njrat | 6b81b36622febc198dbe4596349b7b781cd6b278e9db9145a2de8b14b045e128

Resubmissions

09/02/2025, 17:26

250209-vzvbzaxpck 10

09/02/2025, 17:22

09/02/2025, 16:34

09/02/2025, 16:32

27/01/2025, 22:33

27/01/2025, 22:28

27/01/2025, 22:21

Analysis

max time kernel
174s
max time network
198s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27/01/2025, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.exe.zip
Size

1KB
MD5

0206983f12db26f622bbe73b165f126f
SHA1

e71f9fc602245a337f728e27917b0b716d3828f9
SHA256

6b81b36622febc198dbe4596349b7b781cd6b278e9db9145a2de8b14b045e128
SHA512

296372c60204ead1709a556001fd2a932e98814d30b42771beb19cc1298f92f3823372a83c1752f49f8073ea238e60f4c5e270a85b6dba2821621e68fd6f5cfc

Score

10^/10

njrat quasar vidar hacked office04 powerstealer prudabackend defense_evasion discovery phishing spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PrudaBackend

45.131.108.110:4782

Mutex

8f8e6059-ac4f-4e47-8d62-3ce070083ecf

Attributes

encryption_key
D82EC4913FC5B28DDFF5AC48635D190A9342C6BD
install_name
update.exe
log_directory
Logs
reconnect_delay
2500
startup_key
Runtime Broker.exe

Extracted

Family

quasar

Version

1.4.1

Botnet

powerstealer

192.168.56.1:4782

Mutex

6760d0e9-9df9-4aba-89be-4e5ce3e92cc8

Attributes

encryption_key
057FCAF700E62ACFECC7338C474084AF9B47ABEB
install_name
powerstealer.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

vidar

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

100.108.37.105:4444

127.0.0.1:4444

Mutex

95a85978-c10d-4a09-935b-c02a2a18a609

Attributes

encryption_key
6FDAA03D192B9C03BF83E41A8BBF78996D321E27
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

hakim32.ddns.net:2000

127.0.0.1:5513

Mutex

67364a37f43593883a7b70eb2426799a

Attributes

reg_key
67364a37f43593883a7b70eb2426799a
splitter
|'|'|

Signatures

Detect Vidar Stealer 6 IoCs

stealer

resource	yara_rule
behavioral1/files/0x0004000000025017-1603.dat	family_vidar_v7
behavioral1/memory/2148-1607-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral1/memory/2276-1624-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral1/files/0x000500000002501d-1622.dat	family_vidar_v7
behavioral1/memory/2148-1665-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral1/memory/2276-1684-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7

Njrat family
njrat
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 8 IoCs

resource	yara_rule
behavioral1/files/0x0004000000024fc0-1571.dat	family_quasar
behavioral1/memory/3924-1580-0x00000000004B0000-0x00000000007D4000-memory.dmp	family_quasar
behavioral1/files/0x0005000000024fd8-1585.dat	family_quasar
behavioral1/memory/4040-1593-0x00000000007B0000-0x0000000000ADA000-memory.dmp	family_quasar
behavioral1/files/0x0006000000025b7b-1631.dat	family_quasar
behavioral1/memory/2604-1638-0x0000000000510000-0x0000000000834000-memory.dmp	family_quasar
behavioral1/files/0x0006000000025b82-1646.dat	family_quasar
behavioral1/memory/1420-1653-0x0000000000650000-0x0000000000974000-memory.dmp	family_quasar

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
213	2008	New Text Document.exe

Modifies Windows Firewall 2 TTPs 3 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1308	netsh.exe
2932	netsh.exe
5100	netsh.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 6 IoCs

pid	Process
3924	updater.exe
4040	Discord.exe
4684	update.exe
2148	noyjhoadw.exe
4228	powerstealer.exe
2276	build.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
107	raw.githubusercontent.com
208	raw.githubusercontent.com

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\update.exe	update.exe
File created	C:\Windows\system32\update.exe	updater.exe
File opened for modification	C:\Windows\system32\update.exe	updater.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	noyjhoadw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824902507262551"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3870231897-2573482396-1083937135-1000\{A701A298-33B8-4B00-B280-8748115DE831}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 5 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2876	schtasks.exe
1576	schtasks.exe
1232	schtasks.exe
2080	schtasks.exe
3296	schtasks.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3440	msedge.exe
3440	msedge.exe
3608	msedge.exe
3608	msedge.exe
2620	msedge.exe
2620	msedge.exe
2988	identity_helper.exe
2988	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
2912	firefox.exe
2912	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
4684	update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1784	3456	chrome.exe	81
PID 3456 wrote to memory of 1784	3456	chrome.exe	81
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 5020	3456	chrome.exe	82
PID 3456 wrote to memory of 668	3456	chrome.exe	83
PID 3456 wrote to memory of 668	3456	chrome.exe	83
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84
PID 3456 wrote to memory of 3016	3456	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\New Text Document.exe.zip"
1⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff859bcc40,0x7fff859bcc4c,0x7fff859bcc58
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4564,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3520,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5264,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3280,i,10432437256168177486,14423352894765165126,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Modifies registry class
  PID:240

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff967d3cb8,0x7fff967d3cc8,0x7fff967d3cd8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2954037638677618211,4017456628792915100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2564
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7581a81-114f-420c-b8bc-76eda32b5998} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" gpu
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2280 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e92bea-7a18-45fd-9cc1-a9b540c59bb8} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" socket
    3⤵
    - Checks processor information in registry
    PID:2080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3088 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ca2c16f-d251-41ce-a04e-4bcf17a9757a} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3576 -childID 2 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc30fb1b-fde7-438c-845f-28dba8fbd459} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4424 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ddc0f8f-cfd1-4244-8e3d-da2b3f70a9ea} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" utility
    3⤵
    - Checks processor information in registry
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1269bde4-5059-43ea-aa6c-fdb48176bb12} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {486aabff-0a18-401b-b372-1e193b227f61} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5736 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {797ff8b3-e559-49db-bec4-24d3fed19cd9} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6240 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6132 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1da43574-ae05-441a-a1dd-322775ed87d5} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6516 -childID 7 -isForBrowser -prefsHandle 6536 -prefMapHandle 6528 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81096cf6-56c5-4ea4-9ec2-aa068fa0d717} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3436 -parentBuildID 20240401114208 -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 33047 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebbce583-4556-4756-ae3e-a36bafda9c28} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" rdd
    3⤵
    PID:1544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7080 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3444 -prefMapHandle 3636 -prefsLen 33047 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fbd3a73-34e0-4c3e-aa31-75c51d02e2d1} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" utility
    3⤵
    - Checks processor information in registry
    PID:436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2872

C:\Users\Admin\Desktop\New Text Document.exe
"C:\Users\Admin\Desktop\New Text Document.exe"
1⤵
- Downloads MZ/PE file
PID:2008
- C:\Users\Admin\Desktop\a\updater.exe
  "C:\Users\Admin\Desktop\a\updater.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3924
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Runtime Broker.exe" /sc ONLOGON /tr "C:\Windows\system32\update.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3296
- - C:\Windows\system32\update.exe
    "C:\Windows\system32\update.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:4684
  - - C:\Windows\system32\schtasks.exe
      "schtasks" /create /tn "Runtime Broker.exe" /sc ONLOGON /tr "C:\Windows\system32\update.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:1576
- C:\Users\Admin\Desktop\a\Discord.exe
  "C:\Users\Admin\Desktop\a\Discord.exe"
  2⤵
  - Executes dropped EXE
  PID:4040
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\powerstealer.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2876
- - C:\Users\Admin\AppData\Roaming\SubDir\powerstealer.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\powerstealer.exe"
    3⤵
    - Executes dropped EXE
    PID:4228
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\powerstealer.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:1232
- C:\Users\Admin\Desktop\a\noyjhoadw.exe
  "C:\Users\Admin\Desktop\a\noyjhoadw.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2148
- C:\Users\Admin\Desktop\a\build.exe
  "C:\Users\Admin\Desktop\a\build.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2276
- C:\Users\Admin\Desktop\a\fag3.exe
  "C:\Users\Admin\Desktop\a\fag3.exe"
  2⤵
  PID:2604
- C:\Users\Admin\Desktop\a\fag.exe
  "C:\Users\Admin\Desktop\a\fag.exe"
  2⤵
  PID:1420
- C:\Users\Admin\Desktop\a\Server.exe
  "C:\Users\Admin\Desktop\a\Server.exe"
  2⤵
  PID:3624
- - C:\Users\Admin\AppData\Local\Temp\server.exe
    "C:\Users\Admin\AppData\Local\Temp\server.exe"
    3⤵
    PID:3952
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:2932
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe"
      4⤵
      Modifies Windows Firewall
      PID:5100
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:1308
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /sc minute /mo 1 /tn StUpdate /tr C:\Users\Admin\AppData\Local\Temp/StUpdate.exe
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:2080

C:\Users\Admin\AppData\Local\Temp\StUpdate.exe
C:\Users\Admin\AppData\Local\Temp/StUpdate.exe
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
734B

MD5
e192462f281446b5d1500d474fbacc4b

SHA1
5ed0044ac937193b78f9878ad7bac5c9ff7534ff

SHA256
f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60

SHA512
cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BB6ABD5C8B98473A20C12EFFB847B7E2

Filesize
345B

MD5
7edbce9b8d730aab97bad5fb0fd94c80

SHA1
7201189c4ed6f6c0395c6e72ab100633b8257a0c

SHA256
c8b0d844bd3624524a1f4682797bf3db7f96057707c038345f925abdcb719fae

SHA512
6dddab7ae53df794df1613befa618a5b76d00d170074741df7d6cda43b0dc47051b50673ba5454a2a30ce5be6f81f21f0a3d973e2a819c8f18d60394a23c26a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
41d018c143257cdb63be72c43b73ac5e

SHA1
f87b37a535f6b5de9a95afc1cffc5e3432ee0f63

SHA256
1179ab4824f91b11920e8681e44c7a557f903f97223055cbc4cf83e31fea9a80

SHA512
422bca8235746c9aca307a4577bedda230be329f484040ae5c92701bca033d91f36b73ad31c404d86ffcd2894d95cd0f658d53bf5c4e103cd156fbda03d5989a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BB6ABD5C8B98473A20C12EFFB847B7E2

Filesize
540B

MD5
b34ed3b0a518db633edd5ad183825939

SHA1
ee537c9e01d7ec1deca7bb24721247918663c442

SHA256
18c8aa7b96a3f948d5cfb95687189294e656ea3e4997cfa90535452b8455d401

SHA512
b8c5f388bc9febf10e6f1b4c7929523a66d9081919193a8c125f98813c8164a5cd5b177d093e492cc4b47297d3ae54fc55a8fec638290c0c77ef4ea1d0c48db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\36851c6d-6ddd-4bb9-9b41-b2da7a803ce2.tmp

Filesize
233KB

MD5
ad8e3e12830fc9ef0fcc0f7a3d85c466

SHA1
0f0d05a6de0a312af512cab4451623b625759f1b

SHA256
84ee88c05ee243bd4789f1e9460588180a4dfc115e2a6f206209788ad8d8414c

SHA512
380c51af633ce52070fd2f4dc0a48f59adc040e9fefa8a28b4c84fe39cdd207e4f715774c4559a5ae96bdde098893065d33c6c27e9d8c489ee409925539a7773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6f2b299254d833a7ca779ebd2273f7c8

SHA1
917644a9813807823d637dd6a4d3d24a69371dec

SHA256
b0ee42e148413c42463bc1fba777f0723703207c48c248e6bfa33a8fa0eef20a

SHA512
12984ce7cf39bad3b0b0dcdef3138dcb16c1e17a0edf21b26aaec9d714ff6e2238972e8ca6558c26701c0e4ab06824db3e82ebe254ac663cc2917f194c6be83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e56b4cfa6fb1cd22f1037626e5c8cba0

SHA1
0c3d63b896e990796166987cefbc698422d34b66

SHA256
f9d521f5019a0b7d623fcc9569f7b4c25f2bf8fab7d1a84e4ddde67ee065f575

SHA512
f567cdd5007a896e7129c7b5709602fd5ffaab22a8fa6d7c12d5d09e9164e2a89306b2f00379e3eb13f06d36b90b9fdf168136ccca98aa065c1af9e9a5da7f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8cfee187269d9736eb64596743f870a5

SHA1
d1d82fc1792323b4d72e53c3f0795a8a5170c228

SHA256
6ff22bb0cd5f220447e489ba1297200be7d150c690cb2a925d00d9ef2f4b7d04

SHA512
3246b2b84741e74752785efa5b9692ae63e7a8358e218c56be0da58e904ba93b8ccace3a0d8764db6e99087c0b57afb32facd2d6cd7149f99da41d69e998c379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
224KB

MD5
38c347c88e42fc62a29f6ede1bf6885e

SHA1
d23a343883b910a073a603b35d967b567439a35e

SHA256
0077c0f0d46fef4db4ac12e91c3a59f4d39f06dc332b5f79774e64ec1f3d357d

SHA512
fd7c0e8ac2ac84fddb95f67bb70a6cfb16909af4c962bcdf690fbd235751fcb63701a452c320ab0bb7240630413d24134090d4deca219671721f4e03396daa1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
40KB

MD5
806656844b2fdcebe18fc951f46359b5

SHA1
6fe4cc003c12a3cc7b488e209a38bbc8787a521c

SHA256
fdce5e1cdea78788e5a2f00345ec92007cac50d37cbbe2b62c116556d244c464

SHA512
1b4022190ee799752a3827bf8a6f3d16af68983fa4135a7d8126c860220ebb868aaa7485d2255a5a9b0f8f822d9bb305abbf77e680ee9a9df2242a5ed8cc9eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
af7a082a35518a8f84676a2f351088d6

SHA1
a4cfbf146639b769347af3ddc7de49ff1e7aea5d

SHA256
86dbadf8dd4f0b43355a668a30850d8d3908045fb50097755eb33535149ba5f1

SHA512
f4bbcb78540deb173b7c8d279050fd6e09d26685cd508ed6bd7799a45e16f70f3c7d041e3f963dbd2833581defcc973401aaa557c47dd25571fefff67fc48cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
222a0a0d63f23e3ee540b75528218804

SHA1
3579d567512e6696f2a4838c9e195429d2174b06

SHA256
ee89416f3fe04b5829fa392ddc0281d88c47be11feff4bc110c274c5488ed811

SHA512
af705fb4fb74384664d599bdefb82038e9d090496274a8ec7ca2ef1341a8499d92d0f19cfcc3513c0946646a058e51aabbb119b6b70799918a9bda4714e85cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
76a10f346348f22eaaba89c2cf175a53

SHA1
cbe7f3a5bd258a797eaf7c723b2c808d66825e17

SHA256
234d0d65c12f22abde0e6aab52656a7d6e0bba376b484a8b4d97ae757ea91cc1

SHA512
2446b8caf04cdf73bc75ee27ab69183f3bb41d7babe8703cc630d0db37d62ce4dcb76cf0daa7134c4b5c780599ee3ae5734f9f38228950bae8747795e0f479d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d9a248c8ccfdfdd1a4180a6cb9cce3a6

SHA1
fd22941e0548cd5157d3620b31a14ee32645651d

SHA256
a583917f274069f8a3eb245368cab1cc858b549e7233c88e447f3fa4bd68c2c1

SHA512
a69421bd81e8e91dbc7ab7507ade03c76b3412e52a13de3b708dd323141a296be8324049e0eedf2fc1d1ab198a910b6a59f95fed584eadec0d31a5928398b5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12bf2916bf2a3f3b8880ab621cdb1fb0

SHA1
b19010358b9fdd5d0d4061a8c87831aec674c5a2

SHA256
6ab727bd5e7a4d312cb350e7699aadc39320d00c154db08203c5150dfdbe5a11

SHA512
b2efd61129935db0f2f64905afc9f87e66a8b12c358dd61c49fa3e95798011585019962878bf5d20fd0f134fdb320446207deb09fc0699be5f5647007b322214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96a7f0b834b11ccfed34210d4a0a45f7

SHA1
abb792de4b12fb5293ac68242eec89909ec44d9a

SHA256
d30626c10b21c842e770013b82513b2e0cf79000c5a706a93e0ae6aea255174d

SHA512
0caa1cc8630da7387a3dc742b6bf8bef655570be4be680c8a34451742538ae1177a2f5e9d9309bb4dc26a4586d0d0f997b5d4696f4f040032f7a04480f3ad321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
395d9fffb74516b7a0f90d3194e8e9ff

SHA1
838a9cadbf25f232065e8cd154b1bfe3e00b6540

SHA256
83542ee1e1f32027a716825d18631f809d136d805805e035ed797b76c01874ae

SHA512
328cd8604175cec8a693fbfc6c37f34307eedbfa863635f7e2462b74994502a742006dc31a2c081bc8cc74076a11f9ece5a221ece749c5887c07e96da3a7dc1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ff6b96552bd8c5c5f9659cb08ca1166

SHA1
2c05c57aeab9dd460d84d6ed944d6d531f88fcc9

SHA256
0ae8f13bc9daebd035ec7705114ac149a53b5926ef7fd0bc3e7d08f7969bf984

SHA512
4a78c2a0810989a859ffc752ab56b792df8c3038d2671a69e9a0309b65e8f37c7f5600f62d74dcdfb296df24adeae3c8bb02329df83cc036de80965f01755bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77055c51716ad11f3c8af4905542ad41

SHA1
db0d37f3743fc6e437da4cf9c9ba2e53851a3bc1

SHA256
070bd567c5d6c09c8383da29ec7a71793677795d9a87c45fd039ba7366844144

SHA512
6da88ea050d2184057c328c522f226c9ef22c0c95a7f76eaf549b22e19d151537085d4d39bd086462278891e10ba299eac3c6c136a37786484c4e76c7e675045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0abc3fca2d335a51ea838bada56d4c96

SHA1
d43d8e9e17679d59f92d9f159438975d4d75df78

SHA256
f68696bdd6dbbb3589723fb58e6420cd9ad39ecc943cd39c1ba479c9c85ba817

SHA512
d6cf6abbfefa0d264a82738358225dad7a6d101a7eaa593de29328645ff5f507b0ade9084a21729cd8407766e5bce58b5b8417635b942b855fc3eb7e0091f92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3456_785790460\Icons\128.png

Filesize
4KB

MD5
4a2ac04c729726c44c798e580f69f189

SHA1
fe7db4ff46498dd4ab9c49470c1c1d5b1a299c85

SHA256
0e0129cd8d5e37321bde0258d31cd68dbaa928fd7decf84d0da60708e75bf883

SHA512
1cd108c4945ecbb3ecb2c00f9d749514c09906ea1e57f9c9917050f2026ecddf121afb4406e147b71331f2ecb8923616ede228bfac9082e4319caa8db63d91b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
3d53d656ce75e007569992e878900bb0

SHA1
77f9066efc8f97969a5afccfe678f36b9ce5318f

SHA256
212545069d6bd81902b1e1ad34af507877b089c7c6290c313cfb005771190748

SHA512
2246ff06072b21d2bd02ecbf907083e9ce8c06cffc9bd4fbf675ac01e35ffd49be0771aa4b9ae874655a2714343c9ab7ec079703996ef8b6c720311276fcf400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
dffff6e45296bbbaf712aa99b9e38a68

SHA1
f14e3146966852f37d9c57305627a4a80c613f7c

SHA256
946f4e45e4f9ec5b0813a0bf00dd030df2034c2c4779dc935d5ce0b143d7276a

SHA512
006c1bf4ab67060b308251984aa4f9edd7fe71e6041ec847657c0e55e732f16930e106c1d0ceff838fc0107afe18812946e81566f49456904a971c9202f9265a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
5eeb10ba66668c3f31d27ad447ca4418

SHA1
3d7aa67cb1053c2a544be2615d6295bf73e2b0a3

SHA256
1f875d660063f7c6bb576204c78954a140365714b95395764d3b6cc537469eb5

SHA512
7549b6c12354b3ad29b6a87642fbb98d30fbcb206d087feef326340978b10551fa6fad1c5140710ac879e0655d4e48c9f39326a80fdbc88cd2ca1f6a2050b235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\server.exe.log

Filesize
408B

MD5
593f806d2255a76afcad5d4a8395781b

SHA1
3990edff12ef61875bb4206b25a97a9440a8998c

SHA256
beb8b3a764b3e94cc547be84090345e833be03d95d680ad4d75734ccd6485757

SHA512
97440ebd7f8aac1030fe83c7f32a40a986d0fa6faec2c8b8cfbce093a3f27e7626c0b6e768ce6c753ac4dddc4227057b3a6e1d5a652d1f4a9cf64fa8efbad017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
38KB

MD5
6f9bcbd9790889389f52578f0c27177e

SHA1
941fcd07ce8c21efda837ce99c2c0c532a153115

SHA256
f83e87421cda34647dbbbd00cd215a7f86445af8b2e550fc88413a757b89caa6

SHA512
8e20dee4c862b915790779e05fbb8bcb61d686c6f11f9bf74f459ebb97979e590c5fa4aec6bd83d9eaa68b2cfd6629144b4123c2a9c6757f777593dad313a0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6cd62076025a45731f8309b505f4e6b6

SHA1
97748edf598211426a1c21d9e9d2422c09edeb00

SHA256
6b494987aeef3ae0399b7218c1880f97d7ff4e77eb7d5a9ea8b2cbb9ac8cfc91

SHA512
f80e7a55e828c1a744d01e96f2577b5bbd336db710e74f0896b3c7da4ba719e1067e4bafc1ba45368f0025892c833a2d675c1b59428e0e38e58535c5be981bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
32KB

MD5
ae304c17e8f8f0f252cb84471cf116a7

SHA1
9701a0d63ee022e5225ce6ba9a76526c5fd876e1

SHA256
d0de8375dd424e66f945975571efb68d3f7ec5907406e4d1c9766cacc990bf14

SHA512
e0da80c8ac3bd51ed19060cae320ff9848cd978b11dec3aea1aaa5e086f0b60b9ce96d8fa4867642d33ed9f52f08d6244a98adda7ee64b472d16ca6cd78ed182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
128KB

MD5
fb9af54482df5c2af9921f9919f8e5c8

SHA1
f733f73be5f091e03620856bc41f86ea79be437f

SHA256
6e540e32d4e27fcbdf03088790bd616b8e05e98d14599bcdbbeaaf34198db0b6

SHA512
87ccc052c0cd462d86ea35b6eda95463723589f0a4bd793b52757e1d474facb444e33a45bc97035b457377e148f65f3ec78080c5635b932edbe746edd077f690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
46KB

MD5
cdf2e8c41e6165021486a68a194671e0

SHA1
4587f89f185dcc4b1a032ca77dcc1291bc6742d8

SHA256
eb9f6a261fe1fb9e597cd8cf9ba01d8c0897693d9ddacb5ad5927cb7b47efb15

SHA512
70cee60adab78d1b880ed6fd84190fe7665af87cb24e6574742eb47f19020dc6e74e589b2a89792393bcd2cfc88df404d69277f6b18c0ee1c5a383cae208c0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ccb11faaf64b81aab71a0889de97f998

SHA1
bcac46d674726146f1e3b24b286a4f39a6923302

SHA256
5893cba5ca4b82fd5e888fac8299cd071292026fa6226a108076e6a28ab00585

SHA512
06ebe415fbfa08111bb3d320ce4d336db258f1a72f5efeaaef582994cf4fe299c499305762fcb5303545b610833db0ac9bbc25200eabe2c51ad04af1dc882205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d05ff9a58d690010cd4a53ceaab27da

SHA1
8a614a4e8245b23822a9935e057b2874d65afadb

SHA256
0c20fe644254ebfd6e9f3ba1d13aa118716b117a8bf342b9c13b2aa6520efbee

SHA512
eca990d79a6becbca36aa3ae80fa6346f975a3c84c13ec8a1701b54943ce1029a62210b73fd2adeb8a4e2e824dbdb3f701d7fdedf28896c111c8db24f870f978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3da9ba5e6bdb3fd700f694058f58ca63

SHA1
7375b94e727a1aa2ae4c3d79bbd746863d0b17e9

SHA256
9feb474abf9727b37d7caba228ba4297f4f9b10ebb634ca347a9c6a199cbcae9

SHA512
339f41eb424be5e959d137034f08ede1afeb9e24f9bda7f90b55e171d92873667c3bd417f1a85b4b47176c0e45c1ff431acbb4a6584ebfc85aa65faff14d5af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96ce862e0857d6db62bcc86de372c010

SHA1
5c1e7f5572d9e7ce208787f1102bd764c8122120

SHA256
da5b6662e25bdfa45c61f5868f0a340e53271fc78911b9472415f1c9268a984f

SHA512
4d0e6f2e1ecda0925111fce386f19a7b3744cfe385ec2f865f00a8299eb1e3393ed84b12fc78b2d26ba93c59f9b35fd5ff056948f2266fb8111b6effe5c072d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2341578a67caa49a740cb0ff4c1ed3b

SHA1
7dcdbea3d0392e170097cf8ee9e42f9d45ae7f5a

SHA256
e4f446a08fcdeeea3533cf1cbfd847488c2700e30d06ee404071f5b20f5e52f6

SHA512
32f4b9c424757bd44d0ce3af3375694046fa117dde19a5ddd3b75be0b6bd0f001d4436130766794fde711b726781458ea74f5f34b5fc7a9c21c32783bb37a318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5408c729397edc35a9837664d71cebec

SHA1
e0e71508e758a86533991edb5562c10fb6c37cce

SHA256
7198f98aee38d627e2735833ea225490afeb2fe4b0c2cd8185974f1577bc7c9a

SHA512
e575a48d255745a243462309fcca9ac5c0f224f19ee85c5a725f67bd13e2a6c7fea603dc61e9b6a52ef9b426830a9c691039d3df6de95232ab9d0a16c14ab006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e933c1710d6052aaaa696b332e51544

SHA1
6cd9a934264b442c84028a57eebdb5dd87ea344e

SHA256
c04be244a215541aad831d007495d77293063d0df1427e2d6ff96df018cf7081

SHA512
10de5b81dfe4cda4b4f01e9ad4fbe6bf8a5fc40ee01dc0d1434b754e42341f03df0861e72fe09af0161f5be7b40e1fcb1fc32afdcf59082172ce13de42c4411a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c5eb.TMP

Filesize
370B

MD5
ff7d911e4a4e88829742e418f305c6c9

SHA1
38be1b5b56196ee7256ec5da5fa5ce1d5ec81f1b

SHA256
8d4df42e9703c4738f084937025c68fc3028186ae1d4754135eb030cac35a751

SHA512
19f9aefee79bea7e6181d5301b4ec40392eda54432525a8c9195a7d029eb136eb193687b7c827d117b783592fc199169b73456b4818f9e928998108c48752f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
a46b46cf5652bdf2453985d53e92a924

SHA1
42aca8cda260fe3679b9fcf5b29eea80d4e21b9c

SHA256
fb665c907c0ee18779cc56cad5a523f1fc24752ef4f349d5efd0fab85f791f7d

SHA512
7dfb71bdf168f6118d078243e9b03b539a2ada788dd22b1fc289e7806663d1cfcc74226cb007ce159e236c0f41054a66d691aba960f98be7ebcb58492ec3a31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb6f3ab255bb1373e1deb0bd2e5c40af

SHA1
4895c767c0b9f8754b2d9f912b3849584f23bf41

SHA256
99ac26026a489a89c47d7f969908b046116000dfd88473a623fdc08fd83da147

SHA512
ad9c19cccc8065c7f24dfd1541a2db7120ac658dcaeb799953e61a03a256188326fc4a6b58ddd3f6d15faab4611cc28de4d9265f34e750a4a2d3bf3e8f52b52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28ce548ee11da5939e43b45751787465

SHA1
2498a4fc1106b32c2a6e340517b5494a9c58430d

SHA256
5ba38582d2db73ca2c0f9c209350cf01c1a9d873cb99d154b77f92fd20f654dc

SHA512
ebce1716e4f2d17e2c2513e66444f1435a455773777a23f24d8e0c143b3cc3f9b7b2e6eba06b0977a603261a22a8d2a5e652b645d51c9cf33eee5241d5e898ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
708b3da5f27d2001978920da048f871c

SHA1
3bd252f57b6eef27f52afc523b8aaaf0fa2610e9

SHA256
fa8a0eebcdb146fb757c8c23ebcf04ec87f940c92cdcc08fd5cd8697a85bd63c

SHA512
f4a740eb15caea3e48dd065d124aed71f7ad9c0476e52a452a121be219d218e8ffa0e855f95355aa0e2060a32d093927eee4cc00489543724f44c524956a7662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
82d2829d89890d38c5d9878e5edf5fd9

SHA1
9a86b6d0e71aec7886e4e1d03b3bf63b9de89bf0

SHA256
d22a6ec70f3fb48f0253180f7077dc253ca7a7d4e554fdb184e8a061dd570389

SHA512
564df1c3f603430ea06af4db0c158341a1268ea29540a5fe5405fc07a3466e87e53ff4847b545f78a95f66852a82aa41ab322d6aad28831b1b57a34934b91a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\085E70D00D370AE84DD149334A227AD90DE91592

Filesize
71KB

MD5
7806a17d0cf46812975a306a2f65b20e

SHA1
44a9366f1c6558c59fdc4a04f028dc6e880c3af2

SHA256
8abce78c1637fc0a3770dd746d75f8847a9783fb40258f06a112690843c7bd2d

SHA512
4d1190063b58bd6cf1c68ac76f99d4ca5c84e2af8676d541660af040f85c39e46d1b28d40a7ebda50d94e6c84f0f25d75753b435b5c2c86b855c9f0429fbb34c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\172A1B5D634FF8D44069E9D05DECED577E8AEE66

Filesize
85KB

MD5
ca8251d037a0fb5f71f74255fe4cfcff

SHA1
440bb938d54a797aa4c496db1686535ffee328d2

SHA256
53f05e0f1b2dc92af34bcedc634d961504384c75b47ae5ed4cb884bc5fa24048

SHA512
7e955ce754cd83d056fd802a0eefbd468fe1377aae9022ac482b8694fe7f0b8f27003c4dff47409912901f45c11a11b014a586f1b6ecc0f2dc8df34af28dcdf4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\2B5F63ACA7BF7CE81D10E866F6FF6794391A6B51

Filesize
107KB

MD5
9201bc85360f520061f8773b19e9d459

SHA1
ccedd6535dc36cf5de3e0fa3f39160676f694f73

SHA256
9a5f123071f895c7cc05c4f2819a298b600f57a30e34668ac99ca476539d37ce

SHA512
1c9417eec5807912419759cefd62b83b9730c99d1b18dbc824ad48d9e44c056ec94d6b679deb7a0edd6e4111ee5e4fd6e7dbfa12df9553c045e7013376ecf612

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\4C8C6F3E90ADC18BC06999DE038E97298C5CF631

Filesize
32KB

MD5
6f34f22c2abec88b8da68d4c7f23d78a

SHA1
4a211f31c78e040e013c85259fac3ecff4ca8d0f

SHA256
3426cc27dea8291dc6b825128b53df672a16d478c64a3dc26bdf7bedfc978a8e

SHA512
6dabd0b33b1a9d6f701522aa804065f4833a5e0bb17479fe4bb68ba526e8b1105fd99374f2bc39daad59f6d036fba7596d91e73d34ce1e9bbf9af9e75133523a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\5E33BEC155F0200C256618639AEF79C4344171F6

Filesize
83KB

MD5
8fd7977ebcfa82c2f5fa8be557abdaac

SHA1
bf37c8584d8e164b43b866fa0a09bf2d91b3358b

SHA256
eccb7194004f32b1623915d45ef744504bafa6eba4a2bd095deb007ce9e76c55

SHA512
088163c308732e4bffe4d6267452e82f84c31227076f51f067642c40ed593adcbe1e735f8049edde5edaeed9236eba5270a55da7423f989e98f4847594bfb785

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\76C7E196426F346EF82732E235AF68EB7EA32A0B

Filesize
81KB

MD5
41036fdceb5b747a021ef111da8e3853

SHA1
a1a0de998e60260cea11e37c0378c48e0875e964

SHA256
591a6610b214c68820d625ee8caeac877ced87c959da34972cd83765fdeb83de

SHA512
870ec8d0417e4e6216a1082895fa2be2d2dfa0e3877e68d39d1e3a7c8e7fe16688877a3e560137aeda80d0ce815aca5d3baf7afac0feeff022ddc8ae62422149

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\79B8059069EBD397836D0C923BFADC8125AA0662

Filesize
97KB

MD5
43f39ceb3b7a715db317f80cf449d7b3

SHA1
3bd35df16dfaf4c2120e1936ffe38ceb2105d5f7

SHA256
ae741993470d9c78a69834819019b2d501987e940857c84c85a015bff173dcbe

SHA512
49e0ae9d4a65a186461e55159d6ae2c46b748dc4c9fc729a5b5f828d6d3724bcfc59e6a8dab00d7c2387c2f75f7f70a5afe43b900ae2bbbdd6636e7352e62f7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\84106B94D434D8BDFAF1888D146E38F592C47F80

Filesize
35KB

MD5
1f5bf55c64d3cb290e1256ee2e6dd367

SHA1
636601b20238fce6b2ef9ca29d7655a9af940de2

SHA256
f95f79b477476299fe8fda29c11a36d15aa44ce32639f267af0acd7df5f0505c

SHA512
920b7f74930a5e009e2b4b9248f3646bd553cb5e189c3107bbec5822dd49cb87f4a7d18941b5e3d90f98e59e228fefbe2c61a81b2fe19e0398a3d4984d2952bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64

Filesize
59KB

MD5
1a5831919f64970174dde5f70100152c

SHA1
b3d5ef3618c61d82717f95d681674f054423a853

SHA256
601a9935a9ee3dc0fa5f7ed1397b9add1bf2674a549414c48101fcd867a53380

SHA512
b8ad955662bba9b40f060cc28867e5521b3e7e946afca5f767795e436e9564b59b07d4a169c261ebf5b60724c7cab397115f9523b5ede2b85af21fe09d5fd974

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\9E429A08C07E2634A1C8689C471F26256BEA1557

Filesize
88KB

MD5
9697cfc0af82959ba46e8e2237c736b7

SHA1
ec5bd850b31d6fe841c1f6eddf78bfff81735a95

SHA256
819dcb528f4ec425bb1b40536a0883b746f8c318d2c7503b1e07945dfe5020d9

SHA512
a69818fd79982377887c5599909990fd775c2726fa5f038ef8a32881ced49709fbd6fc29f766618aee2ce981e3598fe179f7934ac4c495f620b40e7f2cfc1eaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\D81E1EEE4803B213C095EAD38028C0D3B1EF2DE8

Filesize
103KB

MD5
bcd0ebf6c3246c572cd87570213e323c

SHA1
533dd76ba113110555f9a9ccd1576be42ea7d53b

SHA256
4156555c3ba78a2a3c19a79955316965f8809d5c0876fbf757dff55666b6ff1c

SHA512
e33a93c5a759c283aafbbb3838a5503ad08989737320af4b76d628407b89b7f941f7c9cffb04a671f5999e4129ee79dc42df027d8a7f16872f505be2345d8962

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
8KB

MD5
853de4900e904a4bccfaf5d0f84887d3

SHA1
7ab32d64f85b7206b7b31518bac4686e3659bd66

SHA256
95d38468cea30ec0be66bb78c3ac941c1386b369800fdbbd9e1cdcba84ce4acf

SHA512
a80c97ad71708f5b48d7d3a3a92469d8527b0c7923cc03402ea4626fd12209e8b89a882f582c31f7284c02df266df71fdc564f6cf626e781994257eec454dcca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
36KB

MD5
6bc8e5f48e1af509657b5a8be3aae3ae

SHA1
486ee46ea52d4ba613a7aefb845647268ad69181

SHA256
a27e828a99d893c82d0e2a5b9395f42209a974e08b2422bff6a4be17d8ddf9ed

SHA512
1f42c03621d8cbd54288bc20dc1412e69d21d7d7797ddc1c346e5ca04ab4bf76fef9a44994d636bf0ccbd4cd6cde1f96044fbaf92f0af594ab2ef05d484bd90c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d1ae284479c0ac05127ab1b07ae0e918

SHA1
a027a9a21a423878ac9b10dfa2bb803a2621611f

SHA256
67bbfa7beb8309242bf02ee7bb4b1efa9adf349121cc82161e8ada6827655698

SHA512
95c60909b43c2521c4e1ee5b3dd6a8540b9340024a2394455076fc073fb5867f649a17fed26ff3e8edb967ab7bfe893d13b997ebce8ba1add9fb31ed3b905993

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b9c3007680c5a18f5066e4870edd561d

SHA1
08d3597e0ccfba0d7f450c5c1c5d1ad5238927ec

SHA256
31ad2fda730c75a34363fa053dae06ce0fcfe4a984cbb5c42187ed09809dc3f6

SHA512
f2e7d0b1fdada9411c3511caded7ee67a5c8b7ec75c4b88541af22627a960e6a9995d30dabf26ab2b854b692b8250eee3e8f5a7351e778eca0c81e94f600c74c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
64f45efe7b19e9427feaf5f48d29842b

SHA1
a6c3ce59926f882a24064e13f61db32f31b10fcf

SHA256
2ae1cfc271990d285a7c8e824c21783bdbe9eb90b4be0e2010c983682c3a0cac

SHA512
5bc48445038282d991f0113fbac9bab787e213b6613486ca2e10f939023080ad1d6588dd061944da3eb1dea2621ff0792bdde99b69b40198b793d16515d7febf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
cc2dcb45dc146934eb47f3cf1426aedb

SHA1
07effc8ff7b2233415f492792aa75382234ac88c

SHA256
d1dc907adb6792485e0a359ddaa45ec7505f50db927be7d236af92fa81e4fc91

SHA512
adedd3527ff9cff417c00b1d508771119e1f20b308bbf06cf0736d491cf45d8a53db39ec33e494c70ebae2d3f6c0176c254faec6df8dd62158da04783dfc2013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\12ef555c-62b4-4724-9cf4-c2d04b4125fa

Filesize
671B

MD5
6e4a1c677c0b533a0df82b5507ab8274

SHA1
c5350e3cc90123d1ed8186db51abe74331cfe3fb

SHA256
b7ce3c4aff253c9830e6b91efac20bb49b8ad3a4133dddfcda33c69eb3790b66

SHA512
a0666d62160e0e6de477fee8a45ab05c531d31c2a5a082fcf4805fc45ca031beea832dc67d9fb5134ef12512da6e4a99d8db2bb1a2fa4486fa4bfd6e73014cc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\2b463395-1f86-4431-af89-2989846beb37

Filesize
982B

MD5
60cf99e9d1f9bc5bd65d8219b82812c6

SHA1
756c3dded9e655fb8be76b9029ce8b80a8492f74

SHA256
9b1658d3875de86fe934433a652aced5c8cc53e8f9b78a4bf5e596122afed07a

SHA512
6f28751b0747f6b91acce71fc86749fe1cbf64d8704d914c5050dcdf39883c1a9b1a9db92631a5ae6c4526704de01b693b17bcb30104b9dca2e1955d57181476

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\53deb6d0-229d-4220-9d02-ffc242737646

Filesize
25KB

MD5
dd412925ebc6cd337d490f710a5682e8

SHA1
bae9b7b652e45179201db4e9233105084dbeaef8

SHA256
5093fdf7aa1d9b0da70249c5dd79dd1b27a7abdb70942a08ecc0e2bd0c77701b

SHA512
99423e481e471d1d074fb5d6d8ef61d3baecd5dcaa4017c0bff671eaa6eeea2430ab5ce8083d985680b6b81811e70de9f9dda9aefd0e5f5b4df7ddce44cc545b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\logins-backup.json

Filesize
738B

MD5
63209fbb754caf3586cc87fc7a96528a

SHA1
69e91c06fca21098a63b9b424aeb814745603564

SHA256
a891899440c7b5e8b073a51c4b093ba962eff3123c330d24eea726c47a23ede9

SHA512
eca395ba7415c3144bf36486273c70423c5a8c8235c8e8f6e7d923710f0c0904c9cd602d14862ae5bedd406d1f3be08cbb88d27b549a1917fc54f3494566abca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\logins-backup.json

Filesize
808B

MD5
d3390abe3b99186efcf1ebc366103d78

SHA1
d1d166cc07ddbda0f070922e56d6e3ccbdb61ec6

SHA256
864f0767113410f2c6bc10a30e560bc3cc59c1df1efe71bec299b363ed255d5d

SHA512
193563235c98fdd816ec2b39a6ad28ec2297a82a174e5f7588aacf5078c907106583b8dee3171951e03bc7ec369cd2ba93c89a0c00ec664f99680149682f10a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
c9bd0cd80d25d1d5f36a83716b238b25

SHA1
fc78c31373ff910305af725ef219407aefb5618c

SHA256
6283be6f95ecd20e8928764c0d070fb7c659271c02617576758218988f32ce21

SHA512
73ee45ee6b858a5b585ec4767aa90d7275a5914df77614396d42edcad670e73e77cf5fcd262858cd263f73449b2c862f90b2396e8bed3416cf51e6e79efaf6fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
27c8cf0cde9bbe82a507b864531c1d32

SHA1
58841fb1dd81ca64b9e5e0980b183dc9225f6123

SHA256
33a5583c7aac95269890c6da357c0363e917083363ece3b263c509b4bccdf4f6

SHA512
93ae877f67961e83205d13c121124cc642cdb67532b76ee2b9aef3c329ef5a9514c2ffcfae20efb923234837e633604300b6e6caf3a385969b3c1bb7ae9b449d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
9KB

MD5
f0576147ea2c59b82005bedfbc91cc1f

SHA1
296df568b43eb5324cc31662caecc273eb0dcbe8

SHA256
4287fd03e7729f7957a8f0ca6f09dee61fe6c453d683616c7ba71ba823f32776

SHA512
8b5b64aecf2765bac55e7497fca921feb9fa507ffc45e385900d911e0c5b0cd908e478b7648db7adb22125b6631f7fdaafe70589f58d0f85881b8f4f4436dedd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
11KB

MD5
e49c193405e7697d1ec56f9907705998

SHA1
d580fc5568133fe501be50ee2837f6f83794b168

SHA256
fa80067b7cf87478ec1e8411a8d0104f4575312651d24d5343ee92f875a0ed06

SHA512
a3090d014bc443dabf8f407a7e3aac716bd4e6bc1b3767528cd4dd9afa1fa0c13c921fb1143e286121bfced68c67440fd1855e7bed98fc1d4db3693ee63cb8fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
4444dacf650db091855d1823074d1978

SHA1
59fccea445d7b77381c98f027db29b53bf61191b

SHA256
20377285d95bd0e8cee3b52871da4c2062b28aea9b5f6f3733cea663b708b6d1

SHA512
3b64171779f2188dc6937cd9f76adbfbddcd1791b22df35aaf08947aa57ebb986b076b7d34c7b1cf634fd5986e236a7fdd21f7b177f820dffda87b030f18df57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
61ef62ff6209b17916e898157aadfe42

SHA1
e459f87acc8b24e47837021b555fbbef63205536

SHA256
4f363fd779af39bae46aab453b596d0c20bf71f280f371791e6c6ad6b727ba2e

SHA512
1dcc542ebd7efd2531dbac003564fa7c69a372fa33869f66d74038bc7d8826b0866d833d54ef848373a0da5c010ede4888040b172750f3396d57155094778a05

Download Submit
C:\Users\Admin\AppData\Roaming\app

Filesize
5B

MD5
c60feebd511c87b86dea130692995a0f

SHA1
d64447a8b3d8949cab5a1f8d168f7c6fee6b6a0a

SHA256
632994320c04707e7ef564b3e983a694170561659552a24dfe14a922dcf0f511

SHA512
bf03fbf3329c6f7a21ecd620319ef1a6f676b22a27afd24aab546483c3fe5f6eee7bbcfdc14c5f6626957f2b96519bdd21aaea45d74a80253fa4220c8c12df7c

Download Submit
C:\Users\Admin\Desktop\a\Discord.exe

Filesize
3.1MB

MD5
bedd5e5f44b78c79f93e29dc184cfa3d

SHA1
11e7e692b9a6b475f8561f283b2dd59c3cd19bfd

SHA256
e423c72ea1a279e367f4f0a3dc7d703c67f6d09009ed9d58f9c73dac35d0a85c

SHA512
3a7924196830b52d4525b897f45feb52ec2aca6cd20437b38437f171424450fd25692bd4c67ccde2cf147f0ed6efcef395ea0e13b24f0cf606214b58cf8284de

Download Submit
C:\Users\Admin\Desktop\a\Server.exe

Filesize
93KB

MD5
a9ba2416df448c5f3b36581ecfa4cd31

SHA1
105592c84c83cbf4e6f7b6978ecb6d37c99440b7

SHA256
b12ace477963fdde7e7b3c3b81dc01d585d87097e68bed90f5dd41077556b4bf

SHA512
456ffb46cf5d914108a68292e1f9e73665e7dd3905015c76709ecc954d02b50d9dfdd758c2178791d75aa1010b7c0f2e0cf92659f2471a227497343477e6c9f3

Download Submit
C:\Users\Admin\Desktop\a\build.exe

Filesize
119KB

MD5
08388bb4894c71e7b1be4bad966c3824

SHA1
7437ac98f08fc41283b900aa6fb0ae350d59dd6c

SHA256
986a98dc33a925fa232e1e5311807c7681cad9e0f07957d81e4f2f8257503f9c

SHA512
2adf5154e7dca7de1fcf12560c97f1b74e66fb3c5074d8fa9d29dd9da91a1314f9fc18270808c12364c4941a6a2346109824bd4c625df905f9be84af393934b3

Download Submit
C:\Users\Admin\Desktop\a\fag.exe

Filesize
3.1MB

MD5
814d032273cdbdc32dc6a232c108129f

SHA1
bd4b3bea0d543dd287fd952a5ae053f649f11fe4

SHA256
95e8911b88b45f18c2f415df69166ea5dadc1af3ee4ed79d42ca31dc812c4043

SHA512
1aca47dc3e839f192a0c51c396f1596f03a843c88883a6d4be02ce55647585d6a98e8ed215872661dbe412d9095eabf334fec5545a4a1dcf75a3ebe48dd2cbbf

Download Submit
C:\Users\Admin\Desktop\a\fag3.exe

Filesize
3.1MB

MD5
6b6cd0ace200ae15a3c40568bd516739

SHA1
c17c2dae1f9d4a3268f51ba9acf2095171408621

SHA256
9746060c7d36d8675945405b0c1928fb6bbcfe1bbac0f4c3247bd245ac6c4271

SHA512
4330446f193832bc3cdba0461df477ed7b27af44cce83daa7bf4c46afacee37b8e5ce7191573b23604efbeef66b2ed763adc156303e3e3927e1fc315ba22b1cd

Download Submit
C:\Users\Admin\Desktop\a\noyjhoadw.exe

Filesize
119KB

MD5
65cc23e7237f3cff2d206a269793772e

SHA1
fa3b354d2a7a4a673d4477ddcf1e1f2c93bb05fd

SHA256
a57a8a3c3c073632337bb870db56538ef3d3cebd1ada4c3ed2397ea73a6923fb

SHA512
7596ec7aeef7fcf446328dc928a835a54fa1060264b170baf2413252977bb0ac0b8da96867895530601cc098516e7bb82d1edbabfcfccd29d24619fe89f49613

Download Submit
C:\Users\Admin\Desktop\a\updater.exe

Filesize
3.1MB

MD5
c965446805dc5c40e1bffe859716bea7

SHA1
7d6b257f8f830f512552bd11b36bb1fc88a1e966

SHA256
874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5

SHA512
157b7d59cb94d83dceba138207f1d335df6f9da90c510cbad8e0b252173be05679352de83d2aef2e3ae3d7de58f7253f93422b44680d2cb63e6c3640fd68233b

Download Submit
memory/1420-1653-0x0000000000650000-0x0000000000974000-memory.dmp

Filesize
3.1MB

Download
memory/2008-1566-0x0000000000E50000-0x0000000000E58000-memory.dmp

Filesize
32KB

Download
memory/2148-1665-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2148-1607-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2276-1624-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2276-1684-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2604-1638-0x0000000000510000-0x0000000000834000-memory.dmp

Filesize
3.1MB

Download
memory/3924-1580-0x00000000004B0000-0x00000000007D4000-memory.dmp

Filesize
3.1MB

Download
memory/4040-1593-0x00000000007B0000-0x0000000000ADA000-memory.dmp

Filesize
3.2MB

Download
memory/4684-1625-0x000000001C500000-0x000000001C512000-memory.dmp

Filesize
72KB

Download
memory/4684-1626-0x000000001C560000-0x000000001C59C000-memory.dmp

Filesize
240KB

Download
memory/4684-1614-0x000000001C490000-0x000000001C4E0000-memory.dmp

Filesize
320KB

Download
memory/4684-1615-0x000000001C5A0000-0x000000001C652000-memory.dmp

Filesize
712KB

Download