e3596428cd648a2b0374346a990e71cf4af0feb6bb6ec51d8ec3e369f26e2bbe

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

geode-installer-v2.0.0-beta.17-win.exe
Size

27.8MB
MD5

e5921970e3a59ba49e35da3f052aa992
SHA1

1eddaac151dce620f3747a52ba18e800d8e5dad8
SHA256

e3596428cd648a2b0374346a990e71cf4af0feb6bb6ec51d8ec3e369f26e2bbe
SHA512

7c0b63b4bf2f2a739fb74e9d16ea8dd051b341aa2cdf469cdabe221727b7265568c3c4891ccc19514479f2098817071740c36208333f5499878be90c9a67308b
SSDEEP

786432:WCe79nR/WzjM7vfFvbbsfntXB7Ep+zJfKcf2zuP9B:WJZRu/mGfntXB7E4zH289B

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

geode-installer-v2.0.0-beta.17-win.exe

pid process

3536 geode-installer-v2.0.0-beta.17-win.exe
3536 geode-installer-v2.0.0-beta.17-win.exe
3536 geode-installer-v2.0.0-beta.17-win.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3536	geode-installer-v2.0.0-beta.17-win.exe
3536	geode-installer-v2.0.0-beta.17-win.exe
3536	geode-installer-v2.0.0-beta.17-win.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

5752 msedge.exe
5752 msedge.exe
968 msedge.exe
968 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4248 firefox.exe
Token: SeDebugPrivilege 4248 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4248 firefox.exe
4248 firefox.exe
4248 firefox.exe
4248 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4248 firefox.exe
4248 firefox.exe
4248 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4248 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	firefox.exe

pid	process
5752	msedge.exe
5752	msedge.exe
968	msedge.exe
968	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4248	firefox.exe
Token: SeDebugPrivilege	4248	firefox.exe

pid	process
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe

pid	process
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe

pid	process
4248	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4984 wrote to memory of 4248	4984	firefox.exe	firefox.exe
PID 4248 wrote to memory of 2180	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 2180	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 3584	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 4008	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 4008	4248	firefox.exe	firefox.exe
PID 4248 wrote to memory of 4008	4248	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.17-win.exe
"C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.17-win.exe"
1⤵
- Loads dropped DLL
PID:3536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.0.103291792\2059135806" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {692117a6-90cd-459d-b356-32616dcaf0e0} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 1980 1c2a0fee658 gpu
3⤵
PID:2180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.1.593075395\751610114" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee23155-0492-4b85-a3ae-521b01e0072a} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 2380 1c2a093f458 socket
3⤵
PID:3584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.2.794995174\350930035" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 3076 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff54bb09-7d28-4a4e-a2ee-1098c670bbe3} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 2900 1c2a4db1b58 tab
3⤵
PID:4008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.3.1679947077\1062896205" -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7b5702-dc63-4368-8783-75db00f6a2ac} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 3556 1c2a3716358 tab
3⤵
PID:2908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.4.1675985489\1976366608" -childID 3 -isForBrowser -prefsHandle 4516 -prefMapHandle 4456 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2dfd6f7-6ab9-4c96-8b6b-ecd97b5cc6f1} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 4412 1c2a69c2e58 tab
3⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.6.1425200879\774257678" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3245f8-ded5-41da-9aa6-6e964348cd1d} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 5224 1c2a70ba658 tab
3⤵
PID:4584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.7.1300585598\139487821" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5224 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6c6a969-b170-4ad3-a5cb-7f88b6d0ce7e} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 5428 1c2a70bb258 tab
3⤵
PID:1868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.5.1028663577\136295785" -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5180 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa73f36-ad42-49ee-bbe8-a4cecadb4185} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 5204 1c2a6fcfd58 tab
3⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7575771bh71b0h4266ha136h710b5ef70b6e
1⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb483946f8,0x7ffb48394708,0x7ffb48394718
2⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,784864048519349965,16476954226630070641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,784864048519349965,16476954226630070641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
2⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,784864048519349965,16476954226630070641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault98d84ea6h716ch4a44had20hed734b3f6d1a
1⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb483946f8,0x7ffb48394708,0x7ffb48394718
2⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,706431655776962630,15273959823137774909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
2⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,706431655776962630,15273959823137774909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,706431655776962630,15273959823137774909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
191f00dda4be62e506dbf3b581084b1d

SHA1
6c094ce657517092a8d27546f471e94ad73cde2a

SHA256
10d03ee79048eadc3c1c65f675b5d28b062ec485b72bb5d6c3bfc6de62b536df

SHA512
37123ed0a47d9f9f6cca8a9941837225d54a90f64b63330d12e24e94e02dc11da6b0543dd9b85fff23cb7cd28b0c79884ac43eef939458704eda65c6ae81e62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
6788a62cc4f5f7c33bdb9d5f42818c1e

SHA1
bf0171c4988810b8a91cab00d437e098b7c71a31

SHA256
fa2faa33f460b66e3d70c96fc20d0adcc7a0a0458d572136f37bf0e186144fe6

SHA512
621a4254a2009c7ce3542fe096c0d80c1687ce528c5396fddb200118c1b61e47c3028c7b78cf620ed9107957373559f6640ffe2a1dad7fb68faf66c350ee658a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bbf911e361b10a089d1ac559214c1e47

SHA1
77cfadcd2510c175acee9e879260413fec444b9a

SHA256
b653d0d9a5148592000de480adc8d76cf11d65d55f2d2de76d59e06125a4ea2b

SHA512
c16aaae338479eeb566d47589e84660364c3e1ba573557e28a7fbf3e0475cffb787315f0af5754ece54189d404361da7f9b8307484e270b1b9f9b60b342f3bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
508959732872b34f246261667565a30c

SHA1
f913e2e3409aab24f08cbaca6fef025eef9905c1

SHA256
80bcf01f2a8f68e9cb402e41cc4b269b2b2e27fbe005623c2e9f8b92c6719fd1

SHA512
76f45eb41948fa2bcb5c2d3c93a12a6998cc45b876acd04d171045f260dea8792275dea88dbf556838eac8e9b64cdf52c6783006c18ea3464a7ad7425dd7d6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
a391045805cb1dd811d5d130246f21a4

SHA1
90215230607e2923c7a85102a0b2cc146f88438e

SHA256
85f47fc9a530ec8ebabdc7133494537e6d3860fee2dde6d587e80e0fa406507c

SHA512
e9ba8ee4b3be7e3675a596336fe84c06e6600cdef33405e6ef1c805f0f4a2d605b78bca225d4c015908004f96a4e76f6d7c94c6edb7d5e3be0f0905c1aeca459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
e446cfa8d5f45b7f2ed73dd3f30c4a04

SHA1
22bea5f90eafbe52e63e34510c9e0308f1fe3b8f

SHA256
76801306dff5b0fd153e63d62da39573d90d64a69a6b2772e273465658f9329f

SHA512
7ce96f1a3f5cf31047fc138a2baa138c9b7bcb9e83f897827c6a9c04ad73bceab2b16f74b37cb9df8231c625e8e02445d7718205dfcec45272f5b20fb4f83473

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl56FA.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.5MB

MD5
52c5e8ff9dd3b5d80a6c794128d2f691

SHA1
75ddeb7c7dc3089e570bce7c5359a2f06d289bef

SHA256
32842e558f020485c6519370e84410a1a6898151a7139fc1e7fb65e78c3411f9

SHA512
4c3e6c1e06aed0d42d787815690235f15135b0f7c42fe5f6756e84dd5ddd8ff94d2aeaaa2878a4a57ea1cee8e810d53fec75f04a5b48acbfdec99caf9947d4ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2884deb574885c5d6fb3bafc35d8cdfd

SHA1
c6310ed2194ebfce67472393854309b7a3dac772

SHA256
dda03a953043b5e7845e54e100c9e1fc2e69be9f7f81b2600d53f5d5343f75c2

SHA512
8ee79f57d4ed2c4c46317be3a113ca6ab6207ae6ac663cf29f86995aabd23ebf9091a893470bd6c92a9d1b0534d8adf56d16672aaefc623139443a7e9e37b45e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\3e654ba1-ac82-457d-8d64-d559b348192c

Filesize
746B

MD5
385c6c3731989eb7003fc8cc497b5a0b

SHA1
5184cd09e20743a5603ad637e0c0a9cfaee3d61a

SHA256
05d3acd5ef2be0e402f247bbcce7f567307ceb4b4dcd4b8186a846f47a91f3e5

SHA512
e761dd5e536571c7e7d5f08db04d0c7bca6565494d04ad3644c528e010439ab8bd7c643bbc141bf9063e7c0547519159a29fd530b9d0e023bc6654de1e8fca89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\74e5cea8-c5ab-481f-acc9-b8698e1a0d93

Filesize
11KB

MD5
29f32a8e3b1c5979d0a22a671e315b26

SHA1
5679e505e2d71cccfabeb53ce821b7e9cbb493a3

SHA256
976873b1e3c497b376bf70689f19460413364141d2adbd068749702a305e8fb0

SHA512
fbc57c52007de0ed081c09990624911cf879181e4181c91cf4d894de2c7719dde9570e451f31e90700917d0eba345428f1f7cd6691834a62e72dfe38597652dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.2MB

MD5
0e3651cf40ff522444a1c243a195fd2f

SHA1
34658ebac69c02a6acf90e56fd7e00fe0510a52e

SHA256
06836c812a4439de60fe7668485063e4958bc57f8b34c3dad40a5dd7e099e78e

SHA512
230968934cbd7379abd97568f979da00f9b1595778cee970d25d56ab96569c45130c62014782e73644cfa45679002999685fd4b32eec3cac576a0b15067da78e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
7f09efd89704680626b5b20e62e5df24

SHA1
47fe82fc88c129e2dc9ad27151265b6e5ea3d544

SHA256
2dd511ad8245654d0f81480568a5de6f041906df63d599be5282de298a47b81c

SHA512
778c90d5b6162de750a6c17d088f023bef06292d3f0886f4c07e26300a5ae9a96e6446207bd39e60c4c5c79cce89a9602e39e4d651ddc7525168dcde89061705

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
7KB

MD5
d2bfd791ee69dc2c7728b2335e12555a

SHA1
4fb8756be120ed2608a307b112ad8ddb028ae38a

SHA256
bb545dec06b66ae77ca55b1e8e2c81aab355a69320593e88527ce09ae9fb9aae

SHA512
2285ad2ea41409edebc010396016ac0d4d11bcace4d4d81c588bcf3e1d0709454513ded959d80ea256389a85005bf2b36b20dabeae17341a6c164d3e67012966

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
624f3b64086a8c0850bc584c15547106

SHA1
45db9ae805b074897421d7c322fc5d7ca303b7a3

SHA256
c2cbd1b1c576fe20adeb74960a1e0818b3070e3d6bb1df20e88177978d05af7f

SHA512
eb58aacc8ff48acb1c5d39dd59eb4fa7067d0dd656449860cbd67ed3bfab33776d6af35a1a55d3c0eeaacb4f842fd0a8261c0273d839a2e828615dae092a19d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs.js

Filesize
6KB

MD5
0fd4f2a804958f452ad9c79aab093e86

SHA1
c1fbe3086847b81eb5b307b075cd9d4857a41e6c

SHA256
127e0f59f61cd7ef467e5517d2169cd1997614b312a93a272c84b079cbe54aa6

SHA512
04918c6e9f3e863b51496befd99622e090792a182ec8adc7cb237e2c87173b5c6404e3f2efcdfbf71b3e41238eee7ad537d384c80518e6a155998ccc0be58fec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
230b5e7d71e17e72b0c2cff3cbb9cba8

SHA1
66decc85da1c89bef4393403b3bcc1674750467b

SHA256
7c3887dd0358632ba05b8b6deefdbc5ebaac7e63593bc50963549a0ca84764b0

SHA512
67460b373ee1e0c4f963c1453417abf1e3cb83a22033c877e6c4ac85d15518fd925fad14e5f1499e5f1c5f1b7ee1826ef4d479e4d6d598f619a83faecd7b3625

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a68ca98b5e5db8f9c6ad1f26bdcbc943

SHA1
859be5263bd7a002597b77596f33873489a5903a

SHA256
a786430d8c75c404c9ae78045ae8e1dfc54b7752069c8472c69216014d7912a0

SHA512
599ac947852fd12e8c4dda0cbeb1ad7adf24e42c467c03ec4defeb4b52dd0f906e0547a4c5150115e3931d2b55be404e28a1edb9d88487f8812049b81c33a057

Download Submit
\??\pipe\LOCAL\crashpad_5500_ENWGOTJBCVEIERCY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit