0ecdd92a721b2a7e949bc5d494af7613b6f8a6b7a703c812f440c76b6ebc5909

Resubmissions

06/07/2024, 07:55

240706-jsa4za1fmk 1

06/07/2024, 07:50

240706-jn78xa1elq 6

Analysis

max time kernel
113s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Size

4.2MB
MD5

fe944c726c469f3eeb880b4aaf4905e5
SHA1

6f41ebeddd3fa98c6c9ee10e3d0a91ea7779a079
SHA256

1f46e752ec127c6fb7c2ee4a6a049af0fa6881763d7a3bfc356cacd4b95afee2
SHA512

0e7bf1f297fa2e62bd9b91fefcc1fcf04324ce7c42e67be57bba45561cf04eb9d83e9148a9f77b4f329aa693eb22c0b9afa199a135e724dd9321243856ab6c9b
SSDEEP

24576:SmxjqRSaoJDkgRIGsS9JHRQMEToXW6OTWEkkk3VdZdpg5NbJbVT8nxI2QbYD:SMjh1BRnWQdZybV+qb

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\V:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\Z:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\B:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\G:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\L:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\P:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\S:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\E:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\H:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\N:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\M:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\R:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\T:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\U:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\W:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\I:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\J:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\K:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\X:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\A:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\O:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
File opened (read-only)	\??\Y:	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Control Panel\International\Geo\Nation	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-771719357-2485960699-3367710044-1000\{E0823906-6B89-4025-9FB4-AC701B7F3744}	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
4224	msedge.exe
4224	msedge.exe
5800	msedge.exe
5800	msedge.exe
1436	identity_helper.exe
1436	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeDebugPrivilege	2284	firefox.exe
Token: SeDebugPrivilege	2284	firefox.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeShutdownPrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeCreatePagefilePrivilege	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2284	firefox.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 4292	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe	86
PID 3008 wrote to memory of 4292	3008	217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe	86
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 4292 wrote to memory of 2284	4292	firefox.exe	87
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 2080	2284	firefox.exe	88
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89
PID 2284 wrote to memory of 1068	2284	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe
"C:\Users\Admin\AppData\Local\Temp\217ca871-03e9-40f7-bd5d-dd7bb6151f7c.exe"
1⤵
- Enumerates connected drives
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.0.111856131\850448053" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b519c79d-8dd4-499d-a14e-0d35ae189806} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1852 1cb97718758 gpu
      4⤵
      PID:2080
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.1.467422122\1592901000" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81999e51-1276-4ebe-bd00-0783e474c100} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2420 1cb8aa86958 socket
      4⤵
      Checks processor information in registry
      PID:1068
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.2.2052343340\1921466809" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf3dfb17-1d78-4812-84d8-4c037df1556d} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2972 1cb9a607e58 tab
      4⤵
      PID:4564
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.3.353806077\34122912" -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9120b35-c6ad-4c16-a2a2-f051d313200e} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3676 1cb8aa41858 tab
      4⤵
      PID:2496
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.4.90185328\1188739000" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 5116 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f29f0de-1516-42a5-84e4-68d91eb49d3e} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5136 1cb9d1c0858 tab
      4⤵
      PID:4348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.5.576301224\1913067470" -childID 4 -isForBrowser -prefsHandle 5292 -prefMapHandle 5300 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dc4c756-67b1-4f84-8ad7-ecc341ae630b} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5284 1cb9ee57e58 tab
      4⤵
      PID:4800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.6.1236152150\1087126406" -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5268 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd6d361e-e1dd-447a-8432-4054786120b4} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5484 1cb9ee59058 tab
      4⤵
      PID:4264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.7.1571766460\1890225543" -childID 6 -isForBrowser -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f95e087-7345-4782-915e-ff8ad2ed3bee} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5892 1cba06df558 tab
      4⤵
      PID:4664
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.8.1439944205\938923576" -childID 7 -isForBrowser -prefsHandle 5708 -prefMapHandle 5536 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c23259d7-cf26-4c76-8a13-17ef84902212} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1472 1cb9a607858 tab
      4⤵
      PID:1680
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.9.1487121926\124104893" -childID 8 -isForBrowser -prefsHandle 5560 -prefMapHandle 5448 -prefsLen 28262 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09abe62e-11b0-45ad-b621-ceb0c5fad905} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5612 1cb9d4a7858 tab
      4⤵
      PID:2092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.10.1585854636\663139992" -childID 9 -isForBrowser -prefsHandle 5572 -prefMapHandle 5480 -prefsLen 28262 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64a6357f-5ec1-4157-b58f-1152d89c9602} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5596 1cb9e504d58 tab
      4⤵
      PID:3612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.11.1425255027\709518745" -childID 10 -isForBrowser -prefsHandle 5644 -prefMapHandle 5888 -prefsLen 28262 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b66a2ed-58d0-4547-88a5-775790a0b656} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 6088 1cb8aa3e858 tab
      4⤵
      PID:5400
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.12.226346390\1839755691" -childID 11 -isForBrowser -prefsHandle 5072 -prefMapHandle 4520 -prefsLen 28398 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2e6fa73-1747-4ac7-bc73-b2cc06bbd85d} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5176 1cb9ee58158 tab
      4⤵
      PID:5840
- C:\Program Files\mozilla firefox\firefox.exe
  "C:\Program Files\mozilla firefox\firefox.exe" https://zipmatepro.com/thankyou?tyid=cc92ac49-033b-4bdc-8819-fb26ee2045da
  2⤵
  PID:756
- - C:\Program Files\mozilla firefox\firefox.exe
    "C:\Program Files\mozilla firefox\firefox.exe" https://zipmatepro.com/thankyou?tyid=cc92ac49-033b-4bdc-8819-fb26ee2045da
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4424
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.0.1603612257\802342182" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22750 -prefMapSize 235168 -appDir "C:\Program Files\mozilla firefox\browser" - {3216d683-954d-4890-93be-ff8dcae0ec73} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 1868 1426af1e458 gpu
      4⤵
      PID:2268
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.1.1908035476\1097729914" -parentBuildID 20230214051806 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 23601 -prefMapSize 235168 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {08c8cd7e-e191-4eda-a5da-26746cbfdd49} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 2460 1425e18a058 socket
      4⤵
      Checks processor information in registry
      PID:4368
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.2.1769725295\541971026" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 23639 -prefMapSize 235168 -jsInitHandle 1244 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {925bc246-dcf5-4498-9356-a10971a03a9f} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 2976 1426d6d6058 tab
      4⤵
      PID:5700
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.3.1486440083\1802901472" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 28198 -prefMapSize 235168 -jsInitHandle 1244 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {d0641e1b-eee9-4909-8992-2e4dcfee1d6d} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3620 1426f86cb58 tab
      4⤵
      PID:5820
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.4.972605528\510654379" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 28198 -prefMapSize 235168 -jsInitHandle 1244 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {c4bedaf7-e8c5-4ea1-b698-c17a89fdae3c} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5208 1427201b858 tab
      4⤵
      PID:5780
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.5.1279443770\415051089" -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 28198 -prefMapSize 235168 -jsInitHandle 1244 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {2dbe9cbe-7fa1-4370-9c6f-8d5168b857b9} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5340 1427201a058 tab
      4⤵
      PID:5996
  - - C:\Program Files\mozilla firefox\firefox.exe
      "C:\Program Files\mozilla firefox\firefox.exe" -contentproc --channel="4424.6.651914772\135618843" -childID 5 -isForBrowser -prefsHandle 5564 -prefMapHandle 5324 -prefsLen 28198 -prefMapSize 235168 -jsInitHandle 1244 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\mozilla firefox\browser" - {d5adef9b-07a9-465e-8855-cde11d8c3410} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5552 142722f3158 tab
      4⤵
      PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://application.zipmatepro.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa648946f8,0x7ffa64894708,0x7ffa64894718
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14046631443378960830,13645408417002823248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b1242fcf5cf28992c27f30d5552e283

SHA1
2688b1e274eabaa876d1751b85491aa723748e29

SHA256
eaa5f6cb65cd3508191e3607e2f86b2e48b2afad6a0df6a46608fdd75355f9a6

SHA512
34e17f2aa4e5d23c924213eb7d3922f1080c10515d3cbd028f971005f687663648fd1b4b4f330dc5a35611ac7c9c186fe6c4e022d72c4850c5166445689d4f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa70999d075d9fdc7d65f947451d128f

SHA1
121614b17de67cccbe49fcbced1a4aa12862eee1

SHA256
d39204c959c8505edc6cee37fd6040b427ac4df035b702d896d1986397b4c4d5

SHA512
b08f1a6b91242014f545453e38f74e4327bc794275b600f7e0a2cc4f927941d036cfee2072a9b00a8732fb1faed497bb1a29ea4750367d2ab8dae9800634159e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1456708da2f45af642ac58f70f7abbf

SHA1
e4ad9724d9585e0bcc3d0f9e770517594fe918e5

SHA256
25e11125f1ba24473b85d2d80cfc51e9f2e0385d202371ade378f76730b06799

SHA512
694267e1b13956a3909d361984bb52a5f3522e2182606ea925f5b1c28da332d9dc259ab789b8378ec2a1b4f65c97ff5e2aadbe17a5b18d56691c3c9650deedac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
902b968e888af12d2ba5d4270e747ccc

SHA1
59864b1010ef2ea8f9a8a516f6e6b79258066ed3

SHA256
beb21c14a409fd47110ae58ffc89f7cb14fff9cff9a22f87b49220abacf4cd35

SHA512
aa3348bdf08c0cb566bc6910978dd931b168896334267cb20fd92a486e20bab93ce55868bebb3aa6db23c66f412d692cfbca9048b19b4b1d9fe728070e76fc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
bf26792a8559ce6c898d11628d0d3240

SHA1
f1933d60374d644e3359b2071231c0423d9bd3df

SHA256
3048c0193b6672bf748b1b72a5197ee59d06bb87cd4cc65098556e88978bb998

SHA512
60d01076f8ac3c19fa0c57412e639d7aed67bc1877e0408dca528985be9dd1fb4ab9805606356a4dd064f372b4f24f42049dc526a0c85795b94725bcba626c2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
1e98d1649918b9f8c65539c46de497c0

SHA1
e4ced37491db0bae8b1a962ddd315a37997ea6ac

SHA256
95fed4685aea3120c1abc4d49df947b0564f38a7b2be56c543c1f2f076bb3e28

SHA512
cc85322ab2ef47da60afe11b31e79fc20ce9e74a3ae0421ef2f5a187121673478be2f1894b8c6d6c456e6e59cf900bedb503083ed75a09a1c76238202cab8a9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\doomed\13059

Filesize
227KB

MD5
a3c46943dd233c57c2ffa0338720d530

SHA1
daaeaf3c514a32d1aa4e73ec47cdc19546d7fe68

SHA256
3303d3fcd65e38443b3842550682c897b3451a7ff5d5076212d18dcb8fff6413

SHA512
49e4bc68f59eb1a6d8327cdb8d854a5733834790fb5939ed1052c21e591c330fc758052e0ce9e6d6e1f2b6e6326cab5edf7d2bf6527e198034a947e37e476618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\doomed\16550

Filesize
9KB

MD5
3a9cabeb83f4b70734441e59752fb623

SHA1
e1b2baf7cbb7e2db196e9127e44b959c26360d8d

SHA256
3bfdfacfa6be45602097b4a0c639605f1d93e776afdd09b4070f706b0cc73697

SHA512
f772f264a3871cc100de0916392b6f04e71326e5b07cc8765169ba06e8d5d638600517f8ef938f98b9ac4bf4ab98087f845718573eb3397cebef0e70dbb65aa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\doomed\30172

Filesize
9KB

MD5
b3f8fc1d4e7a21c6831904e83c6464c7

SHA1
ef252e9995021d9c0d60f00cfbe406763c27e820

SHA256
8134d08735ef4e416f5e37b6b078e5ec1b733877b32dfe6ac45d81fba8ad7b4c

SHA512
0d0116c90bcb83acd71195d887e7514aa3f11997d60b9e4b94c6e78dabc424b23290812c7cd78956d3ea7a80af2f9ea25c056859424dd52cf1518a7e607b2657

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\entries\20C6B873D37557F398807E757D5D0A1FFB422340

Filesize
403KB

MD5
4cece2bb6c59cb1c6634a7ae867f120e

SHA1
737fe556e96681fdd185353c35ae13b884e8c113

SHA256
e1b054c49b94dd07aec7222d1eaa6ff0a65a698f3d99151e8f185e089af3fe0c

SHA512
a98bebf16b504ff88351d0d534e881f4a2962cdd1dcb0c7a5f598b0b05e3db6bd7296f93d1aaeee75c10da5f054dd42c5ce2ab1f93ddd231f81cbf2fd95005c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
5de112e37efd87d5f298bbb80bc79648

SHA1
f620d2312faca16888cd0704775584db405f4799

SHA256
7bcfbb1d303055f39112bcb3705a020c61ad7fa7a6b363d0fbff1684dba0f90f

SHA512
cede4dfcb040bbbf6479ca8d28dada88f6b5de1e5b207a5a48514b0bfb260496cddb016c6d0426cf53e61caceeb186d34c746c0e6674814a6aebabfab1b9212f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
e86c26564e778cb8231f2dcd4c5d6539

SHA1
ba90d74f81326808560f492653ab7d9717feb9e5

SHA256
9b2b78bf527f5f7ea840c57bc8e8e2ee0096457d32ca8f86b40d69e3de222a60

SHA512
7e5bcd37d8ef2270273428e6378d9fb90b167b5095ce7ac9ad4081cd1acf5592eb458c8f0351e2f7dfb2eec3259604a78919f16dc97959485b79ea0f270e2124

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
c32de96c62624f185e12a50afbdfa8bf

SHA1
268a02dee864e3e499ee0cd477e57e09c7c28d5e

SHA256
795dfaf7a84e69cd87c11d405e8627f27ed90e8fcb0af9b767975934cf2d935a

SHA512
83a7569018ad298af3202bcca20491f5ffff53f7c0ba9cf9c7f546a0d43570e3c0d36c129cf60c970103358cf4e4227b504cb9280cd9d18f8d2dce3cf335d4b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\startupCache\scriptCache-child.bin

Filesize
465KB

MD5
b54b62e24e8d35c181683816515fa4a9

SHA1
ca201b76bc93621bdfa5aa2ce8e440a416c0d2bf

SHA256
cb7bd42837ba12ed0a24e4968d05d860171944a03be21b0322db5c955454e902

SHA512
4b13c6b4580a19767f8ba782bc9db627be8babe24e758db6fd57407f3c697c6de04bd5c35f5694a0bcf424a2e1d902d467beb976552e120db4adb4bbe1eb4459

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
187a45f2a71cdb1198f1713e057ef02e

SHA1
6cce6d5ccc8597c81adcbc60c370e2628e8a4da0

SHA256
9b5097c1ab85bbd0cb29c9e4aad9524be678155e5ed03f3feff05c72f921322f

SHA512
53f113f8d2623095dc08028278595b96701d212b6f485a608e37fa40eb94e150934b13fc180381275729b7404adfad6e7b7a85c09d760aadddb9760613809295

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mate.Assets.ZipVideo.mp4

Filesize
146KB

MD5
1c1ea327ac5318f622523dc8668c1f0e

SHA1
7f660fefd4bb1fd050c36e1f6de2cf789c372a97

SHA256
4ac24f78ffe5cf18d675e99b774ec2b51b8f47e9a87195b6f7df7aa6207b3f00

SHA512
674ffd4e54da114e0860219473e020c7874b225c43787a57f97c2b5766425a3e99aadd83e1fd2edcc10465bc04e443e74961263ed54bc02fa50f8c14318d5c9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\AlternateServices.txt

Filesize
1KB

MD5
828c750fc2263cb5ff600a798f56bff8

SHA1
b8a97c1254f9cb806dd801dc969b2c7ee0abfef0

SHA256
c3ea840fd14594beae2b3efc6f32d1b510070cf81bf000bdd33fe4bfc63b21f0

SHA512
f9c51b8f846879221fd49fe40e98485e3f0a61ec871f598c226747724cdcde58e8416bbdd986a6d8868443f6f34edf5d2be53c255c0f75c18aaddb151226e477

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\SiteSecurityServiceState.txt

Filesize
518B

MD5
71e864ca66cdff09177005758426f2f3

SHA1
5239c527ffd32def38bab54f3a00d85677235f46

SHA256
37db60fe036c34f830e1f8fa73f8372ec2d9f648c8f09acbac65e0e4eb0912e2

SHA512
99afab27757ab46d21ff2b84ee353b3c40c0000250ba33092a2edbab57f5b4093a097ac1b698a43a1e61036216d9c2086ef889ac320b7feb3feb3d215e21cf66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
23e5df3d0d5210f6974ffd9effc6c228

SHA1
679b058f2a06aef811699b0d75d2997e61faed3e

SHA256
1a6a1a528b8bd011d50759432677a2e99c22960bce54f8c74390958684cfd003

SHA512
88876d5df5a0f2df941eff0b7a1798d12eecc5aa8f94851779e35a4f9bdd40cb7cd1c48a4cb64a53ee849dc365b2f3fb12ff7c57e486450d9ef5361412181ef7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cert9.db

Filesize
224KB

MD5
ded1f4c32f02d62480c53023a2c8fb1e

SHA1
70bac6ec3dbfb3b8ff396ce36d297122b7d66799

SHA256
166d96f4853335bf62197f14b942233ddb53918c808e1bd53c0015ff16b5142a

SHA512
50c7e43679f1594b56e49bc289aa7ca83541c363f742e1c04eccfd15b7fc7a4bcc1ebea89fb86c9f7e8c2b87f0850c861acf8fe8c29b6d500a2ae69da102fb81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cookies.sqlite

Filesize
512KB

MD5
70462a578b80851affded2500e7f40bb

SHA1
07a8046fe5b84dcc81d5e4604613557f67a0d9aa

SHA256
89fb44374b7362045a077427915de3de39897a81dd9ebee8f366d4ac55dccb36

SHA512
b196b43bfa063584250d7c2872f0909c5dadd80581e5fc08c9469c9adfdacd64b6da5e7ff19709f82aa7a9d8a9afb35bb255ca423dc54f39f79228d9dbed2fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\datareporting\session-state.json

Filesize
162B

MD5
b4848c6ab18e4a74928febe9a093aba7

SHA1
4f6a6ec228074804951d2e06f70cf0253a00a7ed

SHA256
8acbfa8b37c4f502eb5bd5c411ca583f2e0d0bc9f0010e603c98a2a26ab444ce

SHA512
e202d57d1d48466498c6185426e863186f4b4a20a1717affa26de323192195adc318bd9741b86e28b42b821606b42b7744b0c9299f4b399612c7f4118dcacde7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\datareporting\state.json

Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c57fed8dca48ab6571be28278dcb42ab

SHA1
70d3108d5e6498d902c8b887e8e648e868ded813

SHA256
94ad9127dcdb525300f3511e99dbbc459e9032891be6b4283143565cec4ea707

SHA512
a78a106eb465eb781c9c50f19ac2ebf7f455aee83318b94d6073cbe9514446017ca5a99fa75b65d4904fe1b496702c48a133c1e551b8bb2451f6648d02eec9da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\permissions.sqlite

Filesize
96KB

MD5
3425cc8db5fd31e21c5bd2a79e1167fa

SHA1
661fee6843aa42f1c5ee4b755744baea43b5915f

SHA256
911209f919c09407769455d6c74255b82201d1034bb78c90ff9bef32e0744937

SHA512
6bf347693022c3642af7e5318edf016d56e8e3928e50b1f90ee84c5901e8e2e03785e37c3aba812f499d267416f8d99aa9d961ff5533622ef0473002fdf18976

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\places.sqlite

Filesize
5.0MB

MD5
93623141be2044f3cf4a75ff0ed508b6

SHA1
8da711ed1f4ec12ab2304fee5097f84031049e2b

SHA256
214a84acfb7b96c113c4170d1c7e12149e42d1d043ce1a8665426995f029b629

SHA512
d82553b756d3866ff8257dd67850794ed7b7ec78307e4bbfefe2e6d51550dd32578c329f0ae40579646107185c8a2f5eb9ee63e84f2ada923199e24e87a0faf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\places.sqlite

Filesize
5.0MB

MD5
0bfef4a839ded12d07a44187ea2ff7a7

SHA1
9d0500edba881ed2c990f226248ac7b7c15234d0

SHA256
ecbe3eb515d136f0af12058594121414b5b8c359a8dd20918d8d04fef911a1cd

SHA512
ad069f9e11326b0d3567b5563cba74b46b39800af7b0831345cc6c2cd6b5db813873adeaa1cc5b2e2343a913e5dd5c197883f4cd4664d703629bacaba3e5e616

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs-1.js

Filesize
7KB

MD5
f10cc4e143beb25f5473cad587e334ae

SHA1
aa645903a8233f542fcfab80b860758a30542b1f

SHA256
1f3501249c416dde20e6e392a5abb39f3162c3bd10ade02c3f8819aed71a3d5c

SHA512
a6b91404d70337c4f881acae858b579c365d047807fd19d17741dd5e8bcca26c02127e7454e8808000234d429e3a48ac233c691ed642149e09e7cb9a8155adce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs-1.js

Filesize
7KB

MD5
3f1e968eb632e182c3ae87d7b7842e82

SHA1
4756e43ea28f6c2bc5f0c4b8fd8c183fe9045da8

SHA256
a6541846a519fd1b32e6455498dc5e1bb6c50bbc6a40f8bbf23235d596aa2ea6

SHA512
c8535c824e01705c4939d4dc8ae2fe5d935390b9516cefa458909763ba13d31c1c19914a8c9514294a0346d2f01368a3177b4e4a870be2c9799854aed9c08d48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs.js

Filesize
6KB

MD5
bb5f6e4f9c4a963c8ee6a5a5517891e9

SHA1
8825ed32436b926b679e5bf0ed85a566e80d1590

SHA256
2916c07d9842c8d8a629ef7651617de1e5c80976d11bd3d212881757dcaaa213

SHA512
abf86c04e2706af8a0b1b33e6ba5316e37171a32c908cdaae4392af5672f1d8c09b92c611bff07662c3de75b3ed321346a565dd6ceb2eec8470aef83959e833c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs.js

Filesize
6KB

MD5
f2bc889bd1852fbc20939f26390be081

SHA1
cce88551d5e92782facf77bebfd1877975028cda

SHA256
97acc7910a1bef45509d797ce6bec8fa318189dd34be6a1e5e7b58ce26c6bcf0

SHA512
ee351e8b7e596388045644e98a7d4d0afed0c98ec174ba03852c6a9471ec09d691051f65dc58b6f129ad3256d3dc2328f8b6c3201d7fbdb6936b322596b9dc2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs.js

Filesize
6KB

MD5
8bd14577a5d35a6d62e47eb9ee3d612b

SHA1
7ed985f7f809e620a70bfe4a252decdeaae6119a

SHA256
43c6942aefe67e4003809984526d5e976a268b0f706840f6a50edc2dcba106a7

SHA512
6a347aee7aa0e93b4b7ffe44c546cf813b68c1da451d50a69967bae54ed34e9ccaca6100e6e156a906e89e2f6772bb372ee51cae977277ccea64811c06568519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs.js

Filesize
7KB

MD5
008670225e2b0261c89c6333c3f564ce

SHA1
84992f6a102b3ffdc103e7bf3939d59a5998b65d

SHA256
84a057e60a462dd94f672376e5a44d48fe30f1f108123084c8323c56c61fcc6b

SHA512
ff47c28031e25860381c86cdc16c822261672e2e5f24c46c6850f74e372c3436ef7aac41511cae1c4e3083be9757393c17f3f97602859dcdd495ee571890d58b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\search.json.mozlz4

Filesize
1KB

MD5
469898d7362f18c5ec342b767e58b5f6

SHA1
c9d354e05b6ea6a62d18b843b3da32a3243e6cdc

SHA256
ea5880947a6737faf36f254457d94e57c7d82ff95896fc4f0934c3c098c3f293

SHA512
aeeaf80e85a30ca962f12fee637ecef89c6e583c09357b82f1e2d9ff2976a2043064b0bd11312bd3059b57acd1fba8b9f319b6cecee6b1667e71bc81a0fd525f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
648ea624280e409ac3a7f120b5e9000e

SHA1
168bd9dd85eb0603e0db6bef23a0df64f916bf83

SHA256
ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a

SHA512
49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
df3b032891d40be640f64ddb44d3b63a

SHA1
b215eb0e7871987ae48a467ca3bc3135a37e086b

SHA256
062b24f1ea4c7b4541f9036063adf2242435dcf60f0e1fb3b34b1ca84ec44eff

SHA512
007a95024c6e277125930263a2346808a1c4f00aab1e67acbacbc57ac2bd9f881eeac43ef51e72f979cf412240c80f744372ebd0a9a01e30fc06292be21ba0c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
57e9d53cdb0c2b97de316bbdd57e2b70

SHA1
e140edc6343ed4f4671c31c93e5efbe2df7e49c7

SHA256
447033b37fb856ad66f040609a1aecfcbfa721e02d71e6ab4a3b6beb471c7f34

SHA512
226cbbeebcb19e4dca136ed696a71a3c1f14799784393166dfd7f7e999458d987bb6ddcd539b88400b0552c8b7232ae8c6bbb520bf438aeac23d54bba9b5bb41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d9d268a1a5425674d2c7d22c4ecb065d

SHA1
347c22cd83280816e20be9cbfda9243a350f6f20

SHA256
9f864630862f8fd6330abd1267d5b20c769ec0acf04b1538c9d16a9266831957

SHA512
816fa05d5f2439a37d0f89f3e0328c947a01a60519d56b77778be3427e4b475fc5657df35b4851c6372c6b5f0aa027cb4a68bed21d5c70bc24223ac1a89f6254

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
feb553c18881c8054a9e349e9db6a50b

SHA1
a5963b3dd538f044f5b68701ab840fdb2d83b8d0

SHA256
14e85de2fc60ba615dcb5930f23a4ab3e9a0779ff3ca63df8874108cc698f06d

SHA512
5fd08297e383cc87016300d87428990bd16bc9b932e139c866952603be16ca6f7579998af684ae5d6249c94a42c59bb93b60d42efb38f90b307798b7038d2c67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
147f0dc8931fc2845543b99e1e12c1e1

SHA1
b44e30c17a1f61824f7515c094880fe4fb13cfb5

SHA256
cd09c686b7a8cd07479b439f2da9c89c033c875c885573add2e5a568d6974541

SHA512
4ef9d769f70b4641b243f3d7540269c25df3907a64c5b58b18a200dc4a981658b730b6dc46b5ad6dcde17ef310872ee7067307cfa092ae5868ac1125878342b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
8c67dfdd17b2d26315024809e29c13e7

SHA1
90e7eaae270964bdc743d62c884f731996b3fe2a

SHA256
09f9db557d379ca5e0c24785ac696823b01d22016c71d48d25379d13009a435e

SHA512
50c8b590831f287640809d7913ee1667992b06b695cef0371d3518d99c719992205fea58efdfe418a15f6ac24ee06e348955029e78cd0109fc5caec7789b5fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
384ca7ce2974d9c4b092c9e15d15bbe2

SHA1
15ce733b997330ea096419864bb10ea05157df80

SHA256
5063c9c8178d7594910f9a6074306f206ff92ee6c240006776749f55c08128ec

SHA512
6afc4b0bd217399459a00ae3d3680c3085992b5924159f986aea09985e0e37005c1d33ab469a04512f29171eabd72e329b89ca2cbfb65a028e92a971784ab91f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage.sqlite

Filesize
4KB

MD5
8ed7226092e677448b28c9117544869c

SHA1
22af71bc94bf07c833ef43eb560350f20756bac3

SHA256
1e345e755b85e9927dd7eb25abe7e83805f8a252ce5a271b5724fb1054c8a85b

SHA512
65e312ce3804ebd169fcd09ac13eb8d91ee6ef7b7dc0ccfb73e0d132984262a24b3b3df1d7163f973ad30bcaedf0ea846f51e1cf4f9845b3c961de39324bb111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
62B

MD5
a16c9b0bcf7f9e3f17a29f47877f8eb7

SHA1
815c76e08c32cafdbc0081bbed77469e1156018f

SHA256
b50fdb69c0153e0137ef2888dfd19fa5e263012ffd64eaeffa95e1103d930059

SHA512
85cba67618c43906be94413af6ed6f06aa1fd0145889cc2dd03297cd5c572c395ee7fd8ba8482dff827938ad9ac3519e633b24456592b2bdfbedb7bb5b1c00d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
cd4a95a318587ce800fff845aa75b8ac

SHA1
613272b60c3a91a9b5fd7b2931bd295a95de30f6

SHA256
bb7fc74d8df01e39a792fbf2da0ac59f40379afdfb83485a235890a50d218c14

SHA512
6a08063d1381425f57ade714614d316fe0eb054e170c1771b36bfdbfc326a173ae61863b7769935b456d0f5a81425ef9f2c706915ed621bd867d5eb783a0e7af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
e08930caea3e76acb513dc6c31552ba1

SHA1
0dfe95c2ca60de9a6f47299a8554edd5f1b13f32

SHA256
4232ea6b4e043d8db1f6afc47a05825b99fed898d960e82422e9b97c798adfb6

SHA512
8247945387d2b1f30c6626b202ec18fb77678c89d50473fd2877b66a46a6eb08ab675f344d318cec65a4fcb874510cab7e47f5996c5c657ab0d7b1b20c56ac8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
1468a759f39a691d5b28fb6a13af5c63

SHA1
f40c059e394ccd80921c8150793a39abc8b2a63c

SHA256
3194b063ec171fef5f370881b8911e3bc31520f2c4f527d3e76e18c7fba12e49

SHA512
c186331dfd790b245b018290b624149a4e99ec8a1164177c67afc6c00d47f336cf2a2655910e7957c5fbbdea620ad4fcc721a2d0a805d276da42cb51bdaf7052

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Desktop\ZipMatePro.lnk

Filesize
1KB

MD5
0aa5b9d71d014453f06cabac006a5259

SHA1
d065f4fab0cda3f1a5b54c4fddb290a2b747ecfc

SHA256
672653ef7ae988d5a027419da16954ac6eb35347bfcab87051b0db478a65f772

SHA512
882f7d539f616bbc198d812b585a65664c3171124a9c383785a4e4ce8885eb8014ba373e58af84061e115284a8d1a7fca7b82c159d71fa5069436300549c3bd4

Download Submit
memory/3008-4-0x0000016B59530000-0x0000016B59A58000-memory.dmp

Filesize
5.2MB

Download
memory/3008-8-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-159-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-12-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-11-0x0000016B59190000-0x0000016B59198000-memory.dmp

Filesize
32KB

Download
memory/3008-14-0x0000016B591B0000-0x0000016B591BE000-memory.dmp

Filesize
56KB

Download
memory/3008-139-0x00007FFA555A3000-0x00007FFA555A5000-memory.dmp

Filesize
8KB

Download
memory/3008-162-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-161-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-10-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-282-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-173-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-7-0x0000016B58E10000-0x0000016B58E2E000-memory.dmp

Filesize
120KB

Download
memory/3008-13-0x0000016B594B0000-0x0000016B594E8000-memory.dmp

Filesize
224KB

Download
memory/3008-6-0x0000016B591C0000-0x0000016B59236000-memory.dmp

Filesize
472KB

Download
memory/3008-581-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-0-0x00007FFA555A3000-0x00007FFA555A5000-memory.dmp

Filesize
8KB

Download
memory/3008-3-0x00007FFA555A0000-0x00007FFA56061000-memory.dmp

Filesize
10.8MB

Download
memory/3008-2-0x0000016B58E30000-0x0000016B58FF2000-memory.dmp

Filesize
1.8MB

Download
memory/3008-1-0x0000016B3CBA0000-0x0000016B3CFD2000-memory.dmp

Filesize
4.2MB

Download