umbral | hxxps://cdn[.]discordapp[.]com/attachments/1137490198586994751/1140008669132623943/Packed_File[.]rar

Analysis

max time kernel
894s
max time network
895s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03/01/2025, 19:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1137490198586994751/1140008669132623943/Packed_File.rar

Score

10^/10

umbral defense_evasion discovery execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00290000000462d9-1272.dat	family_umbral
behavioral1/memory/5636-1370-0x00000193C22E0000-0x00000193C2320000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 20 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3012	powershell.exe
2168	powershell.exe
6140	powershell.exe
5312	powershell.exe
864	powershell.exe
3476	powershell.exe
3008	powershell.exe
1132	powershell.exe
4712	powershell.exe
1456	powershell.exe
5588	powershell.exe
1216	powershell.exe
4788	powershell.exe
2276	powershell.exe
1140	powershell.exe
3008	powershell.exe
5376	powershell.exe
5768	powershell.exe
6548	powershell.exe
5384	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SynapseX.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SynapseX.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SynapseX.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SynapseX.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SynapseX.exe

Executes dropped EXE 9 IoCs

pid	Process
5636	SynapseX.exe
5552	SynapseX.exe
4136	SynapseX.exe
5332	SynapseX.exe
5832	SynapseX.exe
5296	SynapseX.exe
2292	Neoblox.exe
1508	Neoblox.exe
1676	Neoblox.exe

Loads dropped DLL 24 IoCs

pid	Process
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
2292	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 24 IoCs

Web Service

T1102

flow	ioc
228	discord.com
259	raw.githubusercontent.com
315	discord.com
316	discord.com
344	camo.githubusercontent.com
345	camo.githubusercontent.com
182	raw.githubusercontent.com
187	raw.githubusercontent.com
347	camo.githubusercontent.com
275	discord.com
276	discord.com
183	raw.githubusercontent.com
227	discord.com
186	raw.githubusercontent.com
260	raw.githubusercontent.com
268	discord.com
184	raw.githubusercontent.com
185	raw.githubusercontent.com
261	raw.githubusercontent.com
269	discord.com
343	camo.githubusercontent.com
346	camo.githubusercontent.com
244	discord.com
245	discord.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
312	ip-api.com
104	ip-api.com
241	ip-api.com
265	ip-api.com
272	ip-api.com

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\SynapseX.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3556	2292	WerFault.exe	289
6452	1508	WerFault.exe	293
2884	1676	WerFault.exe	296

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Neoblox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	neobloxBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Neoblox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Neoblox.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 10 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5360	cmd.exe
4972	PING.EXE
1408	cmd.exe
896	PING.EXE
3164	cmd.exe
5136	PING.EXE
6964	PING.EXE
5700	cmd.exe
5132	PING.EXE
928	cmd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Detects videocard installed 1 TTPs 5 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1216	wmic.exe
1636	wmic.exe
3656	wmic.exe
5256	wmic.exe
6804	wmic.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Neoblox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\IESettingSync	Neoblox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\IESettingSync	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Neoblox.exe = "11001"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\IESettingSync	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Neoblox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Neoblox.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "108"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804047742614264"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\NodeSlot = "14"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\2	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "15"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\SynapseX.exe:Zone.Identifier	firefox.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\8GJ88.scr\:Zone.Identifier:$DATA	SynapseX.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Lqgdi.scr\:Zone.Identifier:$DATA	SynapseX.exe
File created	C:\Users\Admin\Downloads\Neoblox_Bootstrapper.zip:Zone.Identifier	firefox.exe

Runs ping.exe 1 TTPs 5 IoCs

Remote System Discovery

T1018

pid	Process
5132	PING.EXE
5136	PING.EXE
4972	PING.EXE
6964	PING.EXE
896	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3052	chrome.exe
3052	chrome.exe
5880	wmic.exe
5880	wmic.exe
5880	wmic.exe
5880	wmic.exe
5636	SynapseX.exe
5636	SynapseX.exe
3012	powershell.exe
3012	powershell.exe
3012	powershell.exe
3476	powershell.exe
3476	powershell.exe
3476	powershell.exe
5376	powershell.exe
5376	powershell.exe
5376	powershell.exe
5412	powershell.exe
5412	powershell.exe
5412	powershell.exe
4820	chrome.exe
4820	chrome.exe
3752	wmic.exe
3752	wmic.exe
3752	wmic.exe
3752	wmic.exe
888	wmic.exe
888	wmic.exe
888	wmic.exe
888	wmic.exe
1392	wmic.exe
1392	wmic.exe
1392	wmic.exe
1392	wmic.exe
4788	powershell.exe
4788	powershell.exe
4788	powershell.exe
1216	wmic.exe
1216	wmic.exe
1216	wmic.exe
1216	wmic.exe
4820	chrome.exe
4820	chrome.exe
5324	wmic.exe
5324	wmic.exe
5324	wmic.exe
5324	wmic.exe
5552	SynapseX.exe
5552	SynapseX.exe
2168	powershell.exe
2168	powershell.exe
2168	powershell.exe
3008	powershell.exe
3008	powershell.exe
3008	powershell.exe
2276	powershell.exe
2276	powershell.exe
2276	powershell.exe
5156	powershell.exe
5156	powershell.exe
5156	powershell.exe
5384	wmic.exe
5384	wmic.exe
5384	wmic.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3620	firefox.exe
5792	msinfo32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe
Token: SeShutdownPrivilege	3052	chrome.exe
Token: SeCreatePagefilePrivilege	3052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3052	chrome.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
2624	SecHealthUI.exe
6900	OpenWith.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
2292	Neoblox.exe
2292	Neoblox.exe
1508	Neoblox.exe
1508	Neoblox.exe
1676	Neoblox.exe
1676	Neoblox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
3620	firefox.exe
5320	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 336	3052	chrome.exe	81
PID 3052 wrote to memory of 336	3052	chrome.exe	81
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 3748	3052	chrome.exe	82
PID 3052 wrote to memory of 4544	3052	chrome.exe	83
PID 3052 wrote to memory of 4544	3052	chrome.exe	83
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84
PID 3052 wrote to memory of 1664	3052	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 5 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5532	attrib.exe
3028	attrib.exe
5132	attrib.exe
5008	attrib.exe
6272	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1137490198586994751/1140008669132623943/Packed_File.rar
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa9786cc40,0x7ffa9786cc4c,0x7ffa9786cc58
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1592,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3680,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4844,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5040,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3252,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5092,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3244,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5352,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5500,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5516,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5428,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5024,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5772,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:1652
- C:\Users\Admin\Downloads\SynapseX.exe
  "C:\Users\Admin\Downloads\SynapseX.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:5332
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5540
- - C:\Windows\SYSTEM32\attrib.exe
    "attrib.exe" +h +s "C:\Users\Admin\Downloads\SynapseX.exe"
    3⤵
    - Views/modifies file attributes
    PID:5132
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SynapseX.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:6140
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1456
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1140
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    PID:888
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    PID:5256
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1456
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:5832
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5540
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:2620
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5588
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:3656
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\SynapseX.exe" && pause
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:928
  - - C:\Windows\system32\PING.EXE
      ping localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5828,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:996
- C:\Users\Admin\Downloads\SynapseX.exe
  "C:\Users\Admin\Downloads\SynapseX.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:5832
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5200
- - C:\Windows\SYSTEM32\attrib.exe
    "attrib.exe" +h +s "C:\Users\Admin\Downloads\SynapseX.exe"
    3⤵
    - Views/modifies file attributes
    PID:5008
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SynapseX.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5312
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3008
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1132
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    PID:5344
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5132
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    PID:4680
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:728
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:3172
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1216
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:5256
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\SynapseX.exe" && pause
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5360
  - - C:\Windows\system32\PING.EXE
      ping localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:4972
- C:\Users\Admin\Downloads\SynapseX.exe
  "C:\Users\Admin\Downloads\SynapseX.exe"
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=1732,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5768,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5788,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,15084426954482062134,7023215538155929329,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:6728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cdd1df6-22a3-4842-88b6-7c29888b759d} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" gpu
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ba5295-c571-4508-b2cc-63cf46ce11ca} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" socket
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1588 -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3112 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {869e0206-d0eb-4dae-8248-e432b59350ed} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2824 -childID 2 -isForBrowser -prefsHandle 1576 -prefMapHandle 3148 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3a77d4-f63a-42d4-a2bf-853fd58c8360} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4692 -prefMapHandle 4696 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb0afb31-4f0e-4f08-9459-d4f909d5f511} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" utility
    3⤵
    - Checks processor information in registry
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5148 -prefMapHandle 5164 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {711afd34-7e80-421d-827f-b3aa863291f7} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5184 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9af782d-6bd4-4bd7-9e59-f2a9bd8cb126} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ce429a-fd48-4beb-b9c3-58dcbe5ce022} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -childID 6 -isForBrowser -prefsHandle 3356 -prefMapHandle 3372 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {322aaa57-0b7f-400d-abe5-db8ad3e60639} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:5788
- - C:\Users\Admin\Downloads\SynapseX.exe
    "C:\Users\Admin\Downloads\SynapseX.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:5636
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5880
  - - C:\Windows\SYSTEM32\attrib.exe
      "attrib.exe" +h +s "C:\Users\Admin\Downloads\SynapseX.exe"
      4⤵
      Views/modifies file attributes
      PID:5532
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SynapseX.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3012
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3476
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5376
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5412
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" os get Caption
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3752
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" computersystem get totalphysicalmemory
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:888
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1392
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4788
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic" path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious behavior: EnumeratesProcesses
      PID:1216
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\SynapseX.exe" && pause
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5700
    - - C:\Windows\system32\PING.EXE
        
        ping localhost
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6968 -childID 7 -isForBrowser -prefsHandle 7020 -prefMapHandle 3040 -prefsLen 28140 -prefMapSize 244658 -jsInitHandle 1056 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1475df-ebfc-4474-8488-ab3f27bbb223} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab
    3⤵
    PID:4732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5308

C:\Users\Admin\Downloads\SynapseX.exe
"C:\Users\Admin\Downloads\SynapseX.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5552
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\Downloads\SynapseX.exe"
  2⤵
  - Views/modifies file attributes
  PID:3028
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SynapseX.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:5540
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5272
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4712
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:1636
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\SynapseX.exe" && pause
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3164
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:5132

C:\Users\Admin\Downloads\SynapseX.exe
"C:\Users\Admin\Downloads\SynapseX.exe"
1⤵
- Executes dropped EXE
PID:4136

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4788

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1736

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:3556

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:820

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:6232

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:6260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6900

C:\Users\Admin\Downloads\Synapse-X-Cracked-main\Synapse-X-Cracked-main\SynapseX.exe
"C:\Users\Admin\Downloads\Synapse-X-Cracked-main\Synapse-X-Cracked-main\SynapseX.exe"
1⤵
- Drops file in Drivers directory
PID:7068
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:7156
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\Downloads\Synapse-X-Cracked-main\Synapse-X-Cracked-main\SynapseX.exe"
  2⤵
  - Views/modifies file attributes
  PID:6272
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Synapse-X-Cracked-main\Synapse-X-Cracked-main\SynapseX.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:864
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5768
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6548
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  PID:3220
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  PID:6312
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:5560
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5876
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5384
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:6804
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\Synapse-X-Cracked-main\Synapse-X-Cracked-main\SynapseX.exe" && pause
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1408
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:6964

C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\neobloxBootstrapper.exe
"C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\neobloxBootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6124

C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe
"C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 2228
  2⤵
  - Program crash
  PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2292 -ip 2292
1⤵
PID:6888

C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe
"C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 2188
  2⤵
  - Program crash
  PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1508 -ip 1508
1⤵
PID:6488

C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe
"C:\Users\Admin\Downloads\Neoblox_Bootstrapper\Neoblox_Bootstrapper\Neoblox\Neoblox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 2196
  2⤵
  - Program crash
  PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1676 -ip 1676
1⤵
PID:5444

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6720

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:6896

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:5792

C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\servicing\TrustedInstaller.exe"
1⤵
PID:1996

C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\servicing\TrustedInstaller.exe"
1⤵
PID:5396

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ab055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:6880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:5212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:2080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:4600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e7f73f7a2b6d09709048221c96673de5

SHA1
cbc00c6ed988cfc325e6415380e2692f769331eb

SHA256
17db4938bd28375f43306ae40ccfc49245b8904cc3abf78c5d7964caac656076

SHA512
eb248e52570c857004e73ff372865c801410f648658d0fa8976e4f42e772ee816dd51bd357b29345cdc25c6d65eadcaf1befe5a14406c4c63e3bb702f47ed26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
20KB

MD5
b9cc0ef4a29635e419fcb41bb1d2167b

SHA1
541b72c6f924baacea552536391d0f16f76e06c4

SHA256
6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf

SHA512
f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
94KB

MD5
547dc9c49a1cd73ab654e4c2f7a35423

SHA1
afa85e3306d5c47f94e2f468870da632d2ec6fa2

SHA256
c3f8e383a54f245b844822accaa146c969da9f5b44579b21d34497d871224a06

SHA512
c3a54f4fcd41f283e7a688b6dd0dcb083d7e01412163d398791b641ec2919c28f0a8fd480a706d14934fb3f4a3dc3894f5fc26367840892088ccb685c20ed003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ada862172a1e3026aaa11d6e30b12319

SHA1
921c1d2a6434263c5e0c0ab939138773feb6f21c

SHA256
061d11fe8d7adc2e00ec7e5682b03fafeb12a352724321834e0825981d683292

SHA512
80d290f382de3f7b464b6981c7bdcead0bb112954feecbe6a9115612a4396be0548b2e3be96c8c61c382e0b67def3ec7c3e25e57f630f00e1d0832bc036d02b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2eace3810eddd4c50f50e4ffdee2edd4

SHA1
2d1bd633ca38f4a69ca8658b3e9eddeb696a706f

SHA256
d999056b8f58d7039543ff8e541d5c2b9ea63bd4acdcc4d6e45aad78ad7829a4

SHA512
8556c7c469d0421a8a1d53007090a8bd93cbc96eb2d36c172bc364e0afb7b53e74848782f654278c082e943333abaaba5d576ffcefd1809d960aa7649248d7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
448e008b3983add868ed5e13efe79f84

SHA1
384f13e8cd2c8b922bcb70a9ab76f56452083661

SHA256
a744ceed766fc2bc279bbfbc30b40fe78686759a6b3ef7a2a2716d25d6877197

SHA512
7148e64e9e42e1bbeefdf4779c9822b10ed704c0f6864aed197c3a08dbf1c7997d0735aed454a9efb6590fb3877b02701b67531255c62caaaae56ac0bc48bb6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
20805f3ec92d95434d66c2c6ad0ebf32

SHA1
c3b9832eeaf0a3648582e8ffe4b5ad56d739c5a3

SHA256
57c1f6c1d221424f2f829f62a6b15c1f2e3a39b2c0b0c0c1952d52669ffbe9ea

SHA512
633d815c5179c41c64f8ff40a2ae5d417908d7569d4bb30c0989d1d4bbe8c88397b83dd360092543c503663b1eca1cc0a566ca02e66e091c8163f5c875c8e545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
896cf53c6d72ff130409267e6bfc2dee

SHA1
2135b5284acf22f82bff1680fddd78b6272bdeac

SHA256
9daf9c61fc1acb45fb94d092a1d75211cd5b89797964e9d5845731c66d083836

SHA512
f506577a6a0b7425171f955aa64e15a3f2b8be4de72024ab5e18d9845a3ce1330e2ff816a8737c3ab527b99cf05dade648800f864a74e4f0a45030b13092bdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
24KB

MD5
c2df48e3357d8156b0b135cd787256bb

SHA1
e60676944eb4ab3d135a782bf8a3cac510dca5ca

SHA256
4e83246a8094612997f317340b7d4c7982a28072f720dcc7e548c29aa94744b9

SHA512
6fe0bd7f75d53ad34963b1b7a9017e4cecf7ee201864ce71626f3364b3b96c2124b59838f46b9c4c814c537a07ca30d0671401fc1f7de13cad8917fcdb18eef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
40KB

MD5
ddb29cf929a7a79ce65217f7988b2bd6

SHA1
65d96791f26a8c731bb835c1057d9743799c7da6

SHA256
9eb59a53493f0e1e102ea031b4284a5042df9e69205239649f70b179413ad664

SHA512
b0d3138734f06fe52b87a67ec7227a5458d0223485d21ee8a6d93625fd957ba46daeacc2d732ecdd933109d9128e85b9d4e80390428219612d633222d6f89170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3a991fc09069b0eea5e747ae76f57690

SHA1
7a15b9241cf991e1a548166ecf1680d7321973a4

SHA256
b007d86f478d2f6bfcb4c2c1da23c62f545d3cb2d5ea79423018a556876f15c7

SHA512
ea06c7cf9cc452d822da4f2067a15b805912f86d8c13b32dfb7c007bc1b0af95a08a087ee7bdccbb36f7be89e88dcc9c04e7389fbf6d15cfb10a34754fecb90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ccb6ccfeb38d6a821cc8bd9882ff18e0

SHA1
4791a36ab70273b083ad7cf9816ce0eaf8173784

SHA256
64acf702d4a719d1639e1595a90dd8f1073f7c0a1ba3ca7fbdaf32afa00d7153

SHA512
e63cc110f831a91578054087150ca1fa56d9851aeebf0dfdd93ee40633cb7ed2b0dd4a911db9ba769b08de8db018fe84edc72698bde4019582ff9717783f8a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
00aaa763195ca9a963eb3da9f235f1ed

SHA1
1af8458071e3a0225dec316331d04d94190b9cc1

SHA256
bcd5e0fe0ea065435b5feb2bd7e3d4a5b6ce261581fca4e59d56a83317a48b68

SHA512
7990301d0bb57db229f005a35edf859e43f1e35cdf5396829724e2e68fc5a84f041229bb036681e00e4a9ab44e387a7c8d7de4cecba77006cc5ee74e1d93ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
816bb7f5c8463a03bab490254da4261f

SHA1
fefb7da323b13ea440a8260a4093c4746698fb0e

SHA256
932017bd5a555029afd2cb24bd357cb566949e77fe42dfb72e37db2985474097

SHA512
54dd3534720e501ab42e3736ff61b8198b62bb44bb18c58a5934d8a35cfbb53308fea1a35f02e59e6e046b6705050cdb3ccf652f26e23cfe54c28c9304b7f3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d259a445cb0052eb10c0df3984058cac

SHA1
2f731654c7a4c55569878855878c666761dcfdc5

SHA256
8f985c4fe7a5c90ddd2f85f5d97ade4c4fe51b16c1716130e14b49ee4aa5709a

SHA512
c1c8eb664a9cad2f8a065c239041a9ae1de4467b2578cfd628266084dfddf60d93dcdce4b0bf507dabbe873c09f565381ee4c827ae8e0e5ee970dc51e191392d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
873a9c6eae613b79e31eaa779f875034

SHA1
db6fb5bacd2b77538030b63dfafba26a9a97278d

SHA256
9e58eaeb044c1b9cfca2d55affc8f99d8804c4bad774d10551d6f70d74135d2c

SHA512
8ec31866af0f435df81d95eae8ac6050ba47c684c4a5715ff8c829a7a09812e368f504c685da510e4dedbf31b9e61404be82b16b2dbf429a2f23bd60dcfb942b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97a486fa92597cc9e8cf04fca1f514db

SHA1
4a7d31b0831ba34036bc875a7842a12f100ce61a

SHA256
811f12148651aa29a59c272d9be97784187593f09d471b7f40b8c5fd3fbcdb17

SHA512
30c37fb14346b54947fe876f36b6f1340fb32d00f1c67929013cde45071f44f73bb78f3ab9e8a5eee7ab50c35f7619c5eb11072d00b4b5686f5815ed22a2d3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b9170e390c3fcb99b58d4b38b1cc1ad

SHA1
a13345ebd44917b8a5e80f29e6e099687cfefdab

SHA256
7509cc6a82fd03fa943c004b5b2d928a0794f7594a148ae87a14e41632dd2231

SHA512
b68b7d64a8b58890ad4888919e3990d7999d32d94ba61967e047be6d340f771cffb5781fa5da16e764d8f68a70c4ffc01d31833015553c6b8e6a11b759ebdc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ec56112621cd8bcaf8960e1dd556b2e

SHA1
7daaa5da05f83bf7af43be3f15c029f93ada782d

SHA256
cacc929294c846255d1e93814fc926ceec3e10c049589f424316f0aa638dad3f

SHA512
2f37875b3a6c02c1d73fd8c94f851c5f97db36c14b659df376cbfc726826fe3b96b6142b14f615b5508f58f5d71102d8eca93a37a3d7f7771d8932b06eda3882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f0bbfdb9c194538f919c7c35e77e310c

SHA1
0244c26105399cbc50f540229c851d271de97ee9

SHA256
104f881a79672a077704c73b758fab96f788ebd473502221f737f7812f60cd16

SHA512
d8be3c430dd4244ee9b364c2c39d9df628d4c6140a26a0aa6b78aee2b89f7ad78cfa6e3c4d7d929f2f36bdb786ee8c8561b7da265434361363908d20664ddc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a689a419e3abaed089881777bf4e6403

SHA1
109ee6d06d141b60f6b9e67f3989d0159f48453c

SHA256
adaa42b805a5e6f53ac33c36d9afc348b573cb1b8f9188d402f9255637c8dd83

SHA512
6e884326398bd16d9849f53d835e8350f54e99889413e3fcfa08e7d555f4110aeb2fa522d099c00c58ce3b102c82b3f24b71545341e1be8bb2343d71cdf2d00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08b1f4d19921c5f785ef9f514ec84df6

SHA1
7299a589615972dc7cb7d437a3d5bbf955322d6b

SHA256
ef31b3c95d3c039ef0d1b0a58fc68f741c21e96fd81b84290693a01ab4915941

SHA512
2c89fc1a7c1c5d306786334e0051ff49a11e4f7e1e5c721dc4cc842ad4b3c101ee6defc0f7e20b3aadb1067c49cc64bbce1c198866e6ce6157d025eaaa1ffb4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb4905e07e50eb5249f97f419251a9cf

SHA1
7a632a327b780450a703b2d0da95880a5ecffb08

SHA256
f06476a493b0c183ed53e0f67608ccd2ec3cd746f369b45c1606babcf4962c71

SHA512
9a1de610b54e0567e7f847799e65a6185ca5fd8d40c92776727a631dd8d7c1289a21de3d1a5322a71c044caf95d58608a1d5a00734648157d4daaf00cbb8a81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae36b9a86c4eca9d5ad32bf11aea4cc4

SHA1
1ba0ac5a1b50c8bd267ab9a3dd1eaad7f04884b9

SHA256
96a61f3816a36732d77628cad8809d0a2544ce18930526cee73d28ed8787db33

SHA512
f417a8e95d7f75aafb34a140e55aafc5789536c46c4be4b6ae95ad01f564790bf416b7aeccff3e3c8c9d4f2e825c8b0af9545043bf573f24dc590f699b473ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdb8de6bfadf04e5addec1fdd42f4439

SHA1
62e33e13f741434695b952c28d00dafbd877419a

SHA256
e7b8f0d85ae5096b6c31741bfa172f1572ca0437e0a78d6451918684705261df

SHA512
34bb7f6bdad2ba686df93a756caece64ba108369c2f0e3e9b64b079d6a1212248727ebb0ec3bf504cc9a7c430b642f0e7c3abb2d13f8548a27cc5ee93629a008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
a2f714e05092e14fb26a4afd5365c59a

SHA1
98187d0299fa41f7e76de56ef11735b254967c08

SHA256
de01d340ed65c502854705bdd3b851ca99573ef5a3fc5ec507fb0ed5571c94ef

SHA512
5c552b8e2c00d20171143ba6051a658421c092b312db43fdcb098e962a60ac325224c319901348fbda5bb10c328ed550d675b99525131c8d00783db90ed440c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
13e8524e7217ba863ac2600e5ba2f294

SHA1
2e42984089324633ececb35fed7e49adf1cfe7fa

SHA256
fe7cf292ffc8c54892dcd3878717766fa38a4959c4fdb51772cd8b017ee457e9

SHA512
2196093d47f48b346bb79c56480a6e9121db01217d5460eee74c6886b826fdd828997f970ce22dab05567c1b49cf06cb8e2e06d071599b3cecc34ac05ad6a022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7cfa7c646cc3e7d644e3516cb500ee8

SHA1
8f91cbed70a835bcd720e6d9175c138f08edc3e3

SHA256
d9e81652a271bd8cfb0a2b24eaf36e64757084b114eb5c46b44d05d55b3d58fc

SHA512
48112359b5dc0a505ee8ff06b1917777cf959a9cfc4c8ad65b3cfb6da14db2df72f20d044dede5b8fa4df1de6a420cab4e3a2645fdd6b6c084006566e0ef30b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ddf6eadee36926a0dd72429c683f5aec

SHA1
67ae3493e652e7462238c65b383261cd43db4cc8

SHA256
64d76b2fe876db444fb5fba3cb31502fb4667ff93b1916e0cd2f6444482a877d

SHA512
49e946fa19e27e1bf49603d6cacafe938707e1ab90b8e89ff7e637f4820172115a9b2c11138bf6e084da37ab87aa9846a351a2e022ff9f35c8b069021971255b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79423e1d604ac340b3ed9c02967bf4fa

SHA1
667644513c104cec407754115f03e1330858430d

SHA256
07e742195f78f9e4a49cf04212a00e5abe6ce66258674abbb02c8198a2a5bbb3

SHA512
c9fb2e43545c3a3fcc37d2237137cbe3f481ff56ce9ceef2df0fc31cb52431c4cbcf9b1acc1bb0a7db5a1b76419326d05de633d4128ac7dca792f595d41e2a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b91e04ee2d9661bd07263d46fc6e39c

SHA1
cace275f1dcc8053ad77072720bd1daa1f6c0bd5

SHA256
e54c6da59aa78209a710dd81ebbaafa1354211e218cc5ab60b76698f71b07b2a

SHA512
b742ad174b375c0e590e3606e715d49f4dc8c128d73aaa71440ba810572b046d19d6e54330d0f70366d303fa6adade74e49274c15671efa5d17e355fd6ebefd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7e8950b3368bedb02b5d68ba61f78b35

SHA1
4a616df6b0663cb21d118e5d07a4c57913e2a9d5

SHA256
42970ac677e8cac974fd0578c7d42687d1aef9307885e6f78b66e35764408096

SHA512
5d7abf719f697af98bc4048cb848668a65e6a163eb10d927696f1047aa402a033dee6968af4d672013e216f64fd64a81c9bbea6c64b4ae83884d3cca02bcb0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2866adac92cde39d76eec06696e7c807

SHA1
d704e0d05ac092bd8903a7668d1c92b39ded35cf

SHA256
ab512dbc3416979fb41eca49646e45d1381a1ea5398a65b7b8aefa2dec4a81fd

SHA512
1647938ce20e9bc10e3bbf454d380b7b937939d50913bc38f2e4e50c280e46f6134c89b305a907a44d65d26737b4b1ff01351bfc60a5551705183a2d2d6eaafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9fef027b59d12c6ca183a9d83ae81f34

SHA1
77cd8d313ba645a8c54317f67a1d60dc2968a0e7

SHA256
8525fafd9abb6f794669429ae19875e491671e70ed229ed06bb7ffef282e9e56

SHA512
7d35ddaa155aee6261ecb089a4c82fb0f2ebe03267685664c49d50b43f426a2f870bb6d527c76ed6c3b29ee71df3e17eaa93a42f1a7082d28755a9c13654e6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
be0e183d9da207ef972648c12bf92efc

SHA1
095ef6655a5a09dfaac3ecea6b1a8c8b3ac932f9

SHA256
b95495c52cde20936408ecc489097188c93d631cdcc717e85bdecb54634b90ce

SHA512
c8e578e462cb0585a97d600bdd55cd0e32d0e8a8c2bd61ace430c3e81851954510f8dd21f3820492322c328c797e3c996b246f2971a20b13a2ffdaee7112a7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d88c6469e6bdf7d07e14357f58a17bef

SHA1
ee03548ca6ae76fa020ca58a9095ee872d97a023

SHA256
18b182b23de3204c630b1a5561fb6d688398d8a003b770471ebc10fb18539677

SHA512
a05a0260eb0d0a6935265aaae41951c62076048defd67e960b51f7e8086e5b3b7f440638774814d18f3473b87a9937d3c2b0d9401049f1791efc0c4f97cf1cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7bdc3b1ea0d52573a41a8fb039b7cb91

SHA1
0544b0999794f8bdfdd8f47a5615f89c1301ad7c

SHA256
9210e430bcd7e3a7551b642dd08ebdcab308c36a9aa9cf65e90153823ce1d58e

SHA512
81321a959569a578f792a4fc87bf45630bed572d9bd893f01ce7e3bf2b7b231b8aa66715560d85f5c43e39bbcaac168f90b6f2a174dbdb544d6e1e6d57d52556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bf3ce833aea21b101f55a511937ed223

SHA1
d8de373decffddab1480ace729b7daf1d487efe9

SHA256
a4b0c4b04529ebfd151f9a7790b871dc5586714c8a8a59f053bb2956b7d37d8e

SHA512
300ccdf25a91c65aa4569683380aadcb628a0122d35be5fa57a3c69be5ac63bde1c114faa829872a363ce36c436043a41d79a3692c7b6fdadea5ca2de2e11a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd25fdfc00688e7442aec4e9d34d76d6

SHA1
df7ab222f3b1b62c95db462f785cf08167c0bcfb

SHA256
5913e4abd8f9835f0b29d6f13cd371deae40e1e115c20eea47351b28d508462a

SHA512
98ec4e5969b3e5b29b5c36ae0702d7d730d2d3d95218b178826bc51bbdd3272610935e9dc5adc63cc35115ab8e011b9df487d3fdb2994c5a662d1a652b58ee96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f35f9a389531faa7d832bd6e0908cc3a

SHA1
36524deef1997f8332955b8c39ff5f0bc2242770

SHA256
935b402561a34bb2252a6651b8e3861e61209e5ab8c0754834b91986438312fc

SHA512
c44c8bdc169295ce9046be59b3585537fd03da68b72281c78f5d5f7d9e80b52db5815cd811007866a7719694b185d104cbbd8c0795f39e754184ccb168259a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c4b2007550642050b14874c368e6c5f

SHA1
ba78c4e12442a2e2cd85c39b6ebff621f3be09a2

SHA256
5febd887be95f941bf33e1ef80a033ec10ea04af55733c662325a631f06d8629

SHA512
3a98bf52512900d97d92e86d9ec646b2ed653d5e74f61aad0abdcabc5ddc30289db6b2bdf1173ac391181a022c902d71d19dcc8aa1be05e4d6a2e62da18b1e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f5d5abae49a8b74f2387a2845751716

SHA1
aeb96a19af67f19d8433c2567fdc1e030d23d764

SHA256
d2d54275784ed2cdbdd5d98798027bbba5b3817ce26079f8f1cd5f27c4ca5717

SHA512
7c91b1f16040b74372b40aa24c72397e42cdbb16970c3a32ac0f45df9eb15141732f9f367c04f540fed45a9368f08ee5501ddecb59668f04931656873927f4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f03c1887b11de335e84722837a76dd2

SHA1
e43385525cc7f86d3f61fac3e0c38070de655454

SHA256
4354e2402ead3cf1a9423e8896b0dfb1ad66a0aa1a0e2f610f76ca007944f444

SHA512
ab1f2cb32dd04f50f18e43e7f32874c13b8de5ed843fa71e73c6b7c36a557716a8a4f1781e5cfbed13b71fdc07e5554a82d6422cc96f7cd4a8a7f5562ac3b858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
551d288d0a5b50b4f3f000de4a54bdd2

SHA1
ebac71490ccae5b82aea08e99c9dbf9f1ce03842

SHA256
f4536c24e0157f769dec16b731620a3421bf0caa96ae19c52b0b423c349c2ec5

SHA512
b5a6f244ae382470f3c87d1ce5250ce4540b57751bbbdc198b23a8a66e3050ac6c812b340d785042a85c3d352dbbeef53e76d653018cb1cda4285d11deba6dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
074e7f243d66289db6c2106c5dc694a8

SHA1
89f5400f7fdf58b460f69ab49bb958c96137f001

SHA256
66307f4d97457307656a34e8f3eefbd7c59893e5342854ebbd2175636c490626

SHA512
bf43a04539dcefd1131cd54a046dbcc2fe3d389850f8ff8e0d4260059b9f5c882ba240b578817b58acbf5d8d70aad2e0d56ab37719f8b8692949d2d6e240bca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1d092b993272ec983c88b090a7cc0bcb

SHA1
443c333688ed692f6a6cdf7dc6f5dc1fa3dd0023

SHA256
91af4df0ddb0daf131b082a11f60e25ea82c29da3c28f8ed0e12902630f5a0e7

SHA512
8156801ee2f9148ed1ea124d301d542aed4a5e3daca6baff87541143ecf9be9a130f2ca59b93f8bcc979c58571c035286a7040335688f33264fb4624f999a0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fcf0694fbd017339bd226fb5c97972ed

SHA1
e3f41471b1ff83d318e8fe92607ad9e0ab8b1a67

SHA256
bccf67efafb2d3347c415bdbb8fdd47e6407732067766294367c16a0e86b72bf

SHA512
348fccb9042a33d38113d9ab19a09223d4f9b2c7e36bd446da86c744873629a1a98a88ef8cea8d8a4ce14624fd213fbb0524ce193abbddf06ce537ba291de4c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1d76ff4460bb17a66f22d084b34b6475

SHA1
808aa2947d2ca8570d2d2a1144f1736f1f9313a7

SHA256
4c95bc228ffbddad8aabad8463cfcafa0098d6e6f18794177ba3a2b62da11485

SHA512
46fcddd15cc473815b62d5e480830b2b9412bed24bea1ff203e49d9e50b58becabe5e4294bb320a98333bd68947d81295dce6522cf28cc6e9d23a9fc1a6a498f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d3890077e3e18a7728a33537a94e83f2

SHA1
832c7cde4584db5a363bd97dab3af41862ce6590

SHA256
f9b0d1e93e34f6406d10f8f246284b71b7e3253d98e5d7d3385d7b88e80eacde

SHA512
6451885789d51351667c3c0b0dbb90b3cdbed2decd30e43ce0d3972d89e4b8fef08e54e146e0856a94911c6e06f6ad2c444aa47b2f6a8d3b67d8d2049eb2c4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a541d540aa28205ba6481232719a79c

SHA1
101302e7bf6588d67d196d9b971d2d79065f50cc

SHA256
7d9d0d1ee192036374caad75b0ec0ad0d4e1b4f69123d8db81a4cab677436bb0

SHA512
c0d5497cc72ffdcfe2695e7388e1ec28409cc8f52d390a0a8e234b3dfe89fb14ee7ede200803095ce6b20a36883b528f1abb36b996ec1ef5c7030b2917fa702a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ac36f6203ba85f25a6b5d4801b49059

SHA1
b9fa2a208562eb36e763244353808f3fbe65c1ef

SHA256
f49137c533f6f870e6c5f6de56b9d82a57f8589cdb56222d3b7326a62b2e5214

SHA512
fa0245301c06d4c9930e570e6eda4e979c3969c78542acec5ee4c62040f6dca86547807157e52b15037b59e67acdbe0d0d601977f6e5345c24fb4ae509f9f1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7899ad2423d526549a37ed7a931638f2

SHA1
37ee36b786fbffdbc949e934e464c4962a8dbadc

SHA256
d000fa78d3fdf48de9c48bb9b69b58d69e2cd443d62915daa79f7b7bb33e4695

SHA512
2b950d184f28b9792b30ac6697a4688a6abaea0e4ba2cedeff6644168896f3e4bc411889575b3b0356a1fae790f1162dddc8298a1dca33ccc1cf5dba192ee9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ba4195c72732db4682d702ffa143034

SHA1
4f58593e67148b76b887fbadd6d5d0ecc7760acd

SHA256
6a82ccacb86ccb0abe7b779ca3769d88eadbc9fd76bf9b8a51131968fbd22c25

SHA512
5306c8ba53b52178bc391fd97553f775de0486eec6761656ca999a945f5af5019095fefb31f9bd610188e7bc5e0ff606e5baab3e948c8b6b3a2ad4c32eeb06a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e74d73a5a085b38733d55397e7f12f27

SHA1
34bbd5bc85eee592fabb6f8b2d2584ca2f0f1949

SHA256
68fa84827c2ca9cd2e4e29d14346e37b057cc1ad12d4a4e6b1ea016b36a8e971

SHA512
677ed4552de4fa96a31fb89dcfe59370f788f1cd7219b2121dffca08bf3470fafc7ff4e88d4bfc1d754528ed8578f294a042d42d96696a9e69bcdeeb16f8307b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
592b138a33edcee01c633bdf7b6f0555

SHA1
711712155a50ff220bdf8849452c57e50feb85d7

SHA256
6972a28a290aa00845bfb07c04ac1ee197fd1dbbdde4d52bb5d7ada13a420e74

SHA512
06851ec3c646d14492bb4693827db9a7aefcb5f1059d4bfd1796263ceab30402159a9894e3ae7e0d2caa8078670c0d4f13811dd0cb8a659cd00dc62c5ed225e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a29566caad18ee0dbb834f43dfab9fc

SHA1
f5177611e523a254a68f4eb6990d6269e161e79a

SHA256
11b636c1df5076b7e858b823c898d232bfa405ce381f8977f582fa04fd686f77

SHA512
6200b6e19dd1a4cc4f1f0d7aae0722ff665e67fd75c31cce84cf484b96c5736102ecae09fec00f81e6e7b5d717dd91eb60c1a1c34df7b1a238921ac6b1cb1211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36e3969e54c62641a4138c1abeed0730

SHA1
485da0dea1ca68b262eba917f407c78dfaa56027

SHA256
e139bdceb57f79c811a7910a5a63f2ba20e79faf8e00e3dc89508fd5f2daaf41

SHA512
0a216a3bea97a551bd6a4e2c29394ff2b3a031af64319f2bcd45fe09202f8407f958ce93241422db12e84217173fef7dac3eb360eab86ca9a96910a0f5d5fb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06516dcd52735601bf79b25904af92d2

SHA1
0436d01918efa771bc9681fa7a3bef492531f8e2

SHA256
2091a35f4dd3c342625e9396b5ae34a4b9a64415a43fefa7ce5ac75a47ba6d47

SHA512
760e890c7a53dd12e76314dcd8c3e8db90527d6d11a0c39123dc13ebbe7d27b0a05d2d813d8309968cb817a013b05de08da2a763fc45af55c98c44c383cf86a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1d75478dcf53724c6d2f82d94fc9b8fd

SHA1
3e704fa9f6cb9276eaa366b660a52b77543361bf

SHA256
906c3c6d44cca956f9007849121f5dafc75b90b41d3bd46f9d8d9e0bdce48588

SHA512
579c7b3cb337777ba47dec0dbb6f74f4fdfb0141eeb3b8070ae23c265b04d1dadabb0618b8aeab5e7edce8d89a6ae4c55594e1a28ad45b88f88bfea52961f5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
11a56669a9210e380b31c9143cdd00cd

SHA1
918517537e1ce332079c840fb90775c33ae7dbd8

SHA256
127ed59f2324870dd4313cf2768e75264e56501a7368c303311282d4688c3a01

SHA512
aff07a0ebff681b4dc77dd131ea641d79f99db01299ae5e51b4dc762ae17a7c339e43cb970246a6b2fc8f7556bdba13723aa1944295fb4e5f978596e5b5a9acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fe7a55dedb4ddd07bfd0af799a5dd4a8

SHA1
292525c173d10b90a5c8a311b5b5b6d047f236c8

SHA256
e2e032856b09b87582534be04fae7d798977d7c9fb95c541ebdd1586eab1e858

SHA512
90ebbe45c688785bb161a1a25101cffb79ab5bc44659e0f17c362a49a7b61e74419858b777e11f6f72a3764b7765fc79f4469d3cde4bcd5f9683c9fcd7c8b0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
56a2a28592afb36ef7721e988c01f139

SHA1
0fb6798016bf1da6b56b45c8911c0a5f356f2478

SHA256
8533266f4bd232052b89f1f6c61d7b8d6a256dcc4af25a94e330fc55f09379c9

SHA512
b3e3b80be8bfc08743cbd08900ed594ef18b517f5ef01af641434abb4dae6fb43a7161a3723f5ba0d2817f3565a8d176abe9d1890d8923668dbb4346d6cef90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1cb9fa5d75a21c407e14ad3f5aebb1f

SHA1
3e6e2567e5eb12e70e822fb96eb74e363f5d5236

SHA256
2f99d16f66bb13540fe1420aabdeea3507738c9b409013fbefb7ba20f026f6b5

SHA512
9f99f0bd4d7c3341fa159740d8df198dfc76f3bb2e9daa11def676e0d5bb75ed1650b2c6a4c1e11e002dc71997590f86c694aeddc3a3b33d1eba12faf145b7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f96beb7cf7375b4a74a6ac241cdc7a99

SHA1
40603a59175b37ae2fd0ef4a76305a6639d0d059

SHA256
28da227bb4888b2b62ddd6c713d4138ecaed6b03a06fe5d18160e2a9df7315aa

SHA512
b0c9692e090c2ba84c6914910d52cb94678b3088f1cb0647b33a3c246db50d0c96d0cee8501bb6890f822dc4930b2dd7527d77cca8c7b8b58767a9900c461667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
69a978a0bfbbb065e41a0646d599d49e

SHA1
5e423f016d368204eb1556c80b777746dbfa1970

SHA256
ea1f641879ea28b460c93f7e77ee30544babdebc17b2ced6d4a65c324219df47

SHA512
821c8eaa167121771f502b2e5ccabb0d3894683e9fd179c831115388262ad05b0b94dba927f9e5f5bab6ed01a0624694dee6061c0e3b0d1722f1fc2ee9252fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a2d126f86c5e3658bf386932ae7c3b32

SHA1
11b65463a9b67605a1f6ff59569d7ddb2b2e8fc6

SHA256
f39ea44452eb39a9a06d0c22c44edf9fd2db1ae6764640efe9838af631714e68

SHA512
f72ce51a9cf0ee816086e3db69908a04b3718586e5b3009756be22ede2796077237ce9d6620fa98042037ca45ea10e6047f94c4ef147a72c503e90b132fb10fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2f11ddd73dc45176a2c881687f873737

SHA1
d26f94c40ce9c11945e87eb4ed7042d6eabc28fa

SHA256
39c8cee650e78fffe5381e69d37f0cf4328ee91eb639bcea955428a50684a55e

SHA512
278e8bb9b2f31a3365f729aec43c00bb8c98d3ec1a6394733f55e5ea497cee212d54ca495ea7a928911eb3ff440ad4d2e9e5d550dccc0b40d7950054c368f968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c36bcdb379b78ebe82a86aa1af0bb02

SHA1
00d0ab2a6269fb6f2f8474c97623f3675bf14b1f

SHA256
b83b15daf75636c63a529636bc76b8f7bac93704a099507149ad7aff2e4f5ffb

SHA512
1be73a1ae2bde7a809a17114c3daa3040432337fdb822b24da510233d2db76de5c293df4db428c731275efe2f43c6bb89e96b3597f22cc12a0bca75a28d961f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
101afca7fca859a6c53cd79f835a71f9

SHA1
48e5541f40937a6d265817c8966cd95d3d01ffac

SHA256
24a8bbca0163827b8592afc27b1cc93e1a83c12b7084024d8d0a8388ce8dcfc5

SHA512
0d738e8c2bfc572cee5886d99e6a759b7d72a4c1429fc7af0dec8265e4f9513335071085955a6f0968809347ddd4540053903488133aab638f48fdb256ab1aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ef85e7e9fe5cfc2fe02e3f1e9ff1360d

SHA1
973f343b5fcce9e96423fb1dc52fe72745b3e426

SHA256
ce3e609076ed8986c0f7c99ea0eabca93eadabb044d02e277a73179da274fb2e

SHA512
587199d398fc7021384c9311fe28a482b62527b812fe03ecc5d60611a990bbac9a6c6a6c96de56e3ffc7f344d2354037293ef830f9536333db7b50dbdf6a8477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
de15b87388e473106164c539aeb4c4c6

SHA1
ae511c3bc771c5c2e10f06b237ea0ae6c2f95991

SHA256
118a502e7854ffe1afdee7103805ab6605c82556fe2fc32e1bc1168053a05f86

SHA512
fed94c69fe108adcd56c063694d069e77a529663808486b7dcc66b7d5a311bde2466dc29af69476ca85a37c0b6b913a7c0991810b474bd0010f3fad85aec606e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3a0b4670a0791b3f4656bbf657202b16

SHA1
f1de9ceb7ea6bf880f4f9a987a60cf16fb74ad8f

SHA256
ef43d43519f7b7d0e7f706436895a39783234ff9c43807abf6cc5f6f399716b0

SHA512
fcfdefd5116645352247b7e69c68edd2cd2c7f35dad35f95ce375d5fd0bc2a9b1f8647d715e4c6860608e909a35db78bd3a84ac5d39c348ad9c28a6c0f3baa5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15a565054dfa29baf70dbf75254c2cce

SHA1
65b7588e5c76189a8027550ecebb806d056a1155

SHA256
20667505237d14f1d2dd638fb7bf66678f2a9f28327175a6da407b6858a71997

SHA512
6155105a75969a99fd40373e158b03de60e4792ddac36b0d4de1d2af46c019abbf09332812e74802373bfd6ded2e368f62b1275fbb46b9986f2fa3dddc854aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9c57e1682805160a5806dbe93ac2d4b0

SHA1
3c216e0a93b08c7fe595f1c7088e3d5aeec0bdb9

SHA256
7765e1e804e8c35829f5f87c85ff385cc267c88b8148c1c74f43c649aeb99bc4

SHA512
d68baf44dd3bedc40b42fa66f79c8f62c409e79822e31b948e39f4e7d89b76a22293d612f8b86bdab93cc77d7d0ac496003dc325a01177ed22141ea2df66b5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
287c3843f690ddc3eac37665b9e58a5c

SHA1
5cb24258e31b576a7825af4dafdd953f3eacc6b5

SHA256
f53cf16d011c15d2ac5a7de5689eca9e04dd054ba40c9e2a9e3db566bd9b7181

SHA512
51aaafbbc4e34396cbb7104adbfbdd9765bcc2c0866d74ec22e38b94d00762fc9cb955407dbb8e9cacaaeab31a8e433bf90c6b9e55249fcd4e9b421bce46bc2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
da87ffc4a9af4f8ee87c79ebe89c762c

SHA1
35c6c959086c1827dc5f2ea248a0d5a8b9c99a3b

SHA256
02a975d887714b92fea3c519548b1c50d959f49e0c4d97e73000378f3af2997a

SHA512
2feb12e68d5638b2e4c0fcd5cc5e9c1e66a13ff16a1c207d8a85b48077348fc6c4593a722f6026ec22a7a3195dd39819f1dbb3024d1ac3acc8a1ea30b33365e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1aa92f39e804ba791f75f7c10377ec43

SHA1
11c986f6c88ab530aee1312e7695b11ea488eb27

SHA256
a846ddf2794abe195893bc348db0257596056aacc6dfb12dccc3dbcfdb2b820e

SHA512
e8f21bf722b1b27e1e31d494e86f1e3f42ee61549275c116605e04132adec403b684c20b0dd3a641fb69d8dafa708d7f61528116cd0cc5f15dc97ef811dbd4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a9659941f744087404ae909504f60ae8

SHA1
e08cc425996874b3cf5c3388bf9aa3f17c9a6cb7

SHA256
637b711d9ae521e62787b1fee07ee6ed2349ae9c6f04928c5a9cc6b5465b43f1

SHA512
67aa4c5b84a9ce5298798e87b752a6c5cf85a047577090d9b11d3385967e8cd60d87ba662ced9a55f68c9dfb4b80fadbb8664fd0ca1c4c008ca9d16ac2b73ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
08ea6e0a285c471c24edd0b1bf665be7

SHA1
358e7c21a3308452093043cc6bc0bc8d07a4edce

SHA256
1d08780f8efd7fb062f8d1f5c407475039f93bc58ab1dbcc3b6b1a653a3d8dba

SHA512
4b6ceec938db9853cec4e1e7a6615e9ed5952bdb069b683d8ee08f4f767d07a021f537c1c4e6d9916b249b5e096a484c0909246dc239f4abb685a2b507e5ce13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bea738b147fe040acf78d2b021ca18e0

SHA1
7fc4af095fff0e3adf5d20e99dcef4811deba340

SHA256
9fba8af198b47590753fbb7d9b795d0b37a6e587cf600ed278f999b55e7c54e4

SHA512
958c719b917fbf81420a8d5588209c5999c0b416d44547174f5a030d9b9b95f397a4f14ce94c16af190f0427ae7caa098488b9fe4b9fcc1796f40a0812b533fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5324bb075f7fc3c8c4d4cecd087e092

SHA1
63698cea153cb6d280fd0bdc37aba962f8cbec64

SHA256
48aa0638dbcdac84d8a62aa36876790ab545568b8180c1a75878fdaab55990be

SHA512
b5eb8f9c9d88670cb71c27faad8cab0336935cd09c27ce5f212b60b9abb19106d818b29f372e637a9273e1af3ffd133e4a5f7806a9eef721858755e78b992803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0a110bfcf00e721d6707f51eb6e05642

SHA1
5c00e8c0532a578c05ef2a1d4bc5ec72c15e4e66

SHA256
032d2ef823c033be51237b49209d1bcbb41eb836a51318b7de1eaef05b79925b

SHA512
da8f8d281720a620256adf9b6dd8fba4a56234b308e63d46c7a2660ce935cd648e669301ceb2be516c4e5ac5cacd9b911ec7b9a0ab0c414c671ca66e7223d773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33d8b9cf476113368b7c23a2d71279da

SHA1
c1d7846a6c257b3e5c01a6a77a0d89f9423d1797

SHA256
2c219c9f49919b8fd48c52e4dc9a12dfa2bf3e13d8232d4a1d06ebc70ce9babb

SHA512
74d017aded64e587b6c43ada4c820abc8bc88da7bfa59ff55db95b0a283328a210545eccf31d2515aa526051787287e1c3603d85ab4efd873522911ebd7a2c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60a12d1a7fdc4b150110573142a2db09

SHA1
1530937c80b324af47e8d7c754dccb82d2e01f64

SHA256
348dfbbefd49738418f79fbd47d2e547eba4ab82e3e71e52d8930a1653d99e06

SHA512
4959f0c5334345b522dd4fadc0e38914fb22b4192dca4589178c0c3e583b89e72da7619cf83401d7fb5b3d8ba8bb832bc60aaacad29b89094b2837235c2731f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b018161a421f431a5a5e2090eb4101cd

SHA1
416104fa3077d357de6541e2befb7071a87a6571

SHA256
834884c58f5af275846c55eda8025eeeec689d9e905a569228309d7f073a022c

SHA512
65e5ffffcfdfa0d8b21d10ffcf7b51845ec994c7cce88acfb52dd50343349b9af560d21564ef06eee956965a1ff5195ad8255fb60a15b9115335be3d2a5b5830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
46082367da7bbb02aabbfc62d68dbee6

SHA1
698fec52f99697772f15079cca3fe174d63f79ae

SHA256
99645d6269ca585f440ad36449b6a365b310edf81bc9740e4b457b26cd8d3144

SHA512
ef4a2849555eb68712fd0c2380600020bf4c426f5d196b700877dab5c3e8993e5627387cea3b2a0830590130623beb4e71de8626c1d902f1890a6372b7965197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c0e9e461213a5f56b6841ab9c2d9177d

SHA1
976516ac5c2c75ba8aefb9b929aacf32b0230cfb

SHA256
0d216334b52f696d34745fb60b5890c171230bd5ae16de805aacb74e0f02a2a2

SHA512
3f76f8e7a08a5fc1f9f483ac63bcf3567c038847b0d373341deef8397c37d09da8d6b5943b41af788a85b48805de7393657efe889e121403ea304ba991a5b208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8cd92838020c76db8552fc1e0c801bb8

SHA1
a780613d5cb8d6e77f85804b58b46f14b4e48aba

SHA256
ac616ca791dc4eaa87651b6b25406b80fa2c263d847783c4e7af98e4776389cb

SHA512
7e15e73b1ae096d24ffccd6c2f1342774c7546cae32ee9739503e56e3b92ff8d550db5e90647bf45ba351f55a0d256237eff81c16a67d96e2801073732aef3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4528031b3a6dc3307ab4292a4a2e19ce

SHA1
eb2c4449b3b3b3330585094a253e3d9a77adabd9

SHA256
4b27fa9acdeaeaa73c29bcd4649b59cff6fb5fab34c5b48f88a0d01fc1cfd267

SHA512
78e8160dbde374b1335b724ae8c22fe02210e0f23b247e1929936a6ab972261ebec3eb28ead26918932d93fdd2ffd6761a462d8dba4f9b0d7018ca7024003a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
1cb6f67b37be5fd296e9d11a565955ad

SHA1
66c897d7426497ebc9008d3a5bc01f48cc1c2952

SHA256
177e4c1ec35bb5e72d63b35a105642cc40c99ab16566fbce54e09b48579aa817

SHA512
8e4341f81350d78e328df1f526ab6a2e2c616ce1a3acbb3e1851439feb1f63b2b8237039332ae4c1f93f23434186edf4c3af08c6d16c60c5318cad675368e479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
3c14feb6348b74d2b93281a3f4fa5e59

SHA1
4ca1ff7f7bc46bb47383c236b848a07c1d8bdcbc

SHA256
79ee12d2cc9463f8e0df2034d1b0facbb1544372635411e15c93278ca2130a6a

SHA512
9f51a2a693cd1f34fe7c705fb028ec85901cfba5ca79b544e6402b0632a15aa27d051df892a24e191516ce936e78636019e5c89e127f6aa652e880a8001115da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
c364432bf142f735d774a1f8d2f7c664

SHA1
325044131f2bc0e198f5809631a6f882089de260

SHA256
59533d53f4428cc984367d966a282b015a3a18c29ca05f8fae5d9d4f2518e144

SHA512
864c2d4beda7da595a288f9a7c802305ec02536f9a56d3a315dbe7c58033dcbdc90ddfd2863c7267e36413a1cce01f302d8cb571077b4a8d5db1810e42b4b8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
63b4d8f0576a1ea3ce3d482a961e42fa

SHA1
ea3df99a4e7da671fccac4fe1aa1b722f40658ba

SHA256
0d900565359a88ca41d8ab71ee9be499e51efbe8790041c47b3fc6aea191f04b

SHA512
c75dbc6e6d3afb62ebf9892c0f9b99d5b783728a0c185edb6c502bd58b1ca845e6325c8f5e037b478c3f52ce0c775df7b5af1a58633941b16506e431bc79b518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
5a85f19965ae7b2e548b098d1d2bd490

SHA1
ea7409586f602ffd224da204c006e0ccee7671c2

SHA256
f2e690fc8b89b6478b75dd14704f1777d3cdb24446cacef1305e4000c26cee50

SHA512
b33ec66eff6b45107244c9633901333e444c152df25fa43587dd4c0c59894bb2ee55bea77441b6390130c3189deaf86f02f8f73c2a32ec445ba4a3b0d944e02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SynapseX.exe.log

Filesize
1KB

MD5
0388540355a351f0f503fa63764f91da

SHA1
7da660f59bb3a43c42a6f53e1228f4b28a096d6f

SHA256
c61790bd6142ffa61ec89621e55df61b925dabf668bb1f70eb70965a4ab4079c

SHA512
d645259e0ced7820c0a95d20275d9beb9ac75eeb133012f6a9e8f3267240bc958d0477c28af8ea71380723b087d62b3efc8b8f563f96e57568df267e3160c364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
3eb3833f769dd890afc295b977eab4b4

SHA1
e857649b037939602c72ad003e5d3698695f436f

SHA256
c485a6e2fd17c342fca60060f47d6a5655a65a412e35e001bb5bf88d96e6e485

SHA512
c24bbc8f278478d43756807b8c584d4e3fb2289db468bc92986a489f74a8da386a667a758360a397e77e018e363be8912ac260072fa3e31117ad0599ac749e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c67441dfa09f61bca500bb43407c56b8

SHA1
5a56cf7cbeb48c109e2128c31b681fac3959157b

SHA256
63082da456c124d0bc516d2161d1613db5f3008d903e4066d2c7b4e90b435f33

SHA512
325de8b718b3a01df05e20e028c5882240e5fd2e96c771361b776312923ff178f27494a1f5249bf6d7365a99155eb8735a51366e85597008e6a10462e63ee0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
e1820d43ac67fad0bca8d037b557f450

SHA1
04612ce6430640d2e3eb41d1382d23967f6a7fe1

SHA256
8fd834b8b4dc41e873d67bbfba56a6ab3d0aebb06e42437ecf08fec03d489ef8

SHA512
c1d10a199bb1bcb70ae717635d5179bc4f4594a5df780e0ad363343da2eebc2407460330b4af8f6de4b8df9e19c6b9b1cb5a470d3e432c1f392ea139a3dff605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cce846d4d061ab3c9c60e2e4723afc37

SHA1
dbfb35606ef1ba6a8fe0761baf0a5a8d61ddc3d0

SHA256
05493954effa576bee288b5da8a22c2b8cf6b3f1f7a7f49d430ff7c959e78385

SHA512
c21366673b03e1fd661acba46d00200f83df5a40668f1c39abcf6e0d92370a8fc40758e487566fd7066b185f0658d9f149f293dce01235b60fbac8c40f4d7172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b3abf9c119b1e2a469d6ae5f0e7ab71b

SHA1
8721c63601b1873f76a4340dfcd3a47838bb8121

SHA256
5139fa97b9dc9c7d3b495f1e3af4a0d6d63351a7e3d5fc6e882b6a97e82015d7

SHA512
8c2884502ce833054894949c185304f7ebebd00cafe2112f9eee11eefdb1f8271aef9169fdd27204ce4eed4f8aaa28db44f5da524bca2494b1b22c1eeab20670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
8a424e81b5a6078deff05e153c04a0ee

SHA1
bf209de0dbc1dbe7c5b5b511bd34bf447a3c049b

SHA256
79ce6d6caea4a9eabf8fdbb2a1c58d43fb5a3c500c2dec3fce87c160d2c6bda3

SHA512
aa01195e5c1d641304b08fed4a3bffc916972aa0bc20e928204cef1783f38922a03b761cf2010ccbace1ea0d2f18cda4eaeee4d8969f32fbae5f580e4e38522d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5e22dd1cda88782a1f52f76e748ef957

SHA1
3231826619a06fa541e2bfb21da445bd7013b5ac

SHA256
73302eedcdcfa0f9639f0d00e50c19f7ff4b7bab9df431cfee38e4b94bd4ecec

SHA512
75039c01812a7c0bef9fc2d0b4b8867c9acf2daf6a8ade8171d8edc7c0a2ff11488554d30397fee424922346394f14eef7518943db769c35e6916bee26f16498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
c42e36ceaf2f8d728ebafca893098183

SHA1
4790779e4c45ea810b6cdd3936342536c21b13d2

SHA256
f66dd3cc3aa996ab62af5e1810e465b1cc0cde0322fae30cfed75eeb4dce0171

SHA512
08b6926a0882c1bd4e7cd8238c6ffedba5116760aca90607f0e85414094146b1d46bfdcc15440e4d4cc4db834544505d430c1b1e6b04831d00af732301de8512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
494de073067224860ddfa87f20c1fcd5

SHA1
139fe0d6cc741fdbb891b5e0df6e236fcdfdd7de

SHA256
5b67e54cbb8566db2c781ed86c2e026bef8e1c6e5b454c42872ffba7782a9579

SHA512
2457bb775ad7ce2b62b35f5cddfab1c1e1b16dcba83e38e7b5fb2e205048ffc5d220a29a9b0cfe218800d46fc3888480a0822877cf392aeadcf9287b784a390a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
a67eee085e8f68aaffbfdb51503d6561

SHA1
29db9b41945c6a5d27d5836a1c780668eded65a0

SHA256
6e155bcc98f4e175a8701f030b73b14d9002b175ef58a19cb9010af3964e36b4

SHA512
7923bc74260e77d62b20cf510b79e0422563469ec3543084a989db154b1e39370f1a6e6c6e73caa7471d0974a693b1beb4fd2ddfb14b0b5c58650b5df3c32d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
3da88f83eac9e0405e429e263fd9ab02

SHA1
8f85fc4510a9553dacff1c69d0c711655193a829

SHA256
b4fde8230a5f7a0d8a35b70e798c28077e43ba5d0e14001747535fbe0fc128ad

SHA512
57ed1ac36af366d3d22737d368852884f6d9bd39d636d831d37f4f286f6ed53c01e698e66ec99160b0d66244c0000d209d1fbdc624e77fdf33c4215b8290d2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5a0df240cb43647883ec0b33fd731423

SHA1
845eaa0564aca19706ccc4ab1687f52b6c78f98a

SHA256
425c0bd39a54a400b79bd6649364ce122a5a25169cc1175314b7be36f5616016

SHA512
415d6acbc7905c5e5029affc59f9a8a5207941718e6f463e96c22c9d1d3323e669c9264fe5b40759f8b94c7cfefbb4c362562ac57efe060f8315e48302266eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
36bb833bcefdd2f80a289fc681c87627

SHA1
4204fa10680f0a9c2699a9eb52709db1cd68e0b7

SHA256
52be5401760e6cc30c6018d277e7ce91aa262b3888297f76e95a20fdda8e2ae6

SHA512
233fbb528d3b7196fb967fff74e66dd589b6a302e97774a24fbeb971996aa6c1b17f24f19380873c976978552e245b3dd065cdb9d4133ce554c507d92f8778e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8e1fdd1b66d2fee9f6a052524d4ddca5

SHA1
0a9d0994559d1be2eecd8b0d6960540ca627bdb6

SHA256
4cc7c1b79d1b48582d4dc27ca8c31457b9bf2441deb7914399bb9e6863f18b13

SHA512
5a5494b878b08e8515811ab7a3d68780dac7423f5562477d98249a8bedf7ec98567b7cd5d4c6967d6bc63f2d6d9b7da9a65e0eb29d4b955026b469b5b598d1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
beaa733206e6159a16f84258a3868738

SHA1
5d973073d1fb8bf3b4654ad9172b1519c5ee3ce7

SHA256
d5387e07c332114cd393c847f7e0fe5108ec208798391a756fc1298daab786dd

SHA512
0fa50d16101a53ff2c43c62e370462feeae1283b6c33167d1ca9e293d2373f00e16f289f07caabe5789aa633c3a622bca4d3e499fd6af38001a3dbcee454b73f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
9b1f76fa063a888dec5e83e30987d777

SHA1
fde3120aa511bbd5b497ca8e4f6a9e5078143807

SHA256
f33a73899a8b840aebbfd0a2e74a266112c51b0547adb8053ee4ef8690d2de18

SHA512
676ca100d8ca008090187d862484f151384116277c572de83b1a7411804c80a3510ecc48c878b51c3263839e246f8a29101bc3a950de6260a4fdc9bcaa867ff0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\056FE22E170EFCFF3E57BDF811DC6A550115DE80

Filesize
19KB

MD5
aa07d9002389f8930a28244cc9142978

SHA1
46a100ec627ca06cecb5e1c74c45e57f2e962c08

SHA256
edd6214cd05b5dea2fe6f43e00a40d64ba04efee6eb871496e69652b2ff23247

SHA512
68bf2e0af3841c0fe9a3c0ef75e62a07eae4bb56df2e0df01b9ffd3056ae18ac97e06589324450935833dfc4f8e48b5c4beaadfcd7b3bf935183fba0cf16ecae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\1CA27898D1B6AF73181E16387400860FB335900E

Filesize
48KB

MD5
d79e0328342dd51bd1ead16ffb407c41

SHA1
b7ca01774bba17aa7558375ec7ba8f8acd8cd4da

SHA256
b4499767ff1b761be5cf5d82dc1d007be5c4b4109a232f3c55648d5663ff2f5c

SHA512
1257388363116b933bdedba2926d2832eb266a82165d25fa2127cf1dcffce5d827dd941cf1d3baeee7c3328e23cc16bf9873ae0fe662773c42a5fb36d52817a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\22D6FCDC9520FBCD898494BE10B4C116712D7F1C

Filesize
55KB

MD5
9f87217febd069d57ec6453d83460329

SHA1
523191396e3d920d350ebec9af088bf3783c1804

SHA256
b11b019181144f2c586e90bd59787c1df64519f987f4320fd93d6009e947a4fc

SHA512
3ec051b8e714a069ec31d56aa107cf4650ecc5fc127d00794e384abc1e5f895a9720aac80fcc90bb08030b6634514aa48b0d4bb28b2e4602668f364094383a1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\2681DF1C05D8B1BC372A0505C935A59887AC240D

Filesize
44KB

MD5
d239f41d4fb72d85ae11cf49ec943da2

SHA1
84737da47a385860f3d4435e2b74686c5cb6abd1

SHA256
773bfc17760b8cd9c845502e9458605a97dc6fc55770ecd88b109813c50cee9f

SHA512
fa7d97deea481e47edb38bbbf85adf7b7496164a761cc163cef6f7de89d4c50fa5c6ff2d6ac51f176ca7d48c1248d966d49f0a5fdd97284ef5b9c0a5c9cc6e60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\35E25671471609E16A4B568035D2BAA3C9640044

Filesize
50KB

MD5
f0193ce446723803e01f9934391cd22a

SHA1
a70dbdbc4935e43009b0aebe7b2807b10742dad5

SHA256
c2871cad9340c9eac4414f7b6acbd05114a17b34dc7d4fc392cd8d347232f441

SHA512
ceef5d2702003c79e4af704486f20c7fe9f7a40c7707ed003a9fad72571dacbcec291c3ebb22a9b68c8dda0d0d6770559ea77f6901fdfbb28f9f8a8c0635d00d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\37BB0D118B150620421D3CEBDBE03FB4F91BD82D

Filesize
37KB

MD5
b62b8de524e151b04bc1d710a05ca845

SHA1
0dfc343e5bb2a53bc5902ef218f770a96ce90f2f

SHA256
d31a1d0312dd11c3774264deeec7fe942419fc26e76bb2fa85f8c2f47fe236ea

SHA512
d9ac635c7c3fe9289c5e261e43cb636d23abe3c8cdd71ae7034fd4359be589d9722da596f5fc875fc55aff0f6dbed8e589fd87770147b2a67b37b5107d6de4c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
5d89798b536c91930f33317b0f1d72e1

SHA1
f3caf6ec334f0a511c3c7618e6812f648d641b20

SHA256
1cf5a28cd3642cb357323d8bc9e8f589b7c153d9e7ef4517cc2bb41fa9e39467

SHA512
3e2a7063b2f39fd3ab6247220160541238583aeb3f24cacb44bb76b584140d0647a295c5c2260f3719c2f8efcd0ab4caa916f57c40a7e5c4398208ecd921c344

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\48A773B8B92BFF039D7CB5A9DA03A6DC953D7D7B

Filesize
43KB

MD5
db5dacdeaabc1068ae2c03d8b5121453

SHA1
808b7bd7c6154ed31719c2af15672089fccfec7e

SHA256
dbfb62eeb11c6aaca2c29fabf7cf161c454736656ad7370c6a1cfb449a0ead19

SHA512
2a22c67569f58550e65172ee6178787f3702118371249a0bb0e59ac4b1d7c123c0a17809ec59d5450a5c9a0e8308377ee9fd965e207851b680671f7dde5c781e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
99KB

MD5
443d01d8b2b4fe14925bb8350357775f

SHA1
9a1076d519974c80301912b160325d0290b5bf9c

SHA256
1c5412f59cddf2fcc029ef23d29ede0e6fbc72abfc8b4d31e224b0a86af1b863

SHA512
fe30f3079b8aeca1d957235e96eb6ff8198f7f8c730f78930e1a5757034df10916c2402f01f3a3cfa6a2b235027b0caa981900414b39235ab7c4dbca2e73533e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\5B2229BDB395F90BD36DEB8AC6207436CAB7997A

Filesize
15KB

MD5
40ad324a49e5fde3900e318a2d8aafeb

SHA1
1771790917a0e6cf0d71267dee9d48a2744f0077

SHA256
f5a8cfbda07276d4256842a62ae567139886e3303ee1f1d7e695d05497a504a0

SHA512
1e4dcf07428c22be7f23023c8944e773afb9ba2f5e843f42685d6105a2f2a0a565f9554ef400181ea405e667aa79acae3132845eca4a072b05e38377c00cfdbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\5B5F81C77EA4A0D4425E62E3D6F82E571526EBF3

Filesize
14KB

MD5
b6ccd36731222a03edbd0f05eb8826a4

SHA1
d58cfa310a77f7cb091856853fbef0e6bbfc0792

SHA256
41b37fe473ca50a20b1ae814c89f7032bb1c88fa6c33028c306c45d60737551e

SHA512
0a76e8764ff507ca29cdafac47522ed089b90df2974dfc2c9ec59dcf10887c877351fae1229cdb4bac1e76d660c0694b95517b615e379f4967f73b9c17a7e1f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\5D9B93E3823729AAC6832E3AC8763733C9BEF7DA

Filesize
28KB

MD5
065d586fc2fd9262be75d3658331c498

SHA1
f0359d2c99adc7f6d698b0952e0bb515f2be1fcc

SHA256
77cc5c2f07357f1964352a1b4217d09e9111b23f3c609e69e9c90bb42c62453c

SHA512
ba471fb57e7acfc1967fb3dbb5863bb4ea8758d9c16979891928a9011a46862a6b3b67a3a8fb3ebb3dc23b82ff6a9f3205f5558b1914911b51dc94d54e3f19da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\643973A72CB665816E627CECAEEAC7166A356FB8

Filesize
53KB

MD5
c7942d5ba3cf7581ae3ae33ed6edf501

SHA1
6dff8ae38637665263fe5a229b1e58dbb500cb3c

SHA256
399efb39063f3b487748a16652d66cc5079ac0d25a0ede9349ac21cbc1188883

SHA512
eb55f09725027ee8371552728f089a69fa9ad6b29371d8d4b600aca1cf6183f6a08a9b4805f3608fc70a7ac043ddb6b7dffa0a4ab7504147679290857e39be3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\6CB8DA195B83F1EE369C11A33C63581DBAD64D6E

Filesize
41KB

MD5
8dc3d59175a2dfcd23788ea13e0597fa

SHA1
eb4831c436b13910df2b5a7cc6795877541a34bb

SHA256
4f1dbbcdbc40078464bea82833ab1388ce6a5d4781ba34bf3db1358192bee593

SHA512
abe913cd98737c13b5bfdf018cb7769d8eb033ee8bb27eaa63d8f574074fad8e8c826bb3e71ed9e1381d4d75cc4f8b5f7d32b31a5b306b5a19003031b37c80bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\870984DE7E5B53DFFB47BEA5B16E6DBABA7D36AC

Filesize
47KB

MD5
6800c5ed8b290beb41bf6f69083feb43

SHA1
cefe74facc9b3991e054add033290c5c245f2544

SHA256
25126dd584053ad2395fe7764123d8073ed86924f402abd0af084f339e1feff4

SHA512
d590fc5c5e48b74a58fd87b920e7e9a18305860d764d9158c4359dfbd069bc5648896a4e41cce087ae4ba50ff001afdb98bbe99b5f0f1b1927ce98fc47e791ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\88D98E29E70FF6FCC796CE6166E1AFAEA3FCD363

Filesize
16KB

MD5
ef7714bd5509e9b020695435775e499c

SHA1
3122297e1670188cde875d2b4817c337cf562c3b

SHA256
b8440510312520ce0617cc327c4aebfb6cc7a147d5d235e4edb5aa63e877e276

SHA512
320fe027734a98d78d8596aabfad9508c388b6ad33c8541dcfb031cc0c40a4967ecb4a4c747fa4821554867e5f985b5668e35f826a9269ed9d63278dcb09fba5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\8FD458F161F00135BFC4D0E3B48D98638D340C66

Filesize
53KB

MD5
71785272bb7ee93bc249e3a89c7d6741

SHA1
10b92687ebbb5197c1bf2fe519e71c092b32600c

SHA256
7996cf766dc295bafc63ba4b2b2be38d1904844563a94f7c86d4ae8e78e5c52f

SHA512
ae35752d69a2d084b7035fe3a24996a9e837e6c3293b55ec67743f584c6ca2a6cd224ca78ea47f96c1c52c801627649ec30e5e1cfd569b51465c596fedebeb6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\94A149694DFC456EFBF58B41D01186DD49CE2962

Filesize
26KB

MD5
4e30363496d50d99bdb2f591fc41e8bf

SHA1
f9e5c1cc9b89cb59de298810351361f2bb50fa3c

SHA256
dd1365023ad1764667eabf3c589670ce43aae14d1fd16f727bbba9290f38f9c8

SHA512
ea34cda83df2463cf65906eb811b38b4fcce947ff1ec735818976fb265ed5b62505e210e70f3cfe24750b8fec9798414e99fbf8ffef54df311c057f35bec1225

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\9B5DC42D011707A272F4010AE622B8F276F1ED8E

Filesize
45KB

MD5
3d32b50f29df651dc0b8a3606efdc550

SHA1
327460e8ef48f08969c62fbd6106e9595b1560e0

SHA256
de320d5f0690f5ae3a16b0638128bd12c2f7760b28f0fbc10be44a22cf54abd4

SHA512
48f7641f2f4c73da1a2eeb5e517dd39069883e2eb3956f771ab8882dde381a45a7c21a6738d96e49f457506b1976bd46a993aca4ebc895848a08ced392975a3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\A9B08356EBD30B2479D50C01DB7627B8CACDA442

Filesize
97KB

MD5
ffd350341f94100e4d67d0fcd03f233d

SHA1
62b48f93dba1ca44bac14d9201749f06b8e9924a

SHA256
60e0a90415b31df501d40d07a213ae4d41e5cbad830d37904960b48953485621

SHA512
4af4766b6c426b3d97013c69a9147053bdee0f4c6a129fb26ab9fc7962e30fa3b0b2b8b3eaad1177e02144a5410007a83fa079602726057a96e579d95c965ce5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\B187790100BD56D71A8A1504C32496A1DE5913C6

Filesize
29KB

MD5
fd977be253644f55299057aa57c001d2

SHA1
d980d0b876475ad99053a0f582bb2d410572e112

SHA256
3f0d3f7f700e4f0c4133c62d42410a38c460e65b7f2f3eaffc2f21e739555e95

SHA512
5532d8093e650c03685fe3055034c4ff4abb45a9efdb8e1aef6761a503b9c98f180239414e937195683b7610b522612014570f6976b9a29b994194946a627a44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\BD8367294D6A3B91023781474AE564DAC5FADFA6

Filesize
18KB

MD5
fe3fb9a6dda024f58ebb785333aea572

SHA1
55c7cfec61aeb36aabbbd73d871d31663bf9d37f

SHA256
b61cffe9c6ac40241f677b8f435c6f5e3fb353bfd6dcda8a7ddf746f473fa81c

SHA512
282da16327c15f48c88f04a217a58d5d0eeb0cdc08668671a8458c3e11570ae56752aa00bf27765d52ee258013aedeecac2dfe5aba73105da24a50b849645f43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\BEFE11C9B3FC844F26C5662B326E4F9B52127B12

Filesize
69KB

MD5
72ba03696bfc7d07c2ab949a54c50957

SHA1
209ffc081c6bcdfc13a1ce326f0470c9f82f72dc

SHA256
b3b5a9d85d0da361a145c251d7dcd59cb67cfcb57444018682b5006087193b91

SHA512
51cdc5b3c725af140bf1bf89e5f271d833b9f599f8a7b6be898f0a4f7119a4e59b3b40cfa7b7be45d5195f8656f7e7775b18d4fdf7a93cb67ff490fd1a7b3485

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\D94A678A2549B8A6C46FD1D1E3BF56749C7D416E

Filesize
28KB

MD5
9cf25de8ac57f904b53aac3d89e11c13

SHA1
f0f09b6e4d1a7519481d462bb2c9329baa1892cf

SHA256
2e5d756830c6071668e0fe037e8ed5d741cd7f582907b29d320252a616db5c47

SHA512
e7518c6f289bcdea6546e6f13cb37e8ed3ccce69bc9490e6b921d4a02612bde678c4a98a72d7adf89c12aa9ef157e9ebf94db038fe2ef99599fe97c7eb89ce7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\DD725CFB452B155F219B31EB244119400FCB1F05

Filesize
31KB

MD5
a61c074ea78458db874be3c96424d885

SHA1
e79dfbddb33ec80123b2f2fcde296262260e9139

SHA256
75bcedbeb7feca0051b400e76a632eb07dd8555bd5fa54f1e03267fb51e9ac4f

SHA512
d02b0255bb9157f1e757c11a7d1bb63f360107b093b35476c655811192a9c878694d8e65aacd3a3a4a32c8cee39aa1a3fa9e475c9a54b0711ce08cf7229928aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\DF456E58304C9DAD83ED69C2CA536AC36867EEA1

Filesize
116KB

MD5
8a499aa4c7d480d432569c97d69d2d66

SHA1
f260bb32956ef77a5b6fe812c3249940f94fda45

SHA256
e257116a6d25685220019a2d92ac502d21ccd7069d2b70196346cdbe77bf516e

SHA512
e21f1f0a79b0d177b485d5253a85d206c389a7cd1c9235b940f67ec787a4c3ed4c09e9cf5562328044f063c1f315e800d73a02e85d8ac5ea01ba44ee92135232

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\EAF17210F28F22D6EBC808C2C1515A0B71A3E8BA

Filesize
163KB

MD5
140f92e68fce27ce7f3b007cf3931ea2

SHA1
ada5b249660e755c6df974f8b0ebb2452d543be9

SHA256
6f089e7d7b74fa437eb47c5af19c4c3f1da3c3eb96d5ff964323c9bf7026a68a

SHA512
c404406e3fc13b4204197e5a5b47bb78da192acfdec76b9554805959c6dfe007b6591d213cd3e1fcc5bd25d2eea730115cf45e0fd05c596af183cbedae1cb60a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\F0A9881C2DEBC616F3198E74FF74D276244D0325

Filesize
16KB

MD5
1b4425aaeefe5d2da3cf2e1b9ef99e94

SHA1
fe34be7843e1ba8d904d872b50f3ead3fa783321

SHA256
4dd11bce2bf61c0530df244aea8e3c80b89f858107e94ebacf86633ec1232924

SHA512
e98cf0722103be7571bbdc4210526a6c0cea81c8c95cf802d207ed86d4c64b9fd4c75c827cfccdd21976f8ced53ecdc6b5073acd9a586199bbc7d2deb171ce52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\F37C1195822A75A463BCDB86AD26C84ED9EF9D34

Filesize
40KB

MD5
5077b55d7021150339423c6bdaca267c

SHA1
7d8ee56b35a31f57eb99d060497bc83b8f5fdb21

SHA256
81fb302193c7f7f393a9379053363f55cee9c75f95dafde8e3558599cb5d203b

SHA512
2cc3f046861bdb37133a62251edafbc93ee91d51d0b37e19847eb64e8642d5fc57965debaa375c046bfe15227f506aa0b66f661572133b52e941a4fc7a6611cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\F7238E2D6FD33D777BA92C46B87D7C03780BB3E7

Filesize
63KB

MD5
ac1f4ffdcc5d8f50246d72098a445838

SHA1
31eb2fc896673d9c7f962106f4a6dc2d283a15c0

SHA256
6a755a198566befe3aa0a9263bc3543aa2b4eae47aef752cb378ce616e91f3e3

SHA512
a03df268f8f37aac7c2e29dfaa60eaff1f3a3ec0e9fc1e5a8709282030ae043008644d3159ca0e0231ea4a848ed2064b2c5418fc049cb8b9610e34b2d3a74f78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\jumpListCache\i6Nd0UeTvYsYiGIH8aNaJzsV6mlKJdTWW6ROxH5SARk=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sy1uzek4.eiy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
7961f7fd289d4d84920ec0d11495374d

SHA1
6a9ad02fe12b59dac3fb481a57e235e95ab18247

SHA256
48d53c21714ff9cae9e274d48cd7edbf1f846d0971d168e7e0cf62d955f32db0

SHA512
ba1a9db5996f33f366a19f8a1bd52092ec77b6f79f3a2c81d90905eb0f4cc8bc807ea31b8eac8627461cd9fab1ff4fa3e3a3f8e879316e454eabb150b56c2cad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
bd52c3f8b1ee4b717733a5e99f36679a

SHA1
f67ee158838182efc2866fa7b7c462b24eae57a2

SHA256
c054c52ef3f17846d46b7a737467eec94efa0cfa9d0224a80d5c1cef9a50f5e2

SHA512
91bb8e440cf901f983229055a70b5dd08725c4daff77de801b96ca616ec58a7f28c89e7d16e31d58c67156fb0250307728b21b8bc9bb311f1f788e8af294565b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
868436a540ebd472bface8311e5aea5e

SHA1
56281b4d61311d1e367188f51cc49b2786d89ca7

SHA256
ab97e985bc464ee7c3baba915f6a8b1b5931285ebe41056735bdb3cd2a83caa7

SHA512
d36d5e15005b3fc27d8f4566862bfefda3cc28a28c0b35a888069e081604533e58d19032bc8e05f764ce2adb445d7dcbe20b288fe1003052d790e65af135dea2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
dc5b8f27537dc7999bf97d0668356198

SHA1
8a7e5ce19bb8b6fe010dc234b5cf68816a76e588

SHA256
fd8637f88923a6ac5972343edd731e893291af63bd3df88c20e8cc9160e39d02

SHA512
19fa4f947b3be529af52b9bd4454a6ea2a505bf6ed0242229b971c3fe9b45cf1b5438d12739a5d45acd5df0074afa82ebec372ac04f127fa58c65a54991e1b52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
18304fd65696a233beb62af9e614feb0

SHA1
facc2988b3599898a39de48ab72984bee2d30943

SHA256
2353a9b92fd92c91a5c589e4e80a09da86b86998c7a43e08248b1067f263a09b

SHA512
ad096ca678ba0ede9374ac45cce60dee7d899a60afaaa79191cf3fd9b7163058a6ea8a80a2fe589419e5e5045cfb3269ec24eb5ce2fe2440bf79b83d05d0f9d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
8KB

MD5
aff1ba22e049c4799dd7c59924141a56

SHA1
221f8ce53e5c9bc8750732095f01787879881877

SHA256
79d18a6db8d57f14a02b4814093dec16a8428ee0ae7b6244c6ae102b6ada020f

SHA512
04f2baed76f98a190a819e7a3194cabb354b37e5b084d9be8d87326b0df4cf74e83279aeef99a8d9566ccfa039d4772851ecd86abc99964cbd68d5e753776092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
11KB

MD5
bd3f6bd9fecea343d420bb0a29a0aa52

SHA1
38fa73137c8bff86649d18c454b428abc86d1502

SHA256
f043fb690d6beceddc14135708edd2351e22fc6bf20ae5d9f249370d9a3df7af

SHA512
c8d452d9c00f0e044f01017af11495f826bf46ca61088cf5634068c50bf3b21267b5d69cc0d9ec7c58fd5a37822839894d920347332749aa9e3f8cbc999ed908

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
84KB

MD5
899defca50f5d79f0ce9d08b04ab46bd

SHA1
f726cfa5df969aa632ddf39937099860676d0d9f

SHA256
79f9236a9193e123aec34499fe32b80df1c8da71eb9e8bbcd568b824542cd2ff

SHA512
aff2941e8062a7a12d8411cb3549ed172c50478e305d649365fb80b8513559782d1dae795bf32707bc1bb6df19eb2bdd4d27ccc4b52fc30aa9d1db87c51d39e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
49KB

MD5
724aacbb7a833919b7ab6706b5de6b17

SHA1
45fefc49e108c110d9edace9f3d7ffbe9dc606f4

SHA256
f8d59d19c9083ecfd393be8d1ee4f8efc8bb38ef50c599011efbe20d9a6e595b

SHA512
cee4ba2a4b58b90ef8021e76e294c2a5a77fb5373f42fb8592769a6b9ee81e6f73f60e0b607407aa374843bd511db02aae16950aa0bdc41dca37c01b84f9d0df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0f225c19a242a622f2a4f6db3443ffc1

SHA1
eff5d79e1bb1084c52a49f0b0ee26b6bd774283c

SHA256
2871409aca6f6b8d437b0de6fbfd17eff4a222068c51fd27a3067f195b676437

SHA512
f303e54846cdbcf6dbc439ac77a6701ea8089558c705e4d6888b333f275e8bab3a8b6690250ddd12f92b7bd06fc1d69ef4e08c9dc03cecdd4418189b65905bff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
8acaeec3d8e3da2942e0177dd98e67ed

SHA1
28bacd509650b1e5b1fe033dcd9b954cb82b17dc

SHA256
ecb60eeae96821c89b635e9970ed80968ba6625e820c5046a26078b205ca3d57

SHA512
2a911fef7843609d5d4ada2de4e72f68dc3bb7e0307abcba32822b62c6f4bc2f268279dc6c58bd6315520c236df9d38d934944424ad0924e4c794eb50f7d1bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\0368603a-89a4-4c2b-8ade-78496b619ff9

Filesize
982B

MD5
b5a1e7694506c7970e2c7422b0b5fea5

SHA1
b7afc5a19d2e5419458f8dbbc0e35e370eab487f

SHA256
f865030e2f8b571dbfbc32c702671c4659c6eb77fe21e6cd472532b7d1672ad4

SHA512
a8a38a174b5bf983dea12a140a23bd5130f951d8a52dee33ad450c3b99fbdd5a592bc06def0b13074de5e07851b046eaf3dc592446e5226aa29288d7badc0be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\a809d677-54ee-4249-9739-aab179e17a35

Filesize
24KB

MD5
2dc0f03d8df3bc849ee28afd3eb0b71a

SHA1
0f23a81a365506e1c1f8500e492a7fc855d2bf15

SHA256
ed7d904f28ce62e11c0a984bc4c39fead2e51666f9f52a3a8f5880573f86f007

SHA512
9cd4d04971352394a276cc6e7d64810946ce0d139e9f77e210822cec5154578280c574e63a501f0e9ff033749e8d9c71498515d0900a53c84a5248678759d122

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\c2286128-9b46-42f5-bff6-855ac7e51638

Filesize
671B

MD5
9739b030fd617d33e41a4639927830bf

SHA1
c9252a7121644083845f5809017f4e1f99326a84

SHA256
b6f414d0a88629ed269abd38802faa4ecce19c1fe627e7de0e330502845371fe

SHA512
41fd273d4cbb40efcec68ce79ba6a992ec4abee23af637c7c8a44714f5f29cbe8ff16a4dbf09bf200304ec9193bf79bea410f90d6c3cdeafc6c6a0638dd81daa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
10KB

MD5
6658431277106ebe89b7ceff3c87bf6d

SHA1
5c1765aa6563ad3e1930fc397d8b61c7e5f257bc

SHA256
f2fa2e39f48c529806c28b42dc9b492dfb71b85854fe198150239b1c406c7531

SHA512
6a3ec2465d8f5404d3fe828821fd35e018860d1b3b1257d9023e451096a672f0b54acd02b96108204f3f7c2f39e3391d73c14212cbcbf69cd089ef91064d62a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
11KB

MD5
cfd1c6f52bc0f8b8d8f2f9d26748281c

SHA1
5d46d0fc734838eafccca993d7396204f6a79ecd

SHA256
4a59bbd7b970f68ada8da2ba256eda051f028f2a7766b0782e03d3eb639ef64f

SHA512
b012b53690b81b9247b0ae76a9035e27aaa4bce7831bd5636a9e289efe10d445ebdf278c3c7d947fb23dfb025e5d9b6db8da7daf8dde7ef785846219dc6ae128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
395bd6a1bf1993c5ba4750730266d056

SHA1
4df93f62e16534e272eca188627a3549471c9027

SHA256
8ed9432c41c50a18e6f2d95ccab342249964194f1e084db485d9daebdca90d1f

SHA512
01976441797bae731c8cd7f0f29ef065e75a3d4ad98bb9fe279f66d2668025ceb91f573f0c7db0ac51305b360beeb5f1339a0711226fdc1c138340df10bb803c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
3423b9a25fc822f4f04fe32b8719dfef

SHA1
5d18b916a7832239c2e946686cae9a83228381f3

SHA256
fc40776f0a5307f5f03b78d109ca40208e630eeacfa663b91c01ca23df5d0a62

SHA512
342512266f47bb017965e0f878adc455b4276fb52163fe99e6b8f139eb65fd2267a488956a0f676cbd3603601c6ae9a84fbe933392c0b7694eecfdd780a0667d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
c9526b28cc7c4a7bf5e72bd3a91bb259

SHA1
12815044832ebfaf6d40e5a5163bc13fa909bee3

SHA256
62ce5116fb810c3bf730c25252a3af4234fca6d725e4288e451ca37c838a0ce2

SHA512
a4ebb11dc732ca998f387d6fca42ae73ca9996218d80e055c23042b6fbeaa543b6728ef9595fd36f8964fb4bfa59e5ef0572f3d628a5e485ab5750558591ddc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
6a3b5f1c143c0f9dc993663772f0c3d0

SHA1
5fc1e9461738766b314fcbdb73b2cd6629ba9bb8

SHA256
5c883a27cf1d8757f89e526278dd9f27e24316197e82ae6f67fa21ca40dfb04e

SHA512
f8d74a4e5ef57af6f0031bd5be65d1cedbed66363b9f50bf3c7ee8e9075fdf4aa39b87bb366a3d1a6930b6fd3ee02489f89f3d0d8205dcd1e0b4ee9358da4e05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
7efa957b065ad2c96164dd0c26146685

SHA1
80b32091e4d9284af55bfd791c5de60a0b005f86

SHA256
35e8707a9492ddcaab1c1dfe08f47b72f18c290eb86515c767173c7e8ae92779

SHA512
8e6814865d32ae16406e45d9a369421da4f99da8b6485d8f68b3366aa6ce1c9d49e0735cfe37546959f4dc63e60e489695bff12f31d383811fc0babd1bec8b5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
5f91e018a24cc602bdde2362da55d51e

SHA1
584ee007fff596eccbcabc8aff5ae02255ba5077

SHA256
57bbb95d9d59f30d33482bcb8d45c550112f40b19523d8fd1a7f62c4ac1dbc15

SHA512
e3e2cf7dcbbc8273067d89a15cd098f5f318727fc247d3d7016d6f694844099d1a395498c74bc7cf4ee24ffb33815244299285a8ba0864d5938cfe56b7572825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3599f6cafe57d5a5d5065394f1b1a9ab

SHA1
927b35282f66b697b22a9595dd086017ac9f6a40

SHA256
7b53b4597681bedf58ad7a12f57ff3102075c79d5ac6c868ac402661e8535ee5

SHA512
f0f252483a3b8cf64af3bdb4252ba8b44fa4a28356ff8353e86a9f287bbc10d10694c9e3451709dc6c36270122f4a77b55232042870b67c3277f20bb2f05a402

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
68ed72db32d1d3ace4e0f669363c668c

SHA1
e2a0e2590dacf632ed0202f2965535db40b9c94f

SHA256
cc680ca30c6b77fb3f03bad0ad55b767fc2f0a25603c12ae510fe87ca39420df

SHA512
164be697408fd6666ff48b3ec1bfd89d4da87b713bebc2e4033b909a16c8e97042c57dec641dcab61889cfd578e52c4ba71f533303d16fb93f06812d283e935f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
9699d7b0d37735464407aa162e3ff56b

SHA1
7c8d896ef910a2fcc8f21e2d54482ad1e21a261b

SHA256
a3407a25abdc0e668bc291a5ff897fd165ba68795361446a791d3e6f5d0b1994

SHA512
ce7861aebfaf1d054c86718c38cf1a1ed468c02b1a88c6d2235e74b9e46d2dd26e4a5f81507a1e32e9945c3dbeb27e88e3a0819d4d0867dfb01ce8cb020dabc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
50c959baa619633c2cefe95fc6cd2adf

SHA1
7fcff9e694cf5eeade75b7b157b79717faeab226

SHA256
74103efeb27b759805ccfaddb2db00226b70dcff5b19d3b7ce2c3b8d2675364e

SHA512
fca849df115954697afe0dc4918e91c400d1d180f3dddf5c54877cdb24f5ddf541645e7b9a1be8679e71b75eea4335392b47af924a90ca1766ce31e1d02133f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
d170d747645574a52eff0ba85fe0337d

SHA1
f64b2b5e8f403c3316287d630b136857e98d12dd

SHA256
fcb445c9fd06fb6bcfea3954be99d04fd3e8422e0b387c658d6ab1ac9ef7d42e

SHA512
7d2f64308d0efb4bac435877a2bc4370791669f4afd6bd2478ab3f5d8a791ef56439b51b866666005c00b926dd4e7829b288a72b14c94478e947478734116a3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
7044aa3cb4d52a9a38e06d8a2c6c5e36

SHA1
826c359dd8d20200cac890e8b7bd0a1506c79a61

SHA256
6ca388e554a1be5e80639b3468f87c5f621e38885485fad37d2efae5a7e2b2ad

SHA512
26d4c69a7c577f8614cf3edb9ba3345d1414c8c486ea30250f9222f48654c1cdd0aa23cb2e98be08c81cb4f573f5fc4d07357014ba69124994ce0167bc8af1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
ec442060a454a2beb60d44e699eaed5c

SHA1
b3ea37e8a447e6cfcfda3b5adb37d797ca97ea2b

SHA256
77369e034bb9fba133d43362ced855ec21fd1a8ca8ba906f4a81eac957ea9acd

SHA512
704ec218d3aec256dee0a4c7d199eeedd0a581675e9ed4d4161890341684ca6ffde9a5f5980c842684d68c8294b68da65f459cfe8c7d61eb04f5a43d3d2f4bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
dc2604c7df5496ade7125442e1712853

SHA1
4070d3e5995892519d68d09850968654a0bd0783

SHA256
82353bedb04fc98eb7e55d0f89159a1c332026bc5c26a65ce6de6e115c7e9482

SHA512
034c3b04f533ef79a41a196a695d54628f41bce0e0950c3bcd69096d164051ab0c4f1c9c3b7a0a73dd77914c55db461a4cf84cc441fe00e12756c1de223414dd

Download Submit
C:\Users\Admin\Downloads\SynapseX.elVDcsTu.exe.part

Filesize
234KB

MD5
03d95fff9c762454b8a8cea89de2d9e3

SHA1
5fdc58b29e10fe6f74ab7dc7d5599b136be0394f

SHA256
a08c820009542834baeba92e8aa762d6810fd021de67b05c6429063af206e629

SHA512
183d5fae435f0ebcf562258feaed1ea782de2ab67e18a348a469129374d3ac3c73a9b8426e0f34bd4bdaf4f3fae48159c29dbdbbaf03c4a0c4ca693a4eda01d9

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
4028457913f9d08b06137643fe3e01bc

SHA1
a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

SHA256
289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

SHA512
c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

Download Submit
memory/2292-2833-0x0000000000B70000-0x0000000000C6A000-memory.dmp

Filesize
1000KB

Download
memory/2292-2835-0x00000000054F0000-0x0000000005582000-memory.dmp

Filesize
584KB

Download
memory/2292-2836-0x0000000005640000-0x00000000056DE000-memory.dmp

Filesize
632KB

Download
memory/2292-2837-0x0000000006240000-0x000000000637E000-memory.dmp

Filesize
1.2MB

Download
memory/2292-2838-0x00000000054D0000-0x00000000054D8000-memory.dmp

Filesize
32KB

Download
memory/2292-2839-0x0000000005A60000-0x0000000005A6A000-memory.dmp

Filesize
40KB

Download
memory/2292-2840-0x0000000006100000-0x00000000061C8000-memory.dmp

Filesize
800KB

Download
memory/2292-2834-0x0000000005B50000-0x00000000060F6000-memory.dmp

Filesize
5.6MB

Download
memory/3012-1376-0x000001D93B380000-0x000001D93B3A2000-memory.dmp

Filesize
136KB

Download
memory/5636-1370-0x00000193C22E0000-0x00000193C2320000-memory.dmp

Filesize
256KB

Download
memory/5636-1470-0x00000193DC950000-0x00000193DC962000-memory.dmp

Filesize
72KB

Download
memory/5636-1444-0x00000193C27E0000-0x00000193C27FE000-memory.dmp

Filesize
120KB

Download
memory/5636-1493-0x00007FFA819E0000-0x00007FFA824A2000-memory.dmp

Filesize
10.8MB

Download
memory/5636-1469-0x00000193C27C0000-0x00000193C27CA000-memory.dmp

Filesize
40KB

Download
memory/5636-1375-0x00007FFA819E0000-0x00007FFA824A2000-memory.dmp

Filesize
10.8MB

Download
memory/5636-1441-0x00000193C29A0000-0x00000193C29F0000-memory.dmp

Filesize
320KB

Download
memory/5636-1369-0x00007FFA819E3000-0x00007FFA819E5000-memory.dmp

Filesize
8KB

Download
memory/5636-1440-0x00000193DCB20000-0x00000193DCB96000-memory.dmp

Filesize
472KB

Download
memory/6124-2729-0x0000000000E20000-0x0000000000E2A000-memory.dmp

Filesize
40KB

Download
memory/6124-2745-0x0000000005A00000-0x0000000005A12000-memory.dmp

Filesize
72KB

Download
memory/6124-2728-0x00000000005E0000-0x0000000000636000-memory.dmp

Filesize
344KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads