c9930ea1bd42

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\7F39525277939CC5125B5648471043E4BA1CD054

                                                              Filesize

                                                              64KB

                                                              MD5

                                                              22ac5a88b65cc8747ad09396d1b3cb25

                                                              SHA1

                                                              29308dbc1f4f19a225c06e43ea0819532f57f072

                                                              SHA256

                                                              5a2a670e4eff94dad79b5c033a6595357202eb3305a20208993c4aca8b189c44

                                                              SHA512

                                                              5dc1b3de9ae44be79895d3506d822d64766f31c8b1b2b1ae85b5130f935a941d6dfda6f7377c33f69ab4ffb8f309c4070e7aa9a3c83a10d40bf95f04c162c668

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\CallbackCtrl.dll

                                                              Filesize

                                                              4KB

                                                              MD5

                                                              f07e819ba2e46a897cfabf816d7557b2

                                                              SHA1

                                                              8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

                                                              SHA256

                                                              68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

                                                              SHA512

                                                              7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\ISDone.dll

                                                              Filesize

                                                              446KB

                                                              MD5

                                                              dce6d68da86f44ba0cb70fa7718e2e84

                                                              SHA1

                                                              58cd39196abfc70b5b9bcc964f41a21024a61480

                                                              SHA256

                                                              b9bdc4a0309aa47613a7b5a680c55839aa7ba28e28f96e6b9316d4d5fe1dbe9d

                                                              SHA512

                                                              bd2f559640b63a46e15a2af90719c10e53e1c30020685163ed6b3bb669197d20d5dd76c7fd1052cf0841e3e1fdbd5a365a4bdb519d2f8fcad9122e77d923e8d6

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\b2p.dll

                                                              Filesize

                                                              22KB

                                                              MD5

                                                              ab35386487b343e3e82dbd2671ff9dab

                                                              SHA1

                                                              03591d07aea3309b631a7d3a6e20a92653e199b8

                                                              SHA256

                                                              c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

                                                              SHA512

                                                              b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\botva2.dll

                                                              Filesize

                                                              37KB

                                                              MD5

                                                              67965a5957a61867d661f05ae1f4773e

                                                              SHA1

                                                              f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

                                                              SHA256

                                                              450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

                                                              SHA512

                                                              c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\facompress.dll

                                                              Filesize

                                                              361KB

                                                              MD5

                                                              cfea1aa8f38d2cfe25b6e0556e025911

                                                              SHA1

                                                              2474910361b08289179ac85b680fcd730f86d328

                                                              SHA256

                                                              2a3c014503f3bba89daac3083e1d06070839f015756548f4ff59859193b21463

                                                              SHA512

                                                              a43e7dfb1b08a88723af2ded038378ae51b5301f876cc9e2a410ce77d3010497d99abe583edec62c1c9932033bd375357702137194224635c1f68e1bcc597ac3

                                                            • C:\Users\Admin\AppData\Local\Temp\is-GAILG.tmp\unarc.dll

                                                              Filesize

                                                              317KB

                                                              MD5

                                                              f6eb1fafe030739560c13b33ce6be428

                                                              SHA1

                                                              c8a947c7447ee8ea9621ec7d428af8cc33881fe4

                                                              SHA256

                                                              ac0c7eefd6b4958cb371c7fcaf7848cfee0d5afc67edb6e22f52663e001b5297

                                                              SHA512

                                                              17259566cbe10b912d97cb9aef870c0d8fff729d2c013cfc7f851d37afd3df52b85210d44e7f312cbda5473daf76bd27668bf538d172c49aa640a1f367565f42

                                                            • C:\Users\Admin\AppData\Local\Temp\is-RH511.tmp\setup.tmp

                                                              Filesize

                                                              1.4MB

                                                              MD5

                                                              7300211c571951be86be6c6f8cdfc09d

                                                              SHA1

                                                              5464e16689003406513c7677b3d970f673551d18

                                                              SHA256

                                                              e77c3184d90f6e7a1276bb8389aba06296be97deb2e8a3433ca9a537538696da

                                                              SHA512

                                                              9c340edcd63c87565a9de26892d2e83647798583cc942bf608b54e86b8fd36bc2ad64421241b88f0a0682e7c006a5af712e62d3231ca5a81264d8b1a1905ebb4

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\FindProcDLL.dll

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              b4faf654de4284a89eaf7d073e4e1e63

                                                              SHA1

                                                              8efcfd1ca648e942cbffd27af429784b7fcf514b

                                                              SHA256

                                                              c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

                                                              SHA512

                                                              eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\LangDLL.dll

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              50016010fb0d8db2bc4cd258ceb43be5

                                                              SHA1

                                                              44ba95ee12e69da72478cf358c93533a9c7a01dc

                                                              SHA256

                                                              32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

                                                              SHA512

                                                              ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\System.dll

                                                              Filesize

                                                              12KB

                                                              MD5

                                                              4add245d4ba34b04f213409bfe504c07

                                                              SHA1

                                                              ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                                                              SHA256

                                                              9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                                                              SHA512

                                                              1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\UAC.dll

                                                              Filesize

                                                              14KB

                                                              MD5

                                                              adb29e6b186daa765dc750128649b63d

                                                              SHA1

                                                              160cbdc4cb0ac2c142d361df138c537aa7e708c9

                                                              SHA256

                                                              2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

                                                              SHA512

                                                              b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\modern-wizard.bmp

                                                              Filesize

                                                              25KB

                                                              MD5

                                                              cbe40fd2b1ec96daedc65da172d90022

                                                              SHA1

                                                              366c216220aa4329dff6c485fd0e9b0f4f0a7944

                                                              SHA256

                                                              3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                                                              SHA512

                                                              62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\nsDialogs.dll

                                                              Filesize

                                                              9KB

                                                              MD5

                                                              1d8f01a83ddd259bc339902c1d33c8f1

                                                              SHA1

                                                              9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

                                                              SHA256

                                                              4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

                                                              SHA512

                                                              28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

                                                            • C:\Users\Admin\AppData\Local\Temp\nsq7C46.tmp\nsisFirewallW.dll

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              f5bf81a102de52a4add21b8a367e54e0

                                                              SHA1

                                                              cf1e76ffe4a3ecd4dad453112afd33624f16751c

                                                              SHA256

                                                              53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

                                                              SHA512

                                                              6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                              Filesize

                                                              479KB

                                                              MD5

                                                              09372174e83dbbf696ee732fd2e875bb

                                                              SHA1

                                                              ba360186ba650a769f9303f48b7200fb5eaccee1

                                                              SHA256

                                                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                              SHA512

                                                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                              Filesize

                                                              13.8MB

                                                              MD5

                                                              0a8747a2ac9ac08ae9508f36c6d75692

                                                              SHA1

                                                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                              SHA256

                                                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                              SHA512

                                                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              f0622e83decd665ee8837026692ff2a0

                                                              SHA1

                                                              71e424b7bf97573bc850032a4cda700d73e3bdea

                                                              SHA256

                                                              b38816b0ea8bd53cbd7b108d1b8ef1016540d55b83e2da1c926c8b71e5092d88

                                                              SHA512

                                                              2cc0ab103c8a8a554ec824e5d147d890ddeb6782709042c8681068bae37202272e701d52ffc7fc4689d2989dcfb593d744e4b1529ccc39cfd7be39bc077310e7

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

                                                              Filesize

                                                              12KB

                                                              MD5

                                                              662f46ca5ba8354b53d56af750f56f5e

                                                              SHA1

                                                              58c6122e4dc797681322f40f7dfa4dc3c4148ada

                                                              SHA256

                                                              b863422edc63e57c9912b5ea0a350835c9b09357bc4e8f972b6be771d93b3abc

                                                              SHA512

                                                              437480954ce56c8817aab83b79fa714883c9987639225ea029908330df95fa64ae2bf1134f3ebaf75c37a1d44fe611d5c384aa1566bdfbaa14c5c01b30263ef3

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              3e0ac3ac64d910795fb2d4204b1d03d7

                                                              SHA1

                                                              6b527f4805a401be8db90fb4ab78c275f8a8afa8

                                                              SHA256

                                                              6f31296307b60a8bfc1c973caf4e1fb0cbb2c78e476829eb3a8a1d216ea1f02c

                                                              SHA512

                                                              df48ab3cd701be4bf83693fd0b8004c98697e56c96090c528d434505bcae8f4fdea084e5448598ad23778a7398eb6a414a0d98dc0c99306ce6da2c2e866a9847

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              4d1b1c3278336351709cad2993e814cd

                                                              SHA1

                                                              a2f1876aec2b16f0c6329a3d2b77bc4b4bfeba69

                                                              SHA256

                                                              b8b6bb1a30f72657f4781bc20db891994af3fe3ec7913c78bc4dea8b95aded73

                                                              SHA512

                                                              cf6f4a13e0ddad9a15647d9da48a49f90e16d57535440d47a86b01fe6a6ffb5b9dc3a0569702eb60ed0773d76cf6d6a61954062d57e1347105885f3df305e8fa

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              b928338603bc7bf94acabb9e9d346a03

                                                              SHA1

                                                              8fa9912f307f02a50bb03e1c50d6ceb5535d3d58

                                                              SHA256

                                                              402720a2d392ad1a9d74f10cec1ad835c6ab268bf2d65b73100f5b70f4bc9b3f

                                                              SHA512

                                                              ad8728cfa514f2ce46f32c5f27619d7ad0d8414f4a10ec54e38c4b8d3e785c84f971d5649e4bdd8be739d9484959a903c2a8d9ea94cf5daf59c22a6f4c4fa931

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              735092d585c5957ddb219ad6ae12f4df

                                                              SHA1

                                                              26bb1fe6814570cf3496a7759ef39b6b0fccb00a

                                                              SHA256

                                                              9d4ced7f26288d5dfd61c71434f22f2a6274a8125189506160690c2be0d80ae3

                                                              SHA512

                                                              f531d225877cebd3dcd85fd77c88eb9730b7ddb9dd281d2d0b7790e03bc59398aef621af9e492673e1d676de45551f51a1f5ae0dea67687cc286173b6156f0dd

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              a902bad98ef757e8d5f49cf39230caac

                                                              SHA1

                                                              b7411ddbdc5bc688bbb0c706d7cf47b3f726d02e

                                                              SHA256

                                                              daccdbc143ebd1237415b775b7bf11c5111f8e0859f75d64014ce6d95bd1300a

                                                              SHA512

                                                              6a1781d161cb7f87bc5ba7b55a32c1720460809caf490d04bd868e651e87f8bdc51ba2d96ce131c8b2f41766084215d97e227a1678f19c894995a0a9499f8974

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\1fbcc3c1-2c46-433d-8a05-e644f141bb43

                                                              Filesize

                                                              24KB

                                                              MD5

                                                              5f2e573bcc01e0ec9245b98cf49b4a6a

                                                              SHA1

                                                              0afc642b7c0fced9c05a538db47879d7e50b347c

                                                              SHA256

                                                              2f3382c46bb5d80963d528b2aa75cdb01458f5e6b7c1af314701e80fca1b94e2

                                                              SHA512

                                                              095b6a7d3c2718165df2531cde04b4a695da7fe80977c956e9bf3f3d93ac3612e1d635cbc512d8bf527b1a0a1ca7277f7ca5ab86628ab26b70e81817a6ad1142

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\4676dbdc-b847-4f2e-b700-052b915d2176

                                                              Filesize

                                                              982B

                                                              MD5

                                                              7af49e575ece7a402a5b1c9f24d2889f

                                                              SHA1

                                                              8b9c7243cbe87c293c8a8e14f67d95477a0b5821

                                                              SHA256

                                                              9a4138ef930674b209fc7f526b241ff64f61d9cdfe94edc96ad109c1acb3270e

                                                              SHA512

                                                              2d5fec1b26dea75a90bb02141f49fcc9ea2daddbb32aee60eca8aad4da78081c10cfb5b7f892c7625246d9126e8c26d4c4057e6cfd4282e836918a7e55219585

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\73c3e37f-033f-4afd-be7e-72adb3862977

                                                              Filesize

                                                              671B

                                                              MD5

                                                              ec4862e91698967e3d9cddfb0b862abf

                                                              SHA1

                                                              423dc7cec27970b320c46cccf89272149d253ab8

                                                              SHA256

                                                              5fa9b964ce8490c0c41ff9b64fe6bde5fbfcac1f1ec73a6d1b88a314bf57f950

                                                              SHA512

                                                              897416e74cb1d45027e0f54b1ed351ff0941bfc89f1e53d05d5f8aeefddca7c914fcb13c7f29e7db621695bad8f93aabb4a70c356dc98f7cde73200b3a3b3e0e

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\bf27bb44-a647-42c3-84d5-9de8580d5e5b

                                                              Filesize

                                                              21KB

                                                              MD5

                                                              39eb9ab58115a0052d99fc4a6e6c3e05

                                                              SHA1

                                                              410b5c27acaf10081d33945805b893dbe3530292

                                                              SHA256

                                                              66eaca60bde790c7e8610a3f2386c3c79b5bdec48a7311871ae31cc74ba1701e

                                                              SHA512

                                                              1a4e29a48580252c00af44b478290b443d48d88e572939014cb4c2d65b03404aa033dec54f24b13e442e260e677b48d0c3b9145dad78153fc37cd6622692529c

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              842039753bf41fa5e11b3a1383061a87

                                                              SHA1

                                                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                              SHA256

                                                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                              SHA512

                                                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                              Filesize

                                                              116B

                                                              MD5

                                                              2a461e9eb87fd1955cea740a3444ee7a

                                                              SHA1

                                                              b10755914c713f5a4677494dbe8a686ed458c3c5

                                                              SHA256

                                                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                              SHA512

                                                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                              Filesize

                                                              372B

                                                              MD5

                                                              bf957ad58b55f64219ab3f793e374316

                                                              SHA1

                                                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                              SHA256

                                                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                              SHA512

                                                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                              Filesize

                                                              17.8MB

                                                              MD5

                                                              daf7ef3acccab478aaa7d6dc1c60f865

                                                              SHA1

                                                              f8246162b97ce4a945feced27b6ea114366ff2ad

                                                              SHA256

                                                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                              SHA512

                                                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

                                                              Filesize

                                                              10KB

                                                              MD5

                                                              c5098ec5ad128e740bb12e595511b4c8

                                                              SHA1

                                                              b5ac4b8a7091325e960ad68348798b01e4ea9a53

                                                              SHA256

                                                              969cd2a2c9688b8879a7e64725f53d7276cf4899a1338d85ed37570722703de6

                                                              SHA512

                                                              3e87db9e8b3a1643963807411bf3e2443cd1aac28ac32323eeda25a4e3122943ed334b89cedc5e71bfa7b82c56f7a5db8315e8a769ece5b71ef0f93426d29f54

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

                                                              Filesize

                                                              12KB

                                                              MD5

                                                              d2082819f7b40c5626ca43c1d5a74252

                                                              SHA1

                                                              0d06b28fdedc6b83ca2a1bbb201bbdfec59f865d

                                                              SHA256

                                                              b70dcff9d1cde631f4ac8abcd80806667011ab181cafba8895735f4e91272dd2

                                                              SHA512

                                                              a4b4ef4e71edb28922d84861054378eedc473112d02210527f4aceec5f30ac6c816bfe623fcd0f51b4bdd7e983491ea17b608e4e3b47513f537a30bc05aa0dfa

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              ccf281524c842b99c1a497caacf53ee6

                                                              SHA1

                                                              15305ed44e858a23fcefe15f80e83ac0966062ce

                                                              SHA256

                                                              102120cb166635f91257d5d89a7b95dcdf27ec02d88e51cbee58e08881fbfd63

                                                              SHA512

                                                              32f0229e2b932b3c3183fe4f70d1101bdee50979980e9639c66fc269ddbd187cb5adbaacc80c559faccef38b83241a3bc6704673d511772fbc8f7c3d84639055

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

                                                              Filesize

                                                              10KB

                                                              MD5

                                                              897c248acfb7a0f7a819447ea8d6c6de

                                                              SHA1

                                                              49b0f7b68a161354f6c585dbb36d624d848bbeba

                                                              SHA256

                                                              f1c4242eaf0c812d9274c217527c5ba0d5b51d4573a7d8f1f3b58f862e034a02

                                                              SHA512

                                                              8d980869d80fce9c8914ca265313487771c661c4854bbeeb13c8310fb1b340deaa5e3db7ed00d71a5e0b9b35edf1df3c8c30afcc854292ce791a37f9c638b299

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              544f6b025547bc612bb7ffa320734702

                                                              SHA1

                                                              f25a1f0c5ad93540d65c5b394137124df0c08e8c

                                                              SHA256

                                                              206878407c06f6055fba5df889995ea59ee1dca20069dde111eeeaba23f98e2d

                                                              SHA512

                                                              99f146af5791931abfac5eb7adecd473247cf442ad61fa2c0dde53377bd28a06a6a87104b02839b689d09cbafa997256d76a7acdf3b65ec4edf2b3a5d9fd1d3b

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              18KB

                                                              MD5

                                                              f50802e0c941d403656a3ef3575bc95b

                                                              SHA1

                                                              c149a367ae657dc866240cee313d8d7d490bb9c3

                                                              SHA256

                                                              7b289b79cc9edd9bb1e76cd8d57b9d684c9f150ff109664e1117aab2e40ee4ae

                                                              SHA512

                                                              10ce9225891a56d7cbc6541dde89ea013571a1a6ae48aa37c2276d7cc7f0162f26c1c6d3bf79eb6ef7b92b80354b362de47dca2daa3e85c309137bbe4239a866

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              18KB

                                                              MD5

                                                              b9d979879b2a518d648a300a599f6432

                                                              SHA1

                                                              d820521e117a1db04156d0ae979933a09c0325e4

                                                              SHA256

                                                              e2be89e001d1d174a8af6eb7b2467dbe1e0ae2b4d4ec4f97cefa80ed5b8efdf5

                                                              SHA512

                                                              6e5548ad39eb3a50aca996fca4b1677e56a7e015b79632660c95561edd5091e6ec8e1826be41cca20e131fa052e5a6f17f852a95ef7a671a796353475e976493

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              19KB

                                                              MD5

                                                              a2997b31866bd35cdba7702e11558046

                                                              SHA1

                                                              13e56bed75f50c485284018db972d1e242456bca

                                                              SHA256

                                                              8569ad32988f8aefe7a55c89ce97f8e0668b818a6c400d27fb0163137121cbcd

                                                              SHA512

                                                              36093e29177b5d7ff9a57aab1e7df5f90d3910b7c6d92f495c1e85c27144033e78de37b50c851e26c3228dc255395febea22ed73b06ce5c050ebf1c399809419

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              35KB

                                                              MD5

                                                              a4a247fc3dfcc091a220059219abf46b

                                                              SHA1

                                                              8c9b4f8d4f9d6c653ea7e32f441236509156900b

                                                              SHA256

                                                              6f944b398969ec7b1b919cd6320257597cde641e03f3824174bb954487140cdc

                                                              SHA512

                                                              d531fd4d61169a6f3915e1747d5fa447eb94993c75e8724e20d9a0ac83c751cc84a6c58dce4bfb2de0c1a4caa167eaa4d495ef42c1bfccb8330f304b30b2878e

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              17KB

                                                              MD5

                                                              3cee5b7db600d25302f68b21970c1f53

                                                              SHA1

                                                              f0428a129ffc2ca572f87cc91d82b42b88b350cf

                                                              SHA256

                                                              68038ed98ef368c40906f88900c149f49729820ba40789300a223662ec487386

                                                              SHA512

                                                              dc437f5c6442a172029a70ecc450cbdde753b4a26108fb9522558036580473eec675aad3f20c061b3a0e59cd114e1fbd3ef654a5f9339ffbf9867b1536521071

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              18KB

                                                              MD5

                                                              26aa5bfc2350f91ad8828ecc57491066

                                                              SHA1

                                                              c3b42b807d6435d6f6858b7bbc2574a7012b62c0

                                                              SHA256

                                                              d0e1635c6385de693866b0c61fcd5cdbf1cfb7794b98e8b1e5ebbf1dd678412b

                                                              SHA512

                                                              799589b192fb2ddb6ee3dd5dfa5f1394d92f3174b9adc73c822c982c7f0348ee78f61bda32c95d78826f5be9acf1fd330bf3c19d03634ce87ef49d298d090b2d

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              15KB

                                                              MD5

                                                              20213191fc2822e91c99fcd176d6fe86

                                                              SHA1

                                                              dda340ccdc27213ee42cf2bf10d2d1fc120e6d9d

                                                              SHA256

                                                              1e2890f33dd4de485be3755c5a5c76b43da53061c385dad024e82a19546a602d

                                                              SHA512

                                                              dc1c5961f47633beb4e24e31a0e11e14befe1edba30aa1e383741d77dcfc8129263c10633454e1e4f9ceaedc064fc778f5cbb2f0e57ad220d19c1e3748789b4f

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

                                                              Filesize

                                                              19KB

                                                              MD5

                                                              b01983b5836086c99a2fc7e71312b77f

                                                              SHA1

                                                              6c0744bfe0cfea8e270583d6ce93455c8049e482

                                                              SHA256

                                                              628e16ff89584f207855908c8178b2c8d7c60b204a27b22d7e9a13d2876dc2c0

                                                              SHA512

                                                              dfedaabbff108f020c613cd4312cfd5473ffb9c5c04765211c7b555c32169634b6c301303f4d2d3c5513d48e4a309bf5f30fce66720ba0056c955b1a4ec4ad3b

                                                            • C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent_new.ini.lock

                                                              Filesize

                                                              64B

                                                              MD5

                                                              9280e8b8dec8fa45e55a79a792bbe5a9

                                                              SHA1

                                                              c287f01b19e5a3cf5fad2343ced4e47f3bc4890f

                                                              SHA256

                                                              2cadf858a7fb450c8000b6e292db301bf3b383d42066874c646e8f9e2caa78d5

                                                              SHA512

                                                              3c9601a6be3ff2d85aa9850cee86f0c80c93a8e5048956717827775caf895768bdd98ac1ed6ca3ee77b90ea3c9b58a4593c27e0a42f8d64cb3af37ca9f9faeb1

                                                            • C:\Users\Admin\Downloads\B0Bw8HXU.torrent.part

                                                              Filesize

                                                              12KB

                                                              MD5

                                                              6319dd9a957b4fb6c7890e7fa1d0eedb

                                                              SHA1

                                                              ed7861e9a504426d60dfb4d68b8aec35660daad9

                                                              SHA256

                                                              523f8b4ba2a29f16215acb30bdc477d3d5c3b8a6c4954ac2d1b65544df0c5686

                                                              SHA512

                                                              b1ea647b77a3fa391499d44fd24548386768f2dbd53a57f1171bc05906443bad1fc16cb6632837ca187b4f06b56c1275ccb4e72f42fa9156251d292e0972b368

                                                            • C:\Users\Admin\Downloads\GoreBox v1.15.1.6 by Pioneer\GoreBox-2.ftp

                                                              Filesize

                                                              515KB

                                                              MD5

                                                              475f4d4ebd14b51f3097c25431ec1928

                                                              SHA1

                                                              75137dab1a167e5cb261195a693481204b9d5351

                                                              SHA256

                                                              366953dd81b33899be5965af320ac044740237be41f957edd8f414e2136ca821

                                                              SHA512

                                                              09d18c6f8719e591b6b09c694e6b2da2270063f9759fbb1718b2b24411619bbd1c0b11dbb62832cd81134798ef49ff68fa22b1feca5dacf2459e33c33f9974fb

                                                            • C:\Users\Admin\Downloads\GoreBox v1.15.1.6 by Pioneer\setup.exe

                                                              Filesize

                                                              1.5MB

                                                              MD5

                                                              d0d6bf2728043aabb00ce8fb6eca8283

                                                              SHA1

                                                              4bb8794ff027a893df1e5cb64057dffacaadb060

                                                              SHA256

                                                              1a1fe30ff60aa7dbed899e5688644418d0de52b01fb24fd5e249f601529f990b

                                                              SHA512

                                                              d5e9d7140a729c36ba402a43b4038dc3c3675c4bfbfa166bafb398ee54e2f6635d52aa5ba64be266b7dcb3dde476222ce2d4b6e06b8679b3cc5b8fdae6e7f82d

                                                            • memory/3704-1616-0x0000000003C80000-0x0000000003CF6000-memory.dmp

                                                              Filesize

                                                              472KB

                                                            • memory/3704-1550-0x0000000003E20000-0x0000000003E2F000-memory.dmp

                                                              Filesize

                                                              60KB

                                                            • memory/3704-1531-0x0000000003C80000-0x0000000003CF6000-memory.dmp

                                                              Filesize

                                                              472KB

                                                            • memory/3704-1539-0x0000000073A90000-0x0000000073AA1000-memory.dmp

                                                              Filesize

                                                              68KB

                                                            • memory/3704-1543-0x0000000003E20000-0x0000000003E2F000-memory.dmp

                                                              Filesize

                                                              60KB

                                                            • memory/3704-1687-0x0000000000400000-0x000000000057B000-memory.dmp

                                                              Filesize

                                                              1.5MB

                                                            • memory/3704-1548-0x0000000003C80000-0x0000000003CF6000-memory.dmp

                                                              Filesize

                                                              472KB

                                                            • memory/3704-1615-0x0000000000400000-0x000000000057B000-memory.dmp

                                                              Filesize

                                                              1.5MB

                                                            • memory/3704-1549-0x0000000073A90000-0x0000000073AA1000-memory.dmp

                                                              Filesize

                                                              68KB

                                                            • memory/3704-1547-0x0000000000400000-0x000000000057B000-memory.dmp

                                                              Filesize

                                                              1.5MB

                                                            • memory/3704-1619-0x0000000061080000-0x0000000061112000-memory.dmp

                                                              Filesize

                                                              584KB

                                                            • memory/3704-1618-0x0000000003E20000-0x0000000003E2F000-memory.dmp

                                                              Filesize

                                                              60KB

                                                            • memory/5140-1513-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB

                                                            • memory/5140-1546-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB

                                                            • memory/5140-1693-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB