hxxps://mega[.]nz/file/gnQQVZJQ#N6sAMrlJsAirqkaJWNbLrGH95znOLyg6o_8QM2oIvZg%20]

Analysis

max time kernel
1712s
max time network
1697s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/gnQQVZJQ#N6sAMrlJsAirqkaJWNbLrGH95znOLyg6o_8QM2oIvZg%20]

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMinorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529956323607480"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2520	vlc.exe
6120	WINWORD.EXE
6120	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2520	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe
Token: SeShutdownPrivilege	1752	chrome.exe
Token: SeCreatePagefilePrivilege	1752	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
2520	vlc.exe
2520	vlc.exe
2520	vlc.exe
2520	vlc.exe
5628	firefox.exe
5628	firefox.exe
5628	firefox.exe
5628	firefox.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
1752	chrome.exe
2520	vlc.exe
2520	vlc.exe
2520	vlc.exe
5628	firefox.exe
5628	firefox.exe
5628	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3672	OpenWith.exe
2520	vlc.exe
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
6120	WINWORD.EXE
5628	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 3124	1752	chrome.exe	85
PID 1752 wrote to memory of 3124	1752	chrome.exe	85
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 2172	1752	chrome.exe	87
PID 1752 wrote to memory of 4948	1752	chrome.exe	88
PID 1752 wrote to memory of 4948	1752	chrome.exe	88
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89
PID 1752 wrote to memory of 2268	1752	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/gnQQVZJQ#N6sAMrlJsAirqkaJWNbLrGH95znOLyg6o_8QM2oIvZg%20]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc23639758,0x7ffc23639768,0x7ffc23639778
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5376 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5848 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4536 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5468 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3376 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5888 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2900 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4552 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6376 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6284 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6424 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6400 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6368 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6904 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7024 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7180 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7516 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7668 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7828 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7496 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8144 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8056 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7796 --field-trial-handle=1848,i,10786936887542231290,14217687018242207501,131072 /prefetch:1
  2⤵
  PID:5888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3672

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PingResolve.mpe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\EditTest.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
PID:728

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SaveInstall.odt"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:6120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.0.71537767\1198042993" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ab5330-789a-4037-84f3-0196150582e5} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 2008 2207fde4d58 gpu
    3⤵
    PID:5200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.1.1281900436\543173450" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12567c3c-96d6-4f0e-8af3-8f8660b91845} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 2416 2207f8e3558 socket
    3⤵
    PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.2.1697552424\1400684945" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 3160 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d04c23e8-ba9b-4c3e-8a9d-30f271d782c6} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 2968 2200b596658 tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.3.1189004184\1840564571" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 1096 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af65e161-e9d9-4deb-a9fb-b2dda5fdeaa0} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 1080 22009ca9658 tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.4.1014273103\1984793254" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9b68da-9060-42a4-9fd5-9c2ad1d29c3e} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 3668 2207aa69658 tab
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.7.1841088607\1935704148" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce8c2380-cb5e-432d-93f2-9c0e93932016} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 5432 2200d9f1158 tab
    3⤵
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.6.1306025529\1428375398" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b5b0698-ac17-4136-a899-b5e75b0e7994} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 5220 2200d9c7858 tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5628.5.1058844525\70272223" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {523f6d0c-dacb-4aa7-977b-c25cc110acf4} 5628 "\\.\pipe\gecko-crash-server-pipe.5628" 5096 2200ba93c58 tab
    3⤵
    PID:4500

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
466fb681a84129ec5a0d71790c99bb1e

SHA1
cc180a2ee35b89284039470aec7fd7848768f852

SHA256
90a445b88802a3cd12e68a760593865a98e9c9905294a922766474dbb63e0b21

SHA512
45bf1c000c303d2b668e6c3d491f5bb2f827dad9fe7c3d8f0a1e0cc5953760d99be683660287190acd032bd8b630b3e5248bcbd19a1db38473fab76f54a5cbcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
06b474c5363d731cad72a6384f4560f1

SHA1
8a0485b400e4b25cac542cd5f27e22e7decfae7f

SHA256
b79117ea33525d179accf74f69c8d1e97ffb99cabaa667844c9fdf0611f595a5

SHA512
2b9bdf102665ab802f74cd9ffdc8d73e9bf8804c95dcc7f3235c99256dfbc11ea3d2a7d832d34feff827c4d233f1cb0c2ecabd76e2787a3708cbb698c26dbcf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
20ef990b66ae1b13bff81872ca08cb6e

SHA1
eead4d67dc7d401d4e2aa4760e05bc472c1442f3

SHA256
b898d013f4bb849f30af1a5aaab94b166095ba4a65d9e48c1cf03aea287c84ad

SHA512
c429267a193d41de2dbd17cec1308541d1c4d48b1161a5d23dba347e8ae14cb2549b4e215ebd30063f1403af2494d82c80b14928d15143db8225f8eeba9b6e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
cba1e892b00c401f727abac277a24f31

SHA1
dcb2ee7c1ba8bac85c93e9ff708e46dfe3b3d79e

SHA256
a95d123bd6a064d161b67f6d88bcfe628ce3009d3dce1687964aefe8440aa834

SHA512
9ab8703b85189c896b070b2ad1347e614cbfc3bd29f3e767ae852d76a333ccb86cd6b468ec1e696f8f953a7829fa3b868d30a5f2b7bd4d9779a742f847c15dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e347ed48edfe15d81cf738696b03354d

SHA1
466dc9ac3fe0f8fdae3d0c92463978c9c7da7dac

SHA256
0af9ead57d5380336e35c2fcb79e250f2b7eae9f04cf539a025bd0f28ebcdc6d

SHA512
e61c4169c8be674c239b56d91fae6bf668ae933bd2fc02e01a482fffa57287362569010f40b5b09bd7603547753edbdba83de3fced817610d3a163797c63fb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0f20c295ab5d3570f9f4c7d73f23f52b

SHA1
dc07ecd1d66264831dee521281214179afd7ec45

SHA256
73611b87f4de36d37fd32b4088cba3b051c701a098e28e4363d931b2f559d37e

SHA512
167c3c2f3bb85f60d5529cdef2a538611c93203f4b91c3c3c880c6c0f867865deb48337f6fdf3ed03916a9951082273fff933781da20fa964c144467e47e2a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a99259abb8163392c905b9371ca4bf8f

SHA1
bf1dca8983a36e94c0340ae937a1b98d43e52e8c

SHA256
81b849ab94ed37e06306a0826b44d7673f5690eaf820d3adfa5c32f5f7b8b031

SHA512
819b1e23c08c5a0107ef9a04c93422a57d87fe2eb1e4c649cd023a39a8b3fd60421f674651bcc027e98c0a759641ea10e75e507775df1816a6e9e3e36fce7608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
24fb169940ee84a40cded8d13664e447

SHA1
7805dab3ad70431b4204ac67b61da927130ad981

SHA256
6fa0f825fc60cfe7ba6e2e36989b587f72908a3117a46942baa35bb745d02398

SHA512
f8f2fbee1044247e06fae01f45d610522cfecacb535be3d11ce3e165083d4e3baca12ae1b538ab06c892465eea76fb9d42ee48dd492cff268895f6e4038c13dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3c261adbd2c8425bcddfdbca9406b8d8

SHA1
ce9ebc0cd40209baa9db92533edd221a642861f4

SHA256
39a7213f0d958dcdaae732030e14a11ec35bd3c63b4f5c975f3376d2873be6ae

SHA512
22ec27e0d6949facd65cb959cb74a828ec2f3bb0360912b36b0bb6e5dcf1d84499fa1b4fa5fb585dacb8521e439ed89df01e0fcd2e8309a844711af97fa7dc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
52a61679be54c270ba465ab455dd4efd

SHA1
7ffc387b89c31da64177264e5be24fa003b62006

SHA256
c1ce82f52a66104070262a5103f3615a768ed9d80300cf0f4e3addaa7e6131c8

SHA512
83a63db5470df796ffde5659b0a2841c3e52cfa6cb62518e757ec620d5cfe9bc641aa63d3b4a4019830a4eab3969fef83867c86d97ec2ddcabc0e90df63c3e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
8ba97645069e027b197b606b6e47d9b1

SHA1
4781b2e084c50ad7f8dce2f4e36399e7951b02d7

SHA256
b8d4fcadf0ec0f22f4637f5500cfd235a89f8b4264e97c3d2031dc9ab862f7a5

SHA512
59b037a8ad29d188cafa3272314545b89ed22e65c3b87128125d7a02fb4f7598cd1b8961befd0e3e64f6c506de676aa76df8aa2bcb42d6011884708b60ee9542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f25106db2a5ef1f3f93c367ae96fb2d7

SHA1
343033a6ce920fed35feead3652705acf0e0b377

SHA256
1cfe666121a9e898643ba41ad0c104573dbe7820e7c25ca64d869f1305037b61

SHA512
347ffb173a06e0acb69ebe9e22ff11d0ec7c0b4f46c3e157a49074f4100b3e62d4bfb1464599a534a6038ebc7fe4facb01cde24ed93f061ababb8cfb5b84acbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
08d52dc0eaf5e5c69feb5c686effab24

SHA1
5d5bccf394d28af96bbcf5ed2bf8e228ad260a25

SHA256
01e47a090337b9a67ebacde430a73b65bdeda97f1b0f459be9ead53b3f6cfae2

SHA512
0940f978e70bec4aa622170a76c465c3fb2b2f9210f49b1e832186fbaf3eca116ff695df6bce1cde5836a1250fcaf55a1c4de040ea149d2f7634880fc065a7eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2b5a7114c8395edbadb9a6f6f39ff30f

SHA1
f4af2881282ddf19b6c1fce3873e8815fc807fbc

SHA256
319b9d7896adef7de6ec4eb1e31ac54e63cfb4718ab253c5847f86072cb19907

SHA512
3eae4d9da45601b88a29269409513747ac29ead5f7ca6a38f28e164b4efb1f26d864247df63e99d9ba7a87bcf58e89ef2a6a31d98b14c2a40039bafaf32a89d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cab8a866d1b7962d4d6c7781be9bc1fd

SHA1
f19e8f0360284e921b1f54842e9f69bb2f38d01f

SHA256
d0edba58a8d4bf77760605722380c9011113e6aa08adfa374595b593b951432d

SHA512
5a46539a7c9a7df34e5cb0a35b583b9a2e42d0175b466e975685a8aebca0e90809af740f342515dd02e8039b1092e060852a6d28b0cd352a8905afece25558ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1df2ecb5f49e83fb255960ed96a22c3d

SHA1
f19704ad98101879b83161091c8a1c69e0401737

SHA256
d0078ac8848959104546493685fc1c7be117d7b1800549203c2092ec33d50a4b

SHA512
187a494ca3b7093c56781c408e29944dd782a3118d2d8d2e6dbd79d404aeedab194acecf3cbc4be0b5b27dbaadc4ad3bfe5ce026735e8d75d34b3794599b7f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6937c08cee9334259b787f545aedf63f

SHA1
06913f9660b4cd8ccd4678b2dc288115450ff9c6

SHA256
265dd76e34dc0600add532105f516088ff98507eb6740e14dff7b4e5d70973f9

SHA512
a69865b4902d04ccf744b4ff477929bbb2a9c2911e58c1b06bc14c0a9f9e4ae898c09af03f6baf7e9297b1fbbc6db1e0b33fd40ca31b4dcac751cb2034cc91b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
66017a401dc89a285ebad5c7bacb7858

SHA1
d73cbb84f343ffdbb18dcd737c30e9272e65b583

SHA256
442c11ec7e14cefaf81e08014aff8e8f446c0fa645cb2d6244505bc0404909b8

SHA512
806c5c056018bde09d4c434174e56071d2e193df01ec3706a68026dde431f52c6715ca0bf6840c5ba820198d08a28f7bf48232a8e5767cf53c6b813ea397ae21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66e5b43931672bb7dd8c26a50679689f

SHA1
a5efb360de68be995dc1cdfa2a3b6a02fde9dd9e

SHA256
9fb717389fd83190b79a7637eba36decfbaac6323bcc2b907df2ba4ca4b346da

SHA512
948c89f80e2012647454ea6f84ac59be4e7effee9fb482cb93ddc9767e1ae908c440bb5a6fd4cc2cae0311bf01b7443e797c5591125e7dd9ae871a0c6f9aa84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e8d9.TMP

Filesize
48B

MD5
10b270c49e25b7ad4254c5f32f713a10

SHA1
eedb93033fab20ba00f2e8c31a30a56b66588180

SHA256
7f585a32e66bebc0d5ac3688d86f758eb38db3ca330831fb1e837390e12d3a03

SHA512
0b7d5c679bbef2f40d7fb2d2c4a02687b8611d54b162ca1b2367a7bb1bf9a56b737b2de55f077864791fbffa55677ac498ddb90b89846eea88b6d3e21c83ae67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
94a74fc402871085c34d01b5a3b454a6

SHA1
f267f8cc384a87dcfaaa37c1bcafac04efe624b8

SHA256
d8f1d1a6d3a54d86db2cdfb02ce350eb80518c9d4b99146bc39a3a38dca3db48

SHA512
a5d0203341279ba08a65de6678225a758cbcf57efff23a52c3e62243c9bf4348db967b6df5390ceb3fd543c1f933fee2d9582a8894f08635d6f8e07a505e2d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
b94fd10c79a00ca954be0631270bbec2

SHA1
d37e6afe933b0ac88eaacf02bfeede6e00fba5a9

SHA256
cf3a2906de8fdee7d48966f460390bf5826f08f012d421ac3ad48ae7f7fdfeda

SHA512
c3fb8b89d31fec229974e6f31a4db6293fa6922865b059d04da5491fb0e281c33bce6b6d1f8585b522cd512fac90fb7917ea6f3715987d76a43dcea5d14d4075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
c477098bf4a678d57f8fb95df5ecd38a

SHA1
5f17b11af863a6cfd4cdc7d411cd424f5f713f63

SHA256
927a6eb9ac6f345a9c93e32f7a4fda1f8d933003a01dc14a0637c6062b77958f

SHA512
65141ecf26266e140588422114ac4edc7e7abb4583a7ae1b1c9c43102d295222a0cec7fce449fdc111b0d7bd97066e32dc124d69c16198fde9c6ba9409a5c645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
64523788fd942e564e33d7adb8846704

SHA1
2f80769552b87514bb86d729fbb7cb9d4ffc07ba

SHA256
eb2153e0629deb2c5d7f8eaed21dd66bed6b2cb566aa88bd45bdf4796db47a8d

SHA512
f0ea8f666f96daf8ca41a708116992339379f270789ec221c62472ab834d33ada0b7521d11916b54d57febfba7f427ed8a2d528a0535f08845ee3d23ef22b7c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
c7d2e65e32383d51af138b02996681b2

SHA1
3987609fe729a1216926a67fcc59f768a2ad8730

SHA256
a20dad704617adaac775bfb56913e506bf7f30a814cacf1f8e9edfbe816df553

SHA512
efdd97b73d53f4e9793dc23f68a0ec84c753feea8eae8a5e0433146bf6ce101bb0ad8fcc2aa81575030f1a7ce25abef7c37ebf5f3d1dc99c28e9837eb7845f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1e498c77accc8e7cfbf12a75184f156b

SHA1
a68af5589e082c2ba4008422cd0138f761282698

SHA256
313f4c76c8fc47303f53448c310b5cbd4ce590bc231f6d9001f875ca376642af

SHA512
91059e80a23cb77d556b0625beaf040ed386e9aa00733a43f47fc61c1428b56b273eace6527088ade4ba7d32a76218dcd67cef0bea8547ecad29a934212d8f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
84a3564eb852d09f27f9bbee91705600

SHA1
1f30e0b4dfeb1e41565019a2d57c70d9b7454752

SHA256
04c681d9c018c3be44488d5cd3ea370406e99e972b1db6527be439950fcb17cc

SHA512
ce2d29cd018f5bb7b1c4374f9ca22fc813dbbb8c0ed09f36515e43a1e66d0a69d8d6a0fb5c304845a6124268908042568b693737141c8c25213c2bc0ea402b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
db00bdebcfeb086c17419b9465631c87

SHA1
fb0ffa0726cd4731fd3083d098510e850f78a19f

SHA256
ffd05d722c3406a3e903740963b275f7773a7098609309a306374f057a13b2f6

SHA512
8c68785b614132bf27469d4814b5caabf8cfc70a6aeccba12c8363932afb3576d1feea1dd0f4bca98b8717d07c2c3025d4dc26c670cbad8478d10b043f5ae6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598d81.TMP

Filesize
101KB

MD5
8a3b078bdb36213eef009c2f092c172c

SHA1
cc954a6aa775ea9d8c4394140e6e93b7d9c3d0c7

SHA256
1f07b668b5616cb581b41c03bffe3807c6f711c27940c3ef19a8a0fa8ddc5a0d

SHA512
9f8e1ed380608198133599c1ee8f11cf6b976e2029b34b2425dc714b7a28810fe43864f7255bc0883a2f0b84378bbcfeec8f0a0214fabf2548f8b151b8122060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\24497

Filesize
9KB

MD5
b1f7fc635bb4a2e799588e4515f02826

SHA1
38f0907740a1bca82a2fd06f996ce5e53e29674d

SHA256
713f14805ef2a215d2787c2f2a4dabf003ce6dd535c8b96100c89ad7adb81206

SHA512
8356e4b5d7294c99a206e1f68cb40b6eb5305cc50a6a0fb3ad485fe63b1cb8f6e067c41aa21a2675f17d4e6342445b40017a4de6d295ee16bc44df9c1d9e3858

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
d4a3244fb1e403c07187d8f850c059bb

SHA1
c67ee514b45919f41ff2aaadf6754edec4bb4b61

SHA256
1c02ea7dee3c9cd7c43a66603ef10c9a9a075fb4c6d58703014c5580538ae40a

SHA512
f9175b37427eb12a06475954fedf9968560c1393a342cf95d993d48ec17471d87c6497e349d8f147dba14b623f86055706a8a18f255de7f669ffca78fe222d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
adaef5975533c11940fa44abb25af170

SHA1
7ac7c4a866bec16ca835b0e003b4f3766ffa8def

SHA256
9fbcdac27cfa76966acf241c6871217e3d9bc9ffd7d0bbc89d5cc274e30bce79

SHA512
7967295b705fa6a00f1096c8440e55a68812ee324594812a9a36b795b4c925f758647c5932440e852f26274ade86d1493c347bf9f42466aaf488077181703e28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0608ae940e346d41306a0d6c7e974b00

SHA1
c4da4d29d707940ef2eb52014e3d72f622b325f4

SHA256
a1a3f4ec31e5672ebe4fc0493f24b208874b6b7e445fd145f5c85471d18f9263

SHA512
2c41d6dbc74f57302ba40e235a09e5ec0e2ade06d93d1157fec5b61332fc24a5450afae0feede8c82034753b8bf919ec171eb7a32f5acedcd6960e0ea916cf98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\bookmarkbackups\bookmarks-2024-02-21_11_eAxAL8SpFfZxWj+8QWgDyg==.jsonlz4

Filesize
950B

MD5
6c53fd868850f42922d96824d8a5d8b9

SHA1
2f1a931c418593cc66c10c53d2a9fd52a76ad106

SHA256
4b24e064ccf3cae7a9fa10520afd392c7782d2ac2480825529e9c9d77b60d470

SHA512
65e938acd9cb2e7cb7d23be342a128154b3adf4fa56635c021ab3df4a9e65a5604c5e9dd645d950e060291ce69dc3bf5fa019c5aa77133a26a4e87cea73be3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\broadcast-listeners.json

Filesize
216B

MD5
2031ea93e91dc4f25045f463e04577bb

SHA1
df75a51a9aac83792ba63bb74409800fb01e6066

SHA256
00a59c96b9220e9772b96ec1f551a34dfbf77d4ef2940c6cb198e24747b24d05

SHA512
9c1806684b10050930fc287b6a891b445c0652ba10d0910fc2e84e7e52b840560ddb6185b42eb5e478261722c112b31b35a0042421a8c1b237176a2f95ca392c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8c33ed4d66c3a2ad02e5f52569f8f7fd

SHA1
96da817f288b1336d882b3cfd40c621704fc4d29

SHA256
84d672468382d2432d8cb7c4e3eeb1fce922268fc32d387e260ae34df3c03fd9

SHA512
a382218dce7a47a0368d9a138bc37b5ffcd461550af2fe1cf227025e617b2ad78e0e3caba7556abf96e050f1f652e4ce723b70a9cd8e786aee9e9f6a91b89513

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\79003208-d73e-4660-b348-161101500997

Filesize
11KB

MD5
4821947f5c45e65c5f0a52981842e139

SHA1
b6e35c3b8ae936f402d1617dee8ee734cc7fd2bb

SHA256
1f2b0cbc72c5f6f2c3766e1e921fdabeafdd434d8128534050ae41dbce30f791

SHA512
5b1488c83603cf047cad93cdbccbe7167ebccb8e663348b660ea6ce597954c8acea3416cf3024ae7baf0dd9c564375ff812cb5ebfc1abf396252b1754f341cf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\7c3b1b45-84c0-4d23-b679-4787a0d718db

Filesize
746B

MD5
987410cf91ab8e7e27b861f1ef17bfe5

SHA1
2e1280d337a1db2bb89516b2ad6c9b2dde35159d

SHA256
3e7a7501d85ea8c380871656eb1562425843a8bdc08d4351f8536ae3353f8666

SHA512
1690ca5a746e0ca9a8dda5b81ca7584d83f583babef10b43dd7f8842e3a20e0244cf177cb9f94ec88299b304373ff347f5aa01db72b27745eb50b3c89a9a05d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\extensions.json.tmp

Filesize
34KB

MD5
44d7f3ffe8b2af9821d692fab4cb4eb0

SHA1
322625beeedf2923fd5895d870bfc68d31bc06df

SHA256
07ce389dbcc997601038463d256b74cbf03fb8173933bee6ad738b48c69ed265

SHA512
78ca9d28dab421d664c223b0813c239fd607b1b08f80917882920571703c13891785ba4af23e145d6a19c8f8f2bc4dd250b5ffc331ddcb042c0d995cb1b8ac5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
9KB

MD5
c406ca02c7a64ca0886fffb297884aaa

SHA1
27c730fabad5d28d07b026e316b37bfc54624991

SHA256
ef1be749ed21cfaa57b51e2c2241964228d2b0935bdd4fda457f187f32052b4f

SHA512
b09ff3976ff20d1febad6812145fb0548ffc95b2cedc1be72916b7e37fbde8b67d0a5ec2e2e569ac5e97ae049aacea4dc1a53b8e8d7e88e9cb4e5c3f07e3e344

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
9KB

MD5
ba60ff0d3172b2a88f2bb49a1de8096b

SHA1
94a3f48868275e5a1516c4ca0f27332c5af2e472

SHA256
271106a85e57736e6105d17519bb351878745592dacc1ab2fc92dd8948941865

SHA512
581b7f2126d0ef7bd513763a5f20f82c1e860f35367f1fc7da23c0148426c657a9641b601bc376c8b1cc9489cf98ca446d1494b34fa20fee496a4e8f27b1b4cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
9KB

MD5
82720b9f7c492256dd3b0b60d66d66f7

SHA1
3f7e5dc3f5aaffd6f3e66c6a64c9341399adb3c4

SHA256
dc5881f73402fb367794f6c4ecd1c5c4c3fe1a71a434afebe30502cdef24153b

SHA512
80f46d3e17acf55b88910425c3c3f71549e7313db8694e3a8a317e1bb1d557274ddb4a8e078712d28cf973c4460f3a1810183bf2e1bec6f2fbfefd9bb5250049

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
7KB

MD5
db9218d196a69a24bd21bf4903040f1c

SHA1
16e124f283e0cdfbee822d7e0f526ad3681314fa

SHA256
c68105ff785aab25095f6908f02c4ae6eebe12281c74b35b374ffd94d3340973

SHA512
23786f2ab9688145a8f9057aab6f1413bf5b0e184e3bbe1359b81b1a856be038fd115cdcb829efa003f55363b7d176ac6e18f8c59a7210ef24d99b139750d321

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
9KB

MD5
4d7dba5edcfe8e559d0c557df6cec555

SHA1
dee2ad6be126e1da2b55fd46d4f9e9cd161ac254

SHA256
44937725acc2b50590967d0a75633e8035555df599b0c7272515f4ae461bea5f

SHA512
156e4bb65d55e0ca0c8b92605f20611eac591567b59eff87911bf35cca5346529b6963b633e654b58c4277615c3743767cd9666d35756d395b9055e0d37717ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d87cde9b31fae7d331ad757603684081

SHA1
9bf24b56ef4d8808a1f3a8fd143e410c1278edf3

SHA256
c5ed76d43cc16fff6bfcbc8b11e282d5fd6dad69c2fbfd765ad613ad56eb2fe6

SHA512
42587527e9c9263766864ad1a1831448efc377df049b745e993c133bd1922acd1fe84d24c445ced8299496d9cd105dea96e46124eddf8e6ff88d1ecb6b061dd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
3f6ed9b92af83815c141d2592e953e2b

SHA1
7e9b7c5e4cfb403383eb02ccabbf444bf4d243ef

SHA256
0750a62fd0a2937f60d9a907a79b6018d22aaf74a07ebab7cc50520e4724e4fb

SHA512
d2cba85b589788570ba8fe0a79a0d905782787c02e2c000a8ed1ea0a846cda7f9a4c2aff0bf1f07d062892242f38ae6ab98cd8589df24c3ba68abc453923b581

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
85c71dcf51fcccd1783ca771a90ef60a

SHA1
4ffeb560e9528e87defc49d25b9b9743a643c204

SHA256
24f1ac4deabf8cba0afd7bcf0ea89306042b63976f1baf87a986f827a4464be9

SHA512
4001f074c92c77195714a4759b42119615a41b51fc1ef003fdaf69427433810e18491f7b497ffcf8a8971d003516c3c696de465b9550f0c21dc854ca8c75fca3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\targeting.snapshot.json

Filesize
3KB

MD5
44acb98da2ac84b57417835eacc4df7b

SHA1
81a1e6ff988bda70dab8cdceaea13e358aea8de2

SHA256
4fb05014577e174ac68333bf524b3982e0ce4876916a8dcc41e0fa979e25e786

SHA512
9ee23282b3360d108506b108b23d3211951c2faf7435018a70d0b5f0fd5ae942dd8c202c2a6ff220d30730c7e3db1866acfeff81e0891585eadfc6f5306a73f6

Download Submit
memory/2520-807-0x00007FFC14440000-0x00007FFC146F4000-memory.dmp

Filesize
2.7MB

Download
memory/2520-809-0x00007FFC12F70000-0x00007FFC13082000-memory.dmp

Filesize
1.1MB

Download
memory/2520-808-0x00007FFC10ED0000-0x00007FFC11F7B000-memory.dmp

Filesize
16.7MB

Download
memory/2520-806-0x00007FFC283F0000-0x00007FFC28424000-memory.dmp

Filesize
208KB

Download
memory/2520-805-0x00007FF656560000-0x00007FF656658000-memory.dmp

Filesize
992KB

Download
memory/3304-3193-0x00000264E4500000-0x00000264E4501000-memory.dmp

Filesize
4KB

Download
memory/3304-3187-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3185-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3183-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3182-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3181-0x00000264E48C0000-0x00000264E48C1000-memory.dmp

Filesize
4KB

Download
memory/3304-3186-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3184-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3165-0x00000264DC340000-0x00000264DC350000-memory.dmp

Filesize
64KB

Download
memory/3304-3149-0x00000264DC240000-0x00000264DC250000-memory.dmp

Filesize
64KB

Download
memory/3304-3188-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3189-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3190-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3191-0x00000264E48E0000-0x00000264E48E1000-memory.dmp

Filesize
4KB

Download
memory/3304-3192-0x00000264E4510000-0x00000264E4511000-memory.dmp

Filesize
4KB

Download
memory/3304-3195-0x00000264E4510000-0x00000264E4511000-memory.dmp

Filesize
4KB

Download
memory/6120-823-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-812-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-810-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-811-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-813-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-814-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-815-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-816-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-819-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-818-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-820-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-817-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-821-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-822-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-825-0x00007FFBEFA70000-0x00007FFBEFA80000-memory.dmp

Filesize
64KB

Download
memory/6120-824-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-863-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-864-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-862-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-861-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-859-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-860-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-858-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-857-0x00007FFBF1F50000-0x00007FFBF1F60000-memory.dmp

Filesize
64KB

Download
memory/6120-829-0x00007FFBEFA70000-0x00007FFBEFA80000-memory.dmp

Filesize
64KB

Download
memory/6120-828-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-827-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download
memory/6120-826-0x00007FFC31ED0000-0x00007FFC320C5000-memory.dmp

Filesize
2.0MB

Download