umbral | hxxp://dox[.]io/haes

Analysis

max time kernel
965s
max time network
968s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-07-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dox.io/haes

Score

10^/10

umbral discovery stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1255230342629953626/QDBpMUKzkb3k3hpq6p02Oko7Jkm1CxVKY-fOo4r1njCG-2awP_YxjAKY7oIUE3pFLeJ7

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000a00000001ac36-1281.dat	family_umbral
behavioral1/memory/3724-1283-0x000001FD6AED0000-0x000001FD6AF10000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 18 IoCs

pid	Process
5980	systeminformer-3.0.7660-release-setup.exe
4564	SystemInformer.exe
3724	stereocord.exe
4596	stereocord.exe
1412	stereocord.exe
3096	stereocord.exe
924	stereocord.exe
1124	stereocord.exe
4152	stereocord.exe
6064	stereocord.exe
5440	stereocord.exe
5612	stereocord.exe
700	stereocord.exe
1160	stereocord.exe
1516	stereocord.exe
5932	SystemInformer.exe
588	stereocord.exe
4368	stereocord.exe

Loads dropped DLL 22 IoCs

pid	Process
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
5932	SystemInformer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\combase.pdb	SystemInformer.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	SystemInformer.exe
File opened for modification	C:\Windows\SYSTEM32\rasman.pdb	SystemInformer.exe

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\PoolTag.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\ksidyn.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.exe	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\README.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\peview.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.exe	systeminformer-3.0.7660-release-setup.exe
File opened for modification	C:\Program Files\SystemInformer\clr.pdb	SystemInformer.exe
File created	C:\Program Files\SystemInformer\ksidyn.bin	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.dll	systeminformer-3.0.7660-release-setup.exe
File opened for modification	C:\Program Files\SystemInformer\rasman.pdb	SystemInformer.exe
File opened for modification	C:\Program Files\SystemInformer\combase.pdb	SystemInformer.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\EtwGuids.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\peview.exe	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\COPYRIGHT.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sys	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.sig	systeminformer-3.0.7660-release-setup.exe
File opened for modification	C:\Program Files\SystemInformer\ntdll.pdb	SystemInformer.exe
File created	C:\Program Files\SystemInformer\LICENSE.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\CapsList.txt	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\icon.png	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\ksi.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.sig	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.dll	systeminformer-3.0.7660-release-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.sig	systeminformer-3.0.7660-release-setup.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.pdb	SystemInformer.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SystemInformer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c00310000000000e958973a110050524f4752417e310000740009000400efbe724a6fa8e958973a2e0000003f0000000000010000000000000000004a000000000003127300500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 73001a59cfd1da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f369159cfd1da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mega.nz\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a0354559cfd1da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = ffffffff	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	SystemInformer.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SystemInformer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SystemInformer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mega.nz\Total = "0"	MicrosoftEdgeCP.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\stereocord.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
4072	NOTEPAD.EXE
3088	NOTEPAD.EXE
2068	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5932	SystemInformer.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4196	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4900	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4900	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4900	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	312	MicrosoftEdge.exe
Token: SeDebugPrivilege	312	MicrosoftEdge.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: 33	1972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1972	AUDIODG.EXE
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeRestorePrivilege	5592	7zG.exe
Token: 35	5592	7zG.exe
Token: SeSecurityPrivilege	5592	7zG.exe
Token: SeSecurityPrivilege	5592	7zG.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	3008	firefox.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	5980	systeminformer-3.0.7660-release-setup.exe
Token: SeDebugPrivilege	4564	SystemInformer.exe
Token: SeIncBasePriorityPrivilege	4564	SystemInformer.exe
Token: 33	4564	SystemInformer.exe
Token: SeLoadDriverPrivilege	4564	SystemInformer.exe
Token: SeProfSingleProcessPrivilege	4564	SystemInformer.exe
Token: SeBackupPrivilege	4564	SystemInformer.exe
Token: SeRestorePrivilege	4564	SystemInformer.exe
Token: SeShutdownPrivilege	4564	SystemInformer.exe
Token: SeTakeOwnershipPrivilege	4564	SystemInformer.exe
Token: SeSecurityPrivilege	4564	SystemInformer.exe
Token: SeDebugPrivilege	3724	stereocord.exe
Token: SeIncreaseQuotaPrivilege	2112	wmic.exe
Token: SeSecurityPrivilege	2112	wmic.exe
Token: SeTakeOwnershipPrivilege	2112	wmic.exe
Token: SeLoadDriverPrivilege	2112	wmic.exe
Token: SeSystemProfilePrivilege	2112	wmic.exe
Token: SeSystemtimePrivilege	2112	wmic.exe
Token: SeProfSingleProcessPrivilege	2112	wmic.exe
Token: SeIncBasePriorityPrivilege	2112	wmic.exe
Token: SeCreatePagefilePrivilege	2112	wmic.exe
Token: SeBackupPrivilege	2112	wmic.exe
Token: SeRestorePrivilege	2112	wmic.exe
Token: SeShutdownPrivilege	2112	wmic.exe
Token: SeDebugPrivilege	2112	wmic.exe
Token: SeSystemEnvironmentPrivilege	2112	wmic.exe
Token: SeRemoteShutdownPrivilege	2112	wmic.exe
Token: SeUndockPrivilege	2112	wmic.exe
Token: SeManageVolumePrivilege	2112	wmic.exe
Token: 33	2112	wmic.exe
Token: 34	2112	wmic.exe
Token: 35	2112	wmic.exe
Token: 36	2112	wmic.exe
Token: SeIncreaseQuotaPrivilege	2112	wmic.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
5592	7zG.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe
4564	SystemInformer.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
312	MicrosoftEdge.exe
4196	MicrosoftEdgeCP.exe
4900	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
2452	MicrosoftEdgeCP.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
3008	firefox.exe
2760	msconfig.exe
2760	msconfig.exe
5540	firefox.exe
4596	firefox.exe
5932	SystemInformer.exe
5932	SystemInformer.exe
1484	WORDPAD.EXE
1484	WORDPAD.EXE
1484	WORDPAD.EXE
1484	WORDPAD.EXE
1484	WORDPAD.EXE
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 4196 wrote to memory of 4720	4196	MicrosoftEdgeCP.exe	79
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 688 wrote to memory of 3008	688	firefox.exe	83
PID 3008 wrote to memory of 3780	3008	firefox.exe	84
PID 3008 wrote to memory of 3780	3008	firefox.exe	84
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85
PID 3008 wrote to memory of 4572	3008	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://dox.io/haes"
1⤵
PID:4240

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:312

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5096

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4900

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4720

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.919569151\85728719" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c97133ca-bc66-4002-9330-e4c98e75584c} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1764 1ea006e4c58 gpu
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.150742694\208204220" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {127f784d-d098-46be-940e-fb165ee59689} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2124 1ea0060b258 socket
    3⤵
    - Checks processor information in registry
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.658335423\1618733622" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a69b303-6e29-4823-906a-9c0d123501d5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3176 1ea046e3558 tab
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.642271995\857848698" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad4ff1d-cffb-4d8e-ac27-2c7f41dba56d} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3300 1ea04c7c158 tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.1465714293\695438641" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a880022e-66bf-48b8-8890-0c8eafc48168} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4008 1ea05a89e58 tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.2103480498\20829034" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4964 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df559805-a9ae-4256-8efa-809d09133618} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4956 1ea04643358 tab
    3⤵
    PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.2048857672\1324041764" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e812e3-4e2f-4f69-a540-d3126b30a07f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5084 1ea04644258 tab
    3⤵
    PID:4500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.878645118\568604452" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08fd4806-c418-45f6-badc-f8b3586149e7} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5272 1ea04644b58 tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.8.760155187\168073067" -childID 7 -isForBrowser -prefsHandle 5124 -prefMapHandle 4956 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48633472-7c3b-400e-a939-5e30977509d4} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5060 1ea00906258 tab
    3⤵
    PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.9.1033564539\389742573" -childID 8 -isForBrowser -prefsHandle 3876 -prefMapHandle 4308 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7a5b3d3-ef2a-42da-b1a7-2fd6e7f79823} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3608 1ea02c40d58 tab
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.10.1453215289\1303661950" -childID 9 -isForBrowser -prefsHandle 3460 -prefMapHandle 3404 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e153236-d98f-4441-a202-0c59075e2811} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5568 1ea04642d58 tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.11.1598158154\280472838" -childID 10 -isForBrowser -prefsHandle 6504 -prefMapHandle 5336 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a3f4eb-ca98-41d9-bf57-3f362e022bf5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5276 1ea06b46058 tab
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.12.2043386317\2047818420" -childID 11 -isForBrowser -prefsHandle 10300 -prefMapHandle 6712 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1222014-314c-4b88-823d-103e06e6329f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5432 1ea06b46658 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.13.773721527\1951927274" -childID 12 -isForBrowser -prefsHandle 6744 -prefMapHandle 10152 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67b6d814-7193-4cc0-afb0-302d89664dc0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 10164 1ea7526f558 tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.14.1648722226\189349008" -childID 13 -isForBrowser -prefsHandle 9768 -prefMapHandle 9772 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {024500a3-483f-4877-8691-d631ed9b5cde} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9800 1ea0521cc58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.15.1883642330\657732427" -childID 14 -isForBrowser -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a2f5338-7116-4b62-ba6d-5e532463eac2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9612 1ea0521ba58 tab
    3⤵
    PID:196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.16.1127935128\1588165308" -childID 15 -isForBrowser -prefsHandle 3888 -prefMapHandle 6512 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b1795a-3541-4ae2-9f6c-a847c2c755ff} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5636 1ea08f80558 tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.17.1546543602\734699126" -childID 16 -isForBrowser -prefsHandle 10052 -prefMapHandle 5604 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4e51f3-f492-44db-bbb5-58fdfde98734} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 10160 1ea04fc1d58 tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.18.1425173022\180743625" -childID 17 -isForBrowser -prefsHandle 6432 -prefMapHandle 9944 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {284c2dfc-e4b2-4a72-b94b-c4baa3655cf0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9948 1ea05087b58 tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.19.765611463\1620599105" -childID 18 -isForBrowser -prefsHandle 6908 -prefMapHandle 5364 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a198a3ac-41b1-4fef-a6b9-139da251eb1f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 6892 1ea0a3a8558 tab
    3⤵
    PID:1908
- - C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe
    "C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:5980
  - - C:\Program Files\SystemInformer\SystemInformer.exe
      "C:\Program Files\SystemInformer\SystemInformer.exe" -channel release
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:4564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x374
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5500

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\stereocord\" -spe -an -ai#7zMap28666:82:7zEvent4802
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5592

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3724
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2112

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:4596
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:348

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:1412
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5164

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:3096
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:424

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:924
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:6072

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:1124
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:6044

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:4152
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5756

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:6064
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3800

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:5440
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5284

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:5612
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:2328

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:700
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:828

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:1160
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5628

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:1516
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3632

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4908

C:\Windows\system32\msconfig.exe
"C:\Windows\system32\msconfig.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Program Files\SystemInformer\SystemInformer.exe
"C:\Program Files\SystemInformer\SystemInformer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5932

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:588
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:5384

C:\Users\Admin\Downloads\stereocord\stereocord.exe
"C:\Users\Admin\Downloads\stereocord\stereocord.exe"
1⤵
- Executes dropped EXE
PID:4368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.0.156741962\1521060855" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a96fb2-bbb3-490b-ade4-1ce78730a46e} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 1656 236d030c358 gpu
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.1.939970802\264030289" -parentBuildID 20221007134813 -prefsHandle 1956 -prefMapHandle 1952 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8005d0ad-5270-4374-8237-b9f4ecb3d94e} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 1980 236be2dd958 socket
    3⤵
    - Checks processor information in registry
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.2.2129070120\821133048" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3136 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fc172f-5545-4452-849f-1413aaa94fb8} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 2872 236d036bd58 tab
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.3.1148238107\1685111181" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3600 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a890a07-da38-4199-a118-3bda6940fb0f} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 3616 236d4ef4658 tab
    3⤵
    PID:2820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.4.989837668\259058742" -childID 3 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2b2608-59c9-4712-8cb8-749950ae8651} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 4352 236d5f53258 tab
    3⤵
    PID:5632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.5.1974314362\1731585316" -childID 4 -isForBrowser -prefsHandle 3312 -prefMapHandle 3280 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c8289e-d51b-4dc7-8390-cd9780f11ae0} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 3308 236be25d658 tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.6.1402833672\302441279" -childID 5 -isForBrowser -prefsHandle 2372 -prefMapHandle 4760 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45f880e6-f4e2-4415-8eea-fd1226fd1b63} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 4188 236be25df58 tab
    3⤵
    PID:3804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2536
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.0.462176123\982714272" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1596 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {101de397-0e62-4ce3-ab3b-d4b33b91cc3a} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 1684 210f5ce9c58 gpu
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.1.1785946725\1060380725" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1944 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a069e35a-af91-48c5-9eaf-496c5e5df083} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 2024 210f5931758 socket
    3⤵
    - Checks processor information in registry
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.2.1311675359\388487051" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b35e2e31-2d46-46d0-a2eb-0836e86af9a4} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3356 210f981a358 tab
    3⤵
    PID:3584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.3.1720252342\1168575576" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {746bd7af-e10c-4917-b9c1-50c60fa7e127} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3688 210fa83c458 tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.4.198420458\415817055" -childID 3 -isForBrowser -prefsHandle 3872 -prefMapHandle 3764 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a630111a-29f5-47b6-85ac-ea9de80fd217} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3888 210fa83d358 tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.5.1835586414\1922239393" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4832 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06034b27-b9b9-4802-a04a-96ef243fc083} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 4820 210fc559c58 tab
    3⤵
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.6.693836623\3088257" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22b8e66-f717-4297-92a6-dfe1699bd4fb} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5084 210fb571458 tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.7.43956370\1280014770" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e88d545-0516-4843-8ae0-f5e7a2f6781c} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5164 210fc820258 tab
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.8.1875026282\1448014815" -childID 7 -isForBrowser -prefsHandle 5472 -prefMapHandle 3228 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31381a27-89be-4e5d-8fc0-f5081e6f10e5} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5016 210f9f27858 tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.9.545490983\1968226071" -parentBuildID 20221007134813 -prefsHandle 5700 -prefMapHandle 5024 -prefsLen 26888 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d80577b-dee3-43b4-88ee-97b3b48d89ad} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5724 210f9fdea58 rdd
    3⤵
    PID:6044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.10.2052365691\402923183" -childID 8 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5fe6fe-1634-4588-835e-a42929e19d04} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5872 210fa0e3358 tab
    3⤵
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.11.964030494\2071734723" -childID 9 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6102b3fe-5d91-4d0a-a22c-7e9cf99f124e} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3616 210fa0e3058 tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.12.682322480\733195939" -childID 10 -isForBrowser -prefsHandle 4460 -prefMapHandle 3288 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {154b21ba-6aea-4068-a92e-42237d78b6d8} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3040 210fa83d658 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.13.1428538744\1824459151" -childID 11 -isForBrowser -prefsHandle 6228 -prefMapHandle 5296 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a24a889e-a33e-48b6-b122-f94d6528d65b} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5168 210fc557e58 tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.14.900554148\472053646" -childID 12 -isForBrowser -prefsHandle 5376 -prefMapHandle 6244 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf2a3e7-483d-46bd-ad32-ddcf6019b8bb} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6212 210f6029558 tab
    3⤵
    PID:4136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.15.1601392\796292647" -childID 13 -isForBrowser -prefsHandle 6424 -prefMapHandle 6420 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abb660f7-455c-436d-98e2-2c859f63aba9} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6360 210fdddfd58 tab
    3⤵
    PID:4448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.16.2103025725\1458284103" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5360 -prefMapHandle 5892 -prefsLen 26906 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f2d56a-59ae-4040-90da-5080df54ff60} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5968 210f60b3a58 utility
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.17.1063331149\945041240" -childID 14 -isForBrowser -prefsHandle 6892 -prefMapHandle 6888 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3ab9b0-d6e7-4f01-9990-a3e09a260392} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5060 21100edcf58 tab
    3⤵
    PID:2580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.18.1038319483\1784013518" -childID 15 -isForBrowser -prefsHandle 10908 -prefMapHandle 10900 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3fdf273-bb71-4ece-9044-8615bde02264} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10912 2110307a758 tab
    3⤵
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.19.751154727\1890205143" -childID 16 -isForBrowser -prefsHandle 10728 -prefMapHandle 10908 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e64d0b-3af0-4050-88a1-542b6895b151} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10720 2110307b358 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.20.1231537806\371483242" -childID 17 -isForBrowser -prefsHandle 10208 -prefMapHandle 10204 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a181f6-5c59-4524-a6e2-23e2956728be} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10604 2110307b658 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.21.2072797319\96767500" -childID 18 -isForBrowser -prefsHandle 10564 -prefMapHandle 10560 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8be477d0-8cd0-4983-a41c-44e5d57597ba} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10004 211034d9858 tab
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.22.236749551\2100909049" -childID 19 -isForBrowser -prefsHandle 9780 -prefMapHandle 9764 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16434be5-ee8e-474d-bf18-dbdd10bc8a43} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 9784 210fa83d358 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.23.2070079827\1071213649" -childID 20 -isForBrowser -prefsHandle 10880 -prefMapHandle 10920 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff1aba1-e7aa-405e-af00-d99f5dd6b0d7} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10740 210e3b2e158 tab
    3⤵
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.24.1519482642\377856657" -childID 21 -isForBrowser -prefsHandle 10896 -prefMapHandle 6408 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71cf941e-e484-440d-9d6c-e966ea3315aa} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 9780 210fad54158 tab
    3⤵
    PID:1644

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Search results.txt
1⤵
PID:5780

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3f9159b1098344fcbbd924d95939be74 /t 5056 /p 5780
1⤵
PID:5648

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Admin\Downloads\Search results.txt"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\bb66e94794494e968932989f08ee8545 /t 676 /p 1484
1⤵
PID:8

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4072

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap858:172:7zEvent10963 -tzip -sae -- "C:\Users\Admin\Downloads\lol\lol.zip"
1⤵
PID:4520

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3088

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\SystemInformer\SystemInformer.exe

Filesize
3.2MB

MD5
60d6d4096eed212458d15c1ae5a69b9b

SHA1
b1ab46826bc2608cd4a36b5b8fb8b90d80570d59

SHA256
c2e6ee62a548067c722b71f19ce59e81922fe16d00e0fbf36a1a6e28803f57d5

SHA512
5bf4380158369dbe30e480bd4679899cbf8d7758b8e49f0b19caf5ea5832dc968b21567aab0ac7f5e5c97c48475ae79b303fdf97d91b8440fcb4c758062df106

Download Submit
C:\Program Files\SystemInformer\plugins\ExtendedServices.dll

Filesize
199KB

MD5
6815e3c7b86ba599c2f4b6bb954a95a9

SHA1
aebcc1ccbbe83e7e633e68b89a7bf0f81665baa4

SHA256
805054d9666437fc539765074820c85509011a118a2066f3edcd9422bd95070b

SHA512
febf8087542ccd097ba9d6073183101a80d86d800a8142e6ce5eb3ac995caad87a7f2e6644870fa9ceceed32a9e6b2dd16f731b3833aad3d03d5cedfa4af014b

Download Submit
C:\Program Files\SystemInformer\plugins\ExtendedTools.dll

Filesize
1.2MB

MD5
dc96b9a724d3cd8cfcf8733a9a61de7c

SHA1
2536761631bdcd087f2e5f6c7e6a0c4122457570

SHA256
a6c4d7661a24341a722aef8daa7c325f5fc4ada962de8b98483374fd274e0239

SHA512
3274bc3c7cd03390c494e92416412c63bda6deff243ce86640f93c032f28ffebee59efbb3ef08c051d3551c1c0c095e475b8c1d6e4aa483fe687048810d5dc5b

Download Submit
C:\Program Files\SystemInformer\plugins\HardwareDevices.dll

Filesize
343KB

MD5
01fd6be2a2c22b120daade0d1f29cc09

SHA1
86a5c543dc0c45877f2682faf27d848351f68fdb

SHA256
ffc35befa48d579ca14a20091b3cd094caba0d51a5b468a700b0ed9ef36436e5

SHA512
ef492fe5c607e1c75c6ef68d0c3455222e162b4d09e5e383663f0e353a95daf2ce437151fe25927ea1868e99d844142f20363b4031539647c32251dabf2c5e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\stereocord.exe.log

Filesize
1KB

MD5
53ea0a2251276ba7ae39b07e6116d841

SHA1
5f591af152d71b2f04dfc3353a1c96fd4153117d

SHA256
3f7b0412c182cbdefb3eedafe30233d209d734b1087234ac15409636006b3302

SHA512
cf63abfe61389f241755eef4b8ed0f41701568b79d1263e885f8989ce3eca6bf9f8d5805b4cc7304aaaa5c7e14122b0d15bd9948e47108107bbb7219fd498306

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\10736

Filesize
7KB

MD5
dbaf709281987e8a13d6d4d26beca107

SHA1
e0381996c228ab36d2b1eef76f3caaa0df952ad9

SHA256
1862d20049d0ce27b3a8c92492ba364f89c2778ce60fffd06ddc797f8d17ae3c

SHA512
970435dc0b4bfac6442f6ad46060e81d95f959c19f2e17b54db68bcc0828e1beb43a543f553ed265eeb910e3cade1b54cb0313af83effdc8e7a25abaa46ad1ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\11437

Filesize
14KB

MD5
80f0c9d82c59ae4d694d2fa8f5d26d15

SHA1
f234c732dae926d88a27e124aad2d311b7366f8c

SHA256
1923e61d98a349e31ac40b933ac27086836d6efce31b6fd12f9a6f84fd4b2bb4

SHA512
9cc72e406aeaec66682e906c47331385ffb694127959213cfb0c2c959e23b2559897a1e6a99054293ddb74dc3914ad285d26aacc32eaf308d83b32d869400190

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13553

Filesize
8KB

MD5
56447f5539081848b800c3698a963db2

SHA1
0906b5a90de6506c93eba6125b124786753c0382

SHA256
534cbbc843bf9d4ddcf75894695ea91c232c49250d0290dd6412c4f2be91dfef

SHA512
a5224a033ef62b1642c4c99abf0cc262276aa1cc56f403bfcfe4263264778891daefc5fb58d8a187eae665d84d96f71b6d76d67b855cabbba8727934b0244d6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13924

Filesize
21KB

MD5
601c5527f8274da745e5d7bb61f10970

SHA1
0d77bf63c94d578c515fd384570d8bc49544e0eb

SHA256
be55946d13bc859efc4aa02d879619c500952d07bbca7e5ed4cfb975fe40b0bc

SHA512
783eeda8d2ccba1ccb05b718b1a12492fb8d44e9a233023e3a1d959c7abef0c55c3bbe5469e49caba6c791e19ce6d9dee73f47880e2cfbf2f7f1443bd5330740

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\16325

Filesize
9KB

MD5
a879227a5aaa7f949393e8f2ce033a66

SHA1
731357c91f2f0c97b692d4c22cd8d870859c2720

SHA256
45166bd4bd79c7a736b4607557da577d9b0e0caac1a8960dd0687e998dcdb5bd

SHA512
130b2f64067ddfbaba6d3bd14ddeee2b4f62568c80c2a89adb67cc2e7271a12de7edfd5d52c2018fb8a8c4aafd7f7b0c44657acb4b83ae0e73f589b8ff10fc68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17213

Filesize
8KB

MD5
bbc5c59964cb440b44c63cda3e61f5a3

SHA1
09fcf955cc2085aa77f3f1274629ec67b21d2533

SHA256
a1656250b2c1aca85e0dd5fc20cba64d73afddc11d4e3d85cec1ff357cc9b798

SHA512
ada7dfd2ef7b05c472a31f412fdeabd5ae4cc60dbb123e4dc505f0f8c3dd61d0a4141a105598e35095f9cf1505ba0086c316df66c1a90b4bd151b0d74c033add

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17267

Filesize
7KB

MD5
fd3ec7828f44342f2df1c4f0804f324c

SHA1
876debffc04c062809a7f94db3a89ac09397dcc4

SHA256
f240bc5b3c6fcd1ec72a5164eb20e8a5e3134737916c2dd83f01851a197abec6

SHA512
20466aae12008e1408fc38d12819013eeb73b9d80dc452d61c3efb58470277c6268c3e0d6d4a1b3be645b55970224b3e0a734ba4e973e7a656a686d385c26477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17273

Filesize
11KB

MD5
1ec6cf90dcfd361a85b57561b79201ac

SHA1
d5ff4ba6bca349a3c6fa125e22647df4aa01de83

SHA256
012412951b6672782497693e2e591573bd73a9facb8808ea65d5b35dbad77d48

SHA512
ee02a4031c167730dbff1173b108d1271c3ed8de0b2a59b483f334f87e39faf877e1d8aaf5ee7865098c103b5c7cfddb16911249f58ed9a621c77cf05a6e12e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17998

Filesize
14KB

MD5
148b1fb2c0a5f2596c82ed43a9419527

SHA1
fbd1ef9624473a482255f05f6b145520299e2f13

SHA256
30f63c4aedafa7f9cacc05eaea4f1f1839d4c76552389cfe146896d31d0528a5

SHA512
d854efb1aa1ddfc3924519fc6c8e3fe80097e770ebea6372f1747d72ed52706698d7ff7cfcd32b337c2cceb4cc29ff76f3fa1fb5213f961ddfa1e2c526c29ab2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20573

Filesize
18KB

MD5
20aa7ace7786c08770b3960eb72c2851

SHA1
ec6e6310504ad9cf0fc7a64d4d2a1ef3920e8687

SHA256
18f92c85ea6a0e2772068c112eccb81f2e9ce8cdbb71526b180a437333ee9f5c

SHA512
74ac61f23288d1c9b7ec74d383a7e5d866e5d6e15641fade057bb8f36aec09f4447e7839b11e304520ef70c4e8dd1a17e5686317f84fb1b935de49885c2ff9b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20694

Filesize
25KB

MD5
d57005e1332929bc40c238368176a71c

SHA1
c8006c6a87e8c2874f50eb9b10690108032f759c

SHA256
657a4d676e57b9e1f09e9dc0337c58b31773fd669c426b223e76077d44a8d841

SHA512
676eb987715458e95beb5ac30b998bbf85c5cfce64690bc7ff82f7b6b769e4327e9e397bdcffc9f737de65dc7a01ac9e5ec33a0becbbc7c7ef8234286276f2a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\23960

Filesize
16KB

MD5
94616bbccdb60ed2116a72fc217fb479

SHA1
351d2a46b2e536cbff0613fa6b3dfb2aa111694e

SHA256
cf16e0273e494404a16e30e9c872599819fc4f4831cd0e89ce0f0899cc1674d0

SHA512
bac3bccebe851b5d6b68cff8474c56f4f2476eda63ce0acdd8323e2ff2d63ce04705000450ee1bdbcf59817eab6b80d58e351db60dd69944de7bc42ea7c2e5b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25070

Filesize
11KB

MD5
5505e36b5887ea6c8c5ea65245121ce5

SHA1
47a47b5618c4cd839f36603591262c4fd30bf632

SHA256
4e235be224c46ad146ce301ae1af6a04e2aa8b01b1254e2d02361a999da61056

SHA512
381b56a051417a15e061a19eea633102d9f4576b36896a861e6d90f8ffb99f8929626b8cdcacc628be31406bd7294c5253e93fbfd6f505baf1d78c933d68334d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25404

Filesize
9KB

MD5
a1e0e2811bb98a77211276ee407343db

SHA1
6b42749bc5d7f0ecb3d0c760b916e56d09b83501

SHA256
b44c6ce90d0acb6afc1f0057a7b85efe171c103e05af44269b16a89e0630b345

SHA512
42310933e8659ae8d7e4c2f2306becfc9b1e78d514535fdb1e0d2a056ac532344e79995ab0623ac3a4c74a187542b6532a441a901d127178900c5019ac20409c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27337

Filesize
46KB

MD5
81d5520ccaca0ba477c5d7922add7c3c

SHA1
2993b3d44e1f23d69723e85227c44f4305341dbb

SHA256
755f71490ad1dc077b6cefcfd9af73bf827f78729a0dfea14c88e84874ce49df

SHA512
163cce0b3447c4c9a4232670b8d50f052e432795aab567ce5b56cb43e6c2eb74ff93d374b2921317cddf051d504181899b0a8ac8bd0addb3bb82f847debc0400

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\32160

Filesize
11KB

MD5
ed9090aebc052c8f104c090710b5c71b

SHA1
5d2068747e1048fff74fb748c1ae6a38b0932d3b

SHA256
137d8bdc1f5bf3533b3fb4e9e18a93b7eaaf796e86b561ccb9e5530a89e507fa

SHA512
7901a61baff42ce3581f5efff188594f6260c7185c7bca5999e0c61a52ae8510d6be17fbe7423d312f63fe183420e59bd9ef5352c712ec0cabc3d2dad8fb8921

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\32725

Filesize
8KB

MD5
b574b457f90698b0d5439ddb981dd3b4

SHA1
dc948f53087268f2b920ed305af7d0c143026f88

SHA256
994d9af8604a8f905e51bba01dce8e97e0b22cf867cb4725d8056ed69714f457

SHA512
dfbe302c84527173a1e2f9b2dd02f5d4f9b278596b17e78db6e75ebdb4123c6c7f9fad81f3da0b374e073a40679ba2f9351af5919ff05fe393cde90dfd0bf373

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\7157

Filesize
8KB

MD5
37af385a40aa977922f2cbf3eb9896d3

SHA1
44c1c18e7f823ac993128199ec60d4fd0feceb51

SHA256
33f6ce1aa65af956f1a602a1296847e387c1cb55cb9c731d37bf18d2fd956c57

SHA512
0a080beb4d2163c3e659e1f949af8bc056ced6e7ffb4f45275844674e2d61e85be424a0dc7c07e5f5d737a1ce3f520f39dce0faffcc162305d1305d6d942383e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\738

Filesize
8KB

MD5
b29efc3bb93a3efdb7d3d6f86145989b

SHA1
49c278c9a3d057c955b0e9596023f8ae37fa14f0

SHA256
a3cea37185b1c33bbb547e0f1542441323d494e24301f12af8af7cd21bbb5140

SHA512
d4f6925c099c15231fd58730457847bf40a2f36585ba1f131faad9ffbbd8fccb4b071cd7df79e30bf843db1740cef645cc313ab660b1f8fdb84dd87cd1e2d7da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9674

Filesize
127KB

MD5
241340835b9b70cacaaf27ff3d815b4d

SHA1
81220d784ee375b7cfcfd96d04e8339639d71541

SHA256
e8ef091b33f6c803dda29a56620468a87f1d75573d7e47914effa394855aa48b

SHA512
c039d963843bc351f6894ad464f682ae336f7b6626b0ad842c6c06d2ed52f4d19259d4168f2b55b7f0792093933fb7c417ee7fc4a1e26918d8c72f660cf7564d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9974

Filesize
9KB

MD5
a6f51f56ab9725b20a6f23efbd51e12f

SHA1
3ca4dd113e8052908a42143820ff95c099b84905

SHA256
508e32053a9006334f4cfecd2f353114282e5b2bdfe729ef293b8f6897fa3d39

SHA512
c6cc98f6e344412a817b18919d725e8eade3713da45eb764ef947e6d0e9830baeb664662970ffb5b77595132a4db212672584ef01614ae9774d2fab9a85b6036

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\39327C7658BB144319B9CB7E37D85AA1B94C90B7

Filesize
40KB

MD5
d10637d8b3ffe3ae313b4ed0d81b368f

SHA1
6a4d5864e3c4192130411cb673c6f9767454f123

SHA256
faade035c5e50ee1d30e313821e8c7bd3ed8739c466756dc2a35cb3e43718ae8

SHA512
07340f59126dfd909427f129e97bd3f27e8f7681cab5caed3d424a78e8ada8835c8d3de66b11cdc15e0c69537471e5f04320bc57a8c8fb3500d4363661fbb9c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
1ea39d2728032843e809cfe43b499ade

SHA1
a084f3531bb97c406810ae39f2d82788c414817b

SHA256
531b321a4bc98d7d2d2fb1f42d94ec85de26c0aee1d52628ffe97f165b0caa78

SHA512
1d1751e03a82353d1714782275f3cd5aa62774c3d2796b2f35a1a2bcf721648db1135bcbf3c1ee7cad2dbbd5bbf713f94ba9e61190e2cca9fff474ab567c934f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6A97A7F0DD87D63CAFDFB2F74683A311A499D6E9

Filesize
11KB

MD5
62eadeafe87dcbb1ff68c3ee51799175

SHA1
b1fda1c663787b3db641ec6fd4e7c40e7449f9df

SHA256
b45ad4b8e81a1dd4a6c12d6333dfed8e7552a4fed8a7c4239f07573887c8d32d

SHA512
434edd4e05ccce884b7cdadd62fbc0e4bbae76d4b7b01d2b7760a5a7a9dfc76e73360a9678a557273f0929008f29aeaa43ba39a0c19ff6cd02dbcc9762114b0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\index.log

Filesize
2KB

MD5
50b71071efa963c77f664a0f017eaaf2

SHA1
dba3cd92fb7eaf7d264eba2d3c094cb55cce9ceb

SHA256
1d4347fcc99107bc8674ca8e30d7838b7e1305b5c2a7171a595a4ef90a1318c5

SHA512
2e44c2fa686cb8da6b2d9f07b6b1fe43954d0b3d2db9142df48cdf43876b826ce885491e4cfbec8cd139c194c70fb68fa787ddcbdfaa187342556f28d4ec0f36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

Filesize
7.7MB

MD5
1ba3784502cc36b7a4957fb72a3d862a

SHA1
98b0b2b0472171b8a6cad6a3ef625a6ceaffff0d

SHA256
2cea76b2fdf5eec199ed1e4ff8fa5057f6325802e53663360128a5bd7ed452d0

SHA512
475e225659b3d7feb61ce6be6fb1da8a98370d41900bfc43e47d358b4267c4d71beaf8c9b6cacd6185fb8700d53de2f8ba33275d6e2366ec64d297f4e1f335c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
1545a3e921a3098b76cf6cadccc4ae35

SHA1
1d67d3f30d70cc8f630fa7efc31bc55e54e56665

SHA256
19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027

SHA512
fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\thumbnails\8d600d380d44463983af74a8dd81f611.png

Filesize
13KB

MD5
fb0c9f6ff59988e8eeb690651769e58a

SHA1
c121e70f8904be81fd43ceef345b44edcad7970e

SHA256
600b6716bde73e9398a3a977b1ec223fe87a3fc1f58451318bf80def38318e0d

SHA512
068e7b1e9210705666bcd5c9d653dcccb013f76f1d5fe7102228208b803f7313e4863ef77c45d827ac182d4b37656bcab63eae868ff6b9f769bdbc5239285e53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\thumbnails\dd6973e3f3e1d61ffc31af8f426b13c1.png

Filesize
11KB

MD5
0511ae9d312518fb68032d6535b5869a

SHA1
c481a76e6ba4a2dbc4d8656d79e7b83431616439

SHA256
c41e2f559ed1740092188ae2ab647490489f9c495fa9b5219325322b113c687d

SHA512
54cf8f4999e0d50f298744b4255976205f580c5072fcf8c98912e8230e1f1fce5350b282ee92e5468dcff8cf295dc9fb963f316880e6db4e852aed066277b0d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ATXXLKKH\favicon[1].ico

Filesize
6KB

MD5
72f13fa5f987ea923a68a818d38fb540

SHA1
f014620d35787fcfdef193c20bb383f5655b9e1e

SHA256
37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

SHA512
b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB5F5FF3010802F95.TMP

Filesize
52KB

MD5
41114fd73e43d8a88373faccd9820e09

SHA1
ee0e1b73e398eec3f2c1000f6c73eddc7313cad5

SHA256
31ca402e90bdd2263ea6bb8b22c8c01baaceb7d73ffae5dd74a58bce4f1b2805

SHA512
a28dfbe91ffee04559d8b3336cde667a1acf22b00e0109549151de87890a9de3cb110d4c682fc303b7f76352f11b22cbe3252cdc7236c9be258b57a66eb47413

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
9180b36a3bf281344c958cf8bcd1f415

SHA1
436323b5b69378293dce34c9ed002b795979a001

SHA256
2e0014fecf346fbb76e8c92086700f0c265715a6076667d209249cbf508b31c6

SHA512
13ba75b0b0a16041cbbe096a0dfe6861562c6d2f9d260e8c7ed3078bf50686922675022ec949c9f70b3ed7c02768937bd219043331e0d56c4ef85d85540b7d94

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
8753c6608cd12bc8b6e9a34a47cfbd04

SHA1
04ba340c9eb5988233bac35aba1457bd589bc18d

SHA256
27f100594f12551eb57a9c1cc9cab3e5e69c2c2b743294859f52b304a4450c6b

SHA512
022a201e42ec79b3cbd31bc1a60c8b630a1a7408b8b9d5b11572e0efc9d33ab61a007751e6882a45557ecffce2ac75419663f7e54dba61702c50f58130c1c2e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
15KB

MD5
029c794d1533bfb88e7cbf6c663a2e60

SHA1
baece683d85bf9678f521042e75c432301788d6e

SHA256
bb04180a47e6fd6fc2e785cc7f1f7226c274742e3f196c8eef444bfbea9ae7eb

SHA512
95ea1a10465605fb379940dc4d7b8f84a06e6ae8319b6eb65af7a098e32b9fbd0c274544bfcd23c091703ae4a19784975b9cc25ae61cacac870dcdb211d8293c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
15KB

MD5
03a44d0822c6c62ab82c816c5e0fc3bd

SHA1
b93cc11a6fbdab483f84382d7f0e263311adf5ee

SHA256
f1f84745acc77a1666ba4ebce141e79ece2d65e1709e4ef4d2d30d44183da582

SHA512
958075821bf62919f263c66c46609daa89a4915af1b57a9f5b05a9231c55dfa3a8ae7a0197e712dc2827e0be1d1bf965042fe60695811d086c1968a1b40a5ae5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
cb08db3275f51a65b6371486666a1ca6

SHA1
5a9bbbc1cd177280f7586629726196c829e76cc9

SHA256
9df2c3dc9306606d0fcabdb8bce99a327c4d121a60205bc0891966c83987ce3b

SHA512
48614d0e31cfc830c948e0a023295e239e9792c58d1d8a3a5c809c9da847fad8c8a88ce1e7ed651d68bcfe137d57109a0bb275f085221d5365175a6a3ae7c226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\2c1f141c-cc23-47cc-a0a6-967d00583371

Filesize
734B

MD5
c45e3ae39b57085a8f4e587d90612783

SHA1
4ef89c19e7983d4ebfa72d9f54f299212a3bfe75

SHA256
1e10468ed41514a93662e16bf806a13f4f84ab16026876ba2e52a73da4b02445

SHA512
0888009837f6f24455b87ac45455de4725a5601181672e321b5734152efc6d680ddb938f76dc13d1e6afc44bb7fed98db0865926c9316ec0b96fef00dd6ea3f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\68852c70-ad2b-4ec9-a09c-957635ea7fae

Filesize
790B

MD5
6ec3ceaf78d4e17d52c807bd607f8c4d

SHA1
ad7f62a070b49597965e3ae1c7926886ac32c83a

SHA256
80bdbfce0077331c4b45ee2e5139456120753b24f44ddc2b824a5fcadad0b226

SHA512
95e09ff8176a0bb1befb3f9883b7947e7290c0f810604dd521110776a1f4fc9ddc57e90c3f84b744341c3fc39def458536d2f9920214d0dd05a90e0b556e84cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\6c7d37d0-a2ac-44fe-9eb0-3ec9cdc40616

Filesize
746B

MD5
7ef5f8e5f0a6499ebd9356db1fb34e27

SHA1
44f76699e5ad522a9a5033e4bea916ced22672bd

SHA256
9c2ed2f8ceb6a06e3ff6c862fe99a0ddf8dd5c7514051ab9743d714e72f327d4

SHA512
a52928a6e6ba8896ce602aa49c2758844e7b4d18ce33a744be634033bd9b721c101359ee29c35f77386bfd1d43245c8498842f667baf9067a5ba6381431ab1de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c3ead2ba-46dd-4699-a10b-f3bedd2882a9

Filesize
1KB

MD5
fc865a415f2546fe5174e10247558af5

SHA1
30ac4bfe0439f66ef03c7dc3f9a209c2df079e61

SHA256
ffc281e6d226fffc132f528b3e751f88aa397c3f2565aab7e66b12a80a0c937e

SHA512
12a443fbf0561a3ccb475ecd17baf2259955a7dbb15c1ea5ea1160ea14c5d85ddcfe680f3f56b9376da6d693e7b4a02ae9197116601fa72c0f0104e9177fa26e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c8689a0e-5200-482b-9ab4-abf3e38e2f37

Filesize
9KB

MD5
f8d50c699deb300898af0ff85b115a71

SHA1
778774519468e786b107e8f9b91066cd2caad595

SHA256
37599b4f76962eaf7280fe8ee518149e402a386e39ed3ce0a262a7ea4a0862e8

SHA512
3979d86b51daf79eab574b9b2d514cc629a3b8ddb462d2f9961e4ccae98f0e42b293533800d1f575bf9968ce52fb9252e1d1245425c9359032ffb3a220abf818

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

Filesize
96KB

MD5
ea8f76923cc7d15d1eef2ba4a4a57d04

SHA1
344f666e2b303e57f30323468ddf60d17fb82800

SHA256
c2a3a273577c72fb64c6510c470435465ca3fffa088d1e3628fd8da44445d91b

SHA512
fe8f96c9a03499f03548148e2b2ffac3ce0954e8d9f7cd7965729eb2d06186e11516d384c0447efe337fa5715bc46cc057880a3f9f73750a6a364194d444b1e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

Filesize
5.0MB

MD5
ebf1d473032986ffde600a2276796471

SHA1
b925ba7993df6553f411916ac7da73adf0e6eaf6

SHA256
35ad32e3ffdb56cce638607228dae9f66e88a58eab43be15f7541ff78144df4b

SHA512
b8d6e9d049b772bb8c3f6982b4ee2089b6f7504d8ea80e4df5bded812f3b303c84357c06a92b8399cc7a223c6abd1a44beb48d90f46043676b7c8f6b7b5f33b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
1b7ff0d2c5c16e5a45bf19eccd792f9c

SHA1
33ea2f48627425b03b41131c058adb8c326f27ce

SHA256
61e1d3fb0f9e23e62186fd5245b35987078f97331ad70d074bc264f3f7c65251

SHA512
8bf655447732f40fb88e1aeb78b3107f65f304a0d6cf844dcf40215e2948e57a60ed4b248069588817dc2585c5afdb24a3beea8b2afaf66a29ed50a76ff183a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
5f563224087baf8cbc4184f89bb93282

SHA1
bfb6977ca7fe62f1a555072d23203813083c1240

SHA256
79216ec8ec485b6999095c88cf3d2d731bbcf6c23a092fb17e14102fae0ea30a

SHA512
c9a93108686f5e98128336ed8ee2207fd55d1763a15375d76a25a541e6120d6180f34748d5f6f36f7749585817a81a0edecb5acc1b182f00fad043b5a9164235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
0ff3ebeb74a8ddbcc320b9e208681325

SHA1
5b0d065537892ee644c5fa35617b2dd14a78b808

SHA256
d4e1e9caafc81a6f1121dae0d3a396c52c3b52e0bd2e5fc7a9afec3c6285dd33

SHA512
66ae9358243ef97124ea60c3a0f432efededbdf13ed25eec3a793fb60d05d5c7c2874e6e36605fda3aa781accd8067036d9e9ebc2fae54906c9f565ebf272725

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
b669661d3b0ced91467951d06c9f09ea

SHA1
c5b162ebaf6ab0d99e38efaa2c2fd9116135ad02

SHA256
5ea508d07f90a35f2ebd3d6ba614bb69220173e8ad072fcecc57725001d9a75b

SHA512
038094f1a1ef81ebebd0e46c9abb1f29fe7e3713e997974f2817436eea82239b8769db03a041f75827d21b7cc50495a51f4d7892c9cccecfa6132b4975e785c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
398d60e70723e2a57844769267188e29

SHA1
a14e9079f6ef817a3e7f83c00f26a74a85616e80

SHA256
b09ebb7841932647a6a5c10438e4cfc1f2f44854cc9430a14d722532caf30cae

SHA512
65315a14f49b341d3ee23c4c1fa6f948865bd141b0d46de343a94643dcc39907a43044628e1ce06e9325f38b404110aab8462fc0bebac3ebb5c15c738a9c131f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
b86fdaee57be95552e2ee9bab125f932

SHA1
eb954bafe5195fd60806d831673765ec7f861f32

SHA256
795f63c54aa7a2c2ec1fca53a445d7939d12e3c9eca5a40e8316a702c389084f

SHA512
df2435c0c459296d2128192bb57d57f082128144067d782fdb73d44511e88279bb8b3e55aa479526d97b91f72183990a08c4e5a6206b37184181767660073737

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
fc0d0d78a020d08d9f342a80dd3ae8cf

SHA1
e995300a1629b768e9eaba8e093415030cdb8b85

SHA256
f3a93d5dd894be458dacf9f5ddb754ddb73914470d566886f4239ce48701b18e

SHA512
8cfb6dc5949ffdbe9caf063e38b8f076d78103c5ad6ab1a5ac15566bf9cc92c25d43e4261134d1865b3c73a9577d25ce50c8120a2943ac21d411852332393707

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
e1a7b41e3fc08d4ab7ef58c08be75cd4

SHA1
68d28c5bbf320d334110045dedfd6f2c7e026a23

SHA256
fd4b5fa6e4c989e05966152e0aaae68716fb91cbb1154514b71940961d5a666c

SHA512
a179a5dea3272d96a9aa4b4cd098d3d5db6abb088b9a53863e84ed1d2ff63b986f466dadd2f209d5f4aaca35352b3d6596880ef34113ff773320da7c4528013f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
0b9b4d9051257e94917d712779035f8e

SHA1
74f990ec53adab4ca12f2901d5e60a83a025a9af

SHA256
2dca4f8a292e75fb65aeb5d6a45fc82194504c6ddf8f97d494a92af13e797b6b

SHA512
62b4e97008f07d7127953a1dc7c7812f39369cf4c8290acef92749158e9c8506397370e3b96e92f7f556af9e398a567684e111360dc526439e64b1387bbfa2a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
03fce21b0c48410db68802b24d9c69e0

SHA1
ae1e93b4dd263610d721ec9ee71a07b2ab690f75

SHA256
c21889c51cbace0e1c0ce92ee90a39dece1c71a489ee9721a654eddac6f8afc2

SHA512
6835acce30cc7a9cd81c8d54552bd51ea68b208aea94e9bce66be7c9c9b872017733e745abb7cab977697c1d80e4e092ebedb1f529cba19d76d5a50a11588f9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
c74201230b7886539048d24fc5ca921a

SHA1
a35f39a77af400c5cb9b1e20e4bf443533d5a09c

SHA256
4bf691e1b4f5001a4b4d39366b9cf652cef6e46948259d66ae67de33cb42815c

SHA512
6a7dc98f0d0d14a2ca1774f0f4fa658096cde9c22c3689799390bf2fb02df3312fa162fc36ae784ea3beffd07afeb3dfa25d0c5170a7716e3be5b04a267804fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1d1c39fd31e88c65787f27909309e1f3

SHA1
b01cbd81e010e6b495ac822ac8ea350e5b0454e3

SHA256
43e104453f12d5f0abea3d36dbf6455d51204e7950831eb970c48592a6c5a58b

SHA512
a21f665c08a934c7fa14c0fc4688a28aeb3664c1922badbb57cb37c52776343e09f2691c1d5672f60554e6db6ef156fbd8d34dd5c632eb9f5de1d0c2a8fce71a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
66b4d6881c27464ac38c686480edf5d9

SHA1
b9d90307990593473950d054f869f0835f0169fe

SHA256
cfe3c48cafb0500d909bf961d8ecc51c80377338a796e1c26b153a41e341976c

SHA512
4ba9ba9326c242c33ea23ed53b57fae86037195d7c199e285cea1c3d86583815989bdbb9e1f96c8c4ceae4f8da7c02f1ec6861177c43780b580a5ae68133a42e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
358bbc3429e1bd3b04b1d75b7ad3489c

SHA1
319400789b905db0a3a75bec9c160648614af601

SHA256
ffa6e187beb3e2c71b09f8c824cfe9ba1c222aef9dafc8d514ff1411c81015b8

SHA512
b24d983f7e00aa7e5bfd1d510e964c68a6a4b43eefca54bc0d56f65aef2fd8845f875533487b8dcd5f95d928ca89283dde96a133124e7032c234006c2fed8d06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
354c0d66e495de5eeffac3b75e1cf444

SHA1
a407258e57f7e64ad7478195b81ead95c2cdb5c7

SHA256
b6c4a597fe6bcd60bb4f0423b44261618375c72fb7ec2014c006a7b2af9519e4

SHA512
37007247d870c95ca751260ab3ec3e25c573dc75f03fd40a2eb2f509eeab1f038d5ea3acea659248eb0a56d5c2bc59befb41d2d2958b7196c12238ded94a8b71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
25f783977fe52b3e8b79d98a3ec0b625

SHA1
2208a83d1127dd026b46338cee59a56643454f06

SHA256
26f196f142d8736cbc1c4f3fc247533a56746a0b3c52f9993c7d156f107c8811

SHA512
0d15de2889c2446cede6244ec9ec9368f058053a746af5e1cea5eddcc0f57052ccf1061472a2a0fbcf26802a88eb2f6451a675379343af7861465fe63a88440c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
d4df69111e687ca6886771705601c4b2

SHA1
a6aca6e32865a3cedd22a0d5c040761587b66efe

SHA256
854371bc651a537d60c3a3c817aae7600715cb2e99720e27efe87385f8be9d4c

SHA512
0676d2e4cd1f67f8d9b8bc7eacac5a16c6be0db6375f8d40d045224a661e8f673354a683adee5c1543898758cad0a8fa02f713d624e8837fb9d9e4f7a9cf56b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6af94f179a9b282b8d8d852d6f6ee95b

SHA1
dfd9ba1316f430ed417432cd92cc29172b23b8b4

SHA256
605d676e77dec03bf2ed34b585d5873d481839e1ab5104a93e81b816ee37237a

SHA512
ca180e677edeab054206d634cd315867d316c6e09012dc4fddb70458a7f73b63738c3166621de7cf4600499a6a0d320e503f3362489aa68eb0aff5c8701dba39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
eb1f9c24e94cec0b3ed8e90210168814

SHA1
9ced34d6b98061de860a20a05638341281855fc3

SHA256
20ddb39a23f51172745d10a89a15af9a7e06e5095746ef0270807891bb3abb35

SHA512
92c087c395e05d1ada30da772425373b292a7ea2997e002e4766157816aa977861e7f061f33a408ae43cc1216376d7dc2f838f6db98d67589579629bbe5be49e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
7c5b9de05b0770c872bab5162b10d156

SHA1
b18681ab4c5fa637b674a218df8989cafd0717d9

SHA256
d76ada8afc2af3a0d0bf506f749487ea32263af4b09ab3f86679915f2fba232c

SHA512
89a562f98c76a229d51f84a2526275f2b473f98289a26ed1f3d01310526c97cf8903c75522d1821e1765223d7f1c8e9fb130d28b6172388503ee51392f1ab0ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b22651697d85a4d0651045c44e3826fe

SHA1
d0e34e0d3f24096a8f94c00c173ea92e227924ca

SHA256
44acad625fb212f7518644bf58a0c5bdcdb239fb6935f5337ade865b3081d5c6

SHA512
a2b6800998f43a05f23b1f17e51115284d6fc483606f7172045f4c89e9c7bf9c880b116016b9f5dd379229d0af0d3b1b63cdb5082d077114de5e05c7f3dba46f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
7bee63a5ec882983a2db1d969a293228

SHA1
3a4b60d691539db59d306c9829c03ebdbe59e80a

SHA256
e6f16a474ef94e6075c213cbd7b20bbe2cdf66283bfdeedad810ac702d8112f1

SHA512
93f907b054be89b66132612def4d0c2e60a736158af8ca1dbe1ece014534cecfd827f1ac3bf4c6c744f050920945da698e32532389002d976efd598980129dd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
dd34a6e4f258827385777d605d708291

SHA1
077f7f83282f28dec9c02039005dc6dc5683c31c

SHA256
dee67cd8a1f6099f1b551edf0d8e89b389cad89d6cb5d2734f007ed62e06d5e3

SHA512
f210ca504dc95005c4f8ea8355ce86eff8fb4bd44e2cf0e88d649fc041b6d2c029a0b7d596361cd49264d51f7bc1b0bb8384424f9b28e188f8ff54b7725a09da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
1f0629f3cb47ccda659a6a1d0ae46b53

SHA1
fc879d226799dc5b56eb46491d8aac86f6ee8a70

SHA256
30592b5f127f394071103f3f6690310c5232e2b2e6d996aa0c17e8a1e6a502bc

SHA512
877c4f9e01c0f9d8546c18a7ec6a346172d70a9aea751986f28f6f852bf7921740f3bb97800b17c8059edcb464628ffff40d409ff136687b4363ae777696ccbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
1a442380efa2975dac655f3c1bdce730

SHA1
8e1112508e5d012a29a3ab62c2508d9175d4b2a0

SHA256
5dc19b37f69fd60137295bf45b0cb831901e5a3e10bc35f71de7979efadc300e

SHA512
0a2eb7921556731a1ddcbb0b1bd2ce777b6e5336727229dfa634a0636486d66e6963bdcb2a1677bee53c634198e32a1390755c88c070ffa2ab56499a0a74c6b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
d385bb81c154a82eda13a8e4ce617443

SHA1
528cc4e852aa12805cfabeeafa205b91f6880021

SHA256
fe11e46dd05dc00a7582fa894af3e39ed1435849673def9b60dba04204c7b459

SHA512
a57dd8e5edd38bec132b6cfba78654b6b2a14935a23fb23c51763e1c3e10ea00a107b3a09491350cf4188e2d75c1c675fb27f5afc9fef01d7f823491ccdd687a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
a00e1fe8d52c7c9647f3ae9d28192a32

SHA1
bdcb8d7048ec6712d56175867478e079f049c08c

SHA256
807d4ff4e810c72dfddbd297cd21f7f11516ab8f68581b42f02fa33aa83138bc

SHA512
af0b4cd168e5c10910eddc9606fc70c492ea53908957143f1ca0dfcd1883c0420be0587a29d3c32173665338f3a7934ce047b99e3c10b6be2a2db21176807670

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
46833b1aef5eff70d68aa1335e78eb5e

SHA1
c3a55a984dd051507531c61a47040c2440f119d7

SHA256
9bd06fbed5ccc981a007a99eb43967f430f356d0a1d47fe882192bf0f1046a6e

SHA512
768c67188369670014efe4edbbdc071b6ec7fd5888410d694b32b6aad0215df04027d4fabf1dc50bda4eca997a845b68c15876bf1faccb4d5612e086614b93e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
f9826fd7516ae0752217182aa54b54d5

SHA1
2e6d7db74f1f269412c098198c22a91c6a72c60c

SHA256
05be807c54bf04536bc47c9fbdd81ff9062e46920231c1c192452551a7a6fe71

SHA512
b0f6cdc11782f7754b437e1430af2dd38b54b1649b84b6297da0cd3951b568ad27829f8f279142c72b2860f0f63d34d53fddd82fb1e1594b1d413b565a5c6f85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
578c3f549e4339a50ca61038987ac3e4

SHA1
c1f7e1970e51a4fd076c3cb0eb22f7db62f4c632

SHA256
a3cd473984070f59641db31b2f899e17d5cadb85d86561fbd7f7e49219a46ea4

SHA512
5e2482f636a6380564bc6ca647f9d5d0b914eee8dfa6efb8c8a9eed08e30d52777b20b17f3243aefbf1e5288be45bb4f077322cabb58fc537dfed668f6236a90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
54e1be8bb8bbc4e2b97e412c2749588f

SHA1
56d0744e150925b68b4fa2527e8707e5e12b50c4

SHA256
a40df4187cfb2a30d8b7a0e632045a81ba280b096f45978e09ad832b8a9938be

SHA512
917edc23ca6a48089fa920bc47aeda2b373fde5b35ce3a4a1f874e09e1131a4ffafbdd15df0f910474bffd0761b3192cc984af5ea8783eba07bf5d29510bc815

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
36da1dd1d086133f1e72fc4857166950

SHA1
db30a7f25e690abb00727de267cd8344299f8685

SHA256
415f390de6b1dcf495d494f2d42f02d249781d3c8eb9362913e7d21c028c9e6d

SHA512
d209d92e94d1679d88a14664d51709d489657047edca1ebf44ea027036a5b0273aa5a23c1f25bd0e59c6d0b59e3d23ca62a15b4776e45856243fcaf265aeb7c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
9956c4a3b8f6cb31ba5e1de427988e2d

SHA1
c345d6b6039dbdbf680cb2e2de80b757bc59cd5f

SHA256
c0d40b053c56615cda579c47841e35338067126f4f77555b2bdb859a378f4ead

SHA512
f5ff444c66b933e9d2a31db21047a647fff9dbdfc37a68955bf0e101a59f676bc677b42ccfc511d5c4d27f74a27619481ea1beb7f6abdb52d85d4782969df669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
abef5eb7b2bc0b174228909cff338759

SHA1
77898724d3920dd6d8240cd84f681c26721fbd13

SHA256
e5ce4ecdaab32b27fe53da1c015248b542cd7250ff938fae04effdb30cf78588

SHA512
6b61ef1281ce6b94790dc80c647c9a6e8a9447c020f0e7364205db37a9d991e5256d3272a713e1827985ca48d357eeea694ab829f861d1931ffab8614482294e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
5675afbf49b900f7dca3b4630f2e89f1

SHA1
b902b4770d5d34d2f994fa146af8082d118b04a2

SHA256
e52dd08a8b8885a62f40a5548f2eeaece3f40d4584f034cd37759846ee924af6

SHA512
3b9cd368e049d393b4b1459e4a4a86ff491a20b18033edac3c6a1c71f74b3749daf46f8093b8e1411767baffb5f2fb81cd3ae384b7d9341011d345be01cde2e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
261ef3948a3445210b0aedb586a75ced

SHA1
c93061eb49409586baf2a2fd56e4d7f14c8b327c

SHA256
3e055b57ef0099bd2963ca7b79d41b02c7a8c839bb7071a7a19c59a541c00018

SHA512
edc5a88d1af75b87bbf54e699cf0723ebf75dc894ec212664ce6d72f1080185206f3ea9ece335add13bf248a7d3fce38a1df8bf926510f6c3fecf983ef94c5a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
a6d186f661efb298e600d3cfc899e303

SHA1
0d489c1d99f36434819795fbf2c8d55d979fa95c

SHA256
376a417c3e0f58272e31cdfeaca9fb67d78fdb369eafaf8292fea4ffacadb2e6

SHA512
21b57e7ffaca1db8ee70f0db0fe5d09735837fbdf0404459ebafa990634f0d57cc76014b1e4560ab99b4057858a7427400f4c3692631ab98b7ee74c3498b3d7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
907B

MD5
f25062cf2512d7e3f37b902190e94fac

SHA1
3d7fa2ad0fbe00934c985a5f52abd45744ae287f

SHA256
457c20f4b285c8bc939623b44ad7bef67c24bcc9e4111950143aa8b87d8587f3

SHA512
2297b79c472c4ab4e208dc436ce057594315ab727b2b45c8a43f4ee00ff4d0f83fe438a2f7f62c01036d05b1dd0bb40c31f37766e0b5491c1b2c9c02e73c5add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
8KB

MD5
8406d2aff88ef60c5a9d3a8f672ab983

SHA1
0abe5dcbc50c19c10b3876bc0080b502fd4bfcdf

SHA256
f1fee6500bb2e887119f39663c63cd40de3ca8ef44793ed88f2f05011f7d7f1d

SHA512
b7f5774d9d25e900c114731e2acac3e1d48168079127a5d5bb5841a2ed304694ab021ee132a8f6de30bba9228e67aa9e5b0b4d98335ff0ab3e5a1d3dc30b9192

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
24KB

MD5
95361bb0554f63b966f6189425b656fc

SHA1
5414ad45786e5c9c9e6ff763adc24fa9eee49d67

SHA256
5ee63849ba5c4045d8523d4dff83395c3b39dbcc55677ace47b320dbd6fdc189

SHA512
89753509407e39b7fa1b50f77d20e34eb8e26568477e3603d08eb774875d126029bbf5b47553e72962607c6c505cc80127bb8ea31e0e2a50511d2f1576f43a31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++mega.nz\cache\morgue\57\{fb5383ac-89d9-45b3-b670-339ffbb7c639}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite

Filesize
48KB

MD5
7164a153fa618a0db5533d45c2b1dff4

SHA1
858765974f895844df8d7af8fccb8da13801f96c

SHA256
5389ceab38b506c6de00b5feb51242c13b5ea2c88a3cd44192c160b87e265485

SHA512
5b87b4e1a29bcc0bfcafd8437e32a3d36f6c700ba6f566d7bbbaf1dac21b58f40de1e7c9a9aa4c1d7b8426f70cc211ef33e125c3bf9e29f1a295eb8d05d98adf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

Filesize
215B

MD5
362246bf7b7acb02b8b6ab62c4b18fc7

SHA1
d171fff3779c6228917423caab154d84b19d6ec9

SHA256
a9bddc5efdd4e2b436fb7557646afe419e231b98b1725673ba8d7950473d0f8b

SHA512
edcb0dbede5f85975beb74450a2d41d4c16d930aa7e6f14c3b48455181211cb18cbd50498f9d292f3a7adf1d8895d4860707cfe1c2d4adaeed274980ab87a03e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json.tmp

Filesize
139B

MD5
746641527af388096073f90326f2ca08

SHA1
e5d8a30a4704722a5753043ff2322e72d2fd1499

SHA256
1b5dc479f3d46dda19d2be43427be3e6380ce9c0555d748cf25d4eb5c24798c0

SHA512
8f5dd090147dbb97d6924e579d9dace4812ae132a7854c230fb5ea3cd894fd6db552a9877a76cc0fa961d330ed54291f80f618572e794afaa8aad5abc851f0e2

Download Submit
C:\Users\Admin\AppData\Roaming\SystemInformer\settings.xml

Filesize
29KB

MD5
6342da3289a788ef5017d2bfc5f96160

SHA1
a3a5630bd908c053a2cec29013c5a78ac12c7871

SHA256
c6edcf1539fc8f909f1c813e276e3395fef4e496961c53c62833ed7cd6f2da4d

SHA512
8d1aa341915a2e247b4abb011f62cbaf4195328875b02f4a248a95ecc28f2807ac0568ac88fb906e3dfc744652cd6a3fc5b3367709cfecf02c5464f9ebdcc7ad

Download Submit
C:\Users\Admin\Downloads\3gH7gsER.rar.part

Filesize
79KB

MD5
42e75638d3969c9d1e6b1fe5bae02ee0

SHA1
f3d2982ff4a3d9335de4586f9ae6a65e09e4ed98

SHA256
7ec52c05c086799ea24514fbe6e3ef6c35e65e66cf4a03a890447f32219c58c3

SHA512
493455b36eea7b354bb658a706fbb7c5d529a01a9d8847b79b7779b5598cd89ceca4d0c2b4e3b8fb71d2da92feefbbfabff04bb7858a9235780df27a8e9ffb5f

Download Submit
C:\Users\Admin\Downloads\stereocord\stereocord.exe

Filesize
229KB

MD5
93cb4256515db89ce22002d8e5892ee7

SHA1
8d944861ee6e10ad49a0b592969f84ef19c1bb88

SHA256
03f6a8c7682b9026d19c8f6dc162aeb77a8ca237d9fac278114ef7f33cded978

SHA512
ded4ac6d026aa35b31e9bf0e8bcd91c00191ee828b92d183be4e62634fe90f36db4e7aa3f730d201a986f5d34f8b277f6052dcec1c1bcaa839cff06be7bfbd46

Download Submit
C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe

Filesize
15.1MB

MD5
0d909a4a638465a17bc9f37c5024e574

SHA1
eab2bc1ca6ebfa17b95b8cacebcb04043238164e

SHA256
a82821a4c18ef940354b84cd625ce0fd8ed5cfba5418014063f054071bd5fccd

SHA512
5ca49bb16ef39f1cd7914a083f50f71099934b29baec7a813db16bd89ca1407912e135be7fae9260bc1513d722dbcddd5e841e50cab08f04eea0364f1ccbd324

Download Submit
C:\Users\Admin\Downloads\systeminformer-3.Oq24HQGe.0.7660-release-setup.exe.part

Filesize
63KB

MD5
e67cd84a09b80fb953c88e90b5710fb0

SHA1
81fecc6cbbd15d4ee251a27270ae2630c0e0ee90

SHA256
11142bd714571661b9d1428c8025fb6af24a0d80d0bb582c411a36b34c109bf1

SHA512
eac702d22ef79f3ea83786cb2aeecad475f2a299cd10c073ef9102d92999275f5325cf5a6fc977855cf6e53ddb33f5edf7ca14930fa817a9c9e854b4027eb154

Download Submit
\Program Files\SystemInformer\plugins\DotNetTools.dll

Filesize
203KB

MD5
56421d2865f0d3c710d234a3c556d7bf

SHA1
b78b8d0799b32a9064471fe5ff058477e2460da0

SHA256
3546ede3a7a85f5cfd74c473c50bdbcf19c48310503fb38937e082bfdf998be1

SHA512
f91619361495f7b247f3ad07800af025ac63deb5e36c1f81f9e37d1a4c9d44da1921874c0a1528e4dfb88fd1992c1c4daea8e09c5c013c23c17b150c8d55ea92

Download Submit
\Program Files\SystemInformer\plugins\ExtendedNotifications.dll

Filesize
155KB

MD5
a6298a0a586067279a5334b9337d1034

SHA1
ebba80db97b6457bd1adba783ced4493360b39b2

SHA256
d111eb9beb8e4635b87e051b47af97c190cc1f8d0cd7ad7f1557762f9a43b863

SHA512
dcb64076b7be0447dd65fa229714853776b45dfebe4a3c748389064abaab5d41de3334cd4ae05a9501f57aeb35e724fa29d21b7cccca1a31634408da77ce00a4

Download Submit
\Program Files\SystemInformer\plugins\NetworkTools.dll

Filesize
623KB

MD5
ceed1b510d002839b9a9e40c1253ca80

SHA1
6e5054bd2d4bcd9679fe5cf38c245d1b04975c18

SHA256
269e630ec4760651af16939ee462cdf384e9aa6293082b6fdf164abbe4a64790

SHA512
15dad48bdc567573636e3092bf17de2c8f31ead2bc785b8ed693387907c34843a2b84ff2282dd3a076cf48604516b499d4487d819b9647fbc3e11e058fea9576

Download Submit
\Program Files\SystemInformer\plugins\OnlineChecks.dll

Filesize
215KB

MD5
e20b9986cb01302bce63059bb83cf544

SHA1
55d453b20ab9cb29d4553212d897a3c558ba9c3f

SHA256
8bf52b4d8e32e502f11f1a4efcee33930a3c338dc506a9a0220cdd5bfd808557

SHA512
57531957bae5e8bf89237361ae2b6ea1bae56ed7f37786e4fefbc28a664903ade6c0672bd287a22005693a59c29fae9454bdf0aa6f46b3027cd266ec4bd2a888

Download Submit
\Program Files\SystemInformer\plugins\ToolStatus.dll

Filesize
407KB

MD5
f40b030643d4b2c496851f8f4a88f0c0

SHA1
2f99c229466e8b9393d87e9e3bca8cb2b666334d

SHA256
1f5fdd373022a7326b606024de4c9887adb4a11c3316cf26e1ba8c735fc11bef

SHA512
2b55e43e7ad24cc37353921f681319a1369b162abc5ca72b754397025c6d94d4d9de6c51a8e174797c83a4b699a007bece9671b86d56895fcc0d5fcb102ddbfe

Download Submit
\Program Files\SystemInformer\plugins\Updater.dll

Filesize
179KB

MD5
0458698493e55a2fd790fbb5b9622cda

SHA1
7035caca22e5e6442a55099d6e58d96e3759d9ee

SHA256
3be34e2090edaf01f832ee9bd27ea52c576e9d11ffda2728af336869f0c887e9

SHA512
b0c5e3c08278243af6e5f9cdfe3cee5628ec4420fb5d01514ddfcf9e2a0219d00a90a6588ee4c96c247ebef9f5e7b4ef8cca7b673b54183005fed51386e7281c

Download Submit
\Program Files\SystemInformer\plugins\UserNotes.dll

Filesize
187KB

MD5
2199d7b465f79bc686c96df9f3211d43

SHA1
b8914fb38cf41c68b0c233898967fb8669a57a94

SHA256
49a8bcc83078e8290f7406cb27b77e9c24ecf1f91e50ca756bf776031dc72f48

SHA512
840eed353fe29a70d7d7b444f6bd649471a6ebea335453f1e6d35d19782c82307241e2c333dfc282e6ebbfc83bf3c6bbcbde93502d95c6068ff10dccadfac30d

Download Submit
\Program Files\SystemInformer\plugins\WindowExplorer.dll

Filesize
215KB

MD5
f33adb4807118a494631475860bd8a66

SHA1
6bbc6e5914edf92839cdf7421a9e231f9c3e1a9a

SHA256
4f6141e419cdbda14137336c78492cd21a1c00e61e7b3e7ba646db4995fe678e

SHA512
3d7403737d1dfafd49b59566b31bb9e5ceca73685d8586c685eeb583626201568efc9ccf3a952106bd2ef585ae979f9af9caeaeaf4c5c89fe740105397eb0f90

Download Submit
memory/312-104-0x000002AA6E170000-0x000002AA6E171000-memory.dmp

Filesize
4KB

Download
memory/312-105-0x000002AA6E180000-0x000002AA6E181000-memory.dmp

Filesize
4KB

Download
memory/312-16-0x000002AA67A20000-0x000002AA67A30000-memory.dmp

Filesize
64KB

Download
memory/312-35-0x000002AA66BF0000-0x000002AA66BF2000-memory.dmp

Filesize
8KB

Download
memory/312-196-0x000002AA6BD10000-0x000002AA6BD12000-memory.dmp

Filesize
8KB

Download
memory/312-199-0x000002AA6BBD0000-0x000002AA6BBD1000-memory.dmp

Filesize
4KB

Download
memory/312-203-0x000002AA66BE0000-0x000002AA66BE1000-memory.dmp

Filesize
4KB

Download
memory/312-0-0x000002AA67920000-0x000002AA67930000-memory.dmp

Filesize
64KB

Download
memory/3724-1283-0x000001FD6AED0000-0x000001FD6AF10000-memory.dmp

Filesize
256KB

Download
memory/4720-80-0x0000021413D80000-0x0000021413D82000-memory.dmp

Filesize
8KB

Download
memory/4720-173-0x0000021414D10000-0x0000021414D12000-memory.dmp

Filesize
8KB

Download
memory/4720-129-0x0000021413B10000-0x0000021413B12000-memory.dmp

Filesize
8KB

Download
memory/4720-133-0x0000021413FE0000-0x0000021413FE2000-memory.dmp

Filesize
8KB

Download
memory/4720-131-0x0000021413FC0000-0x0000021413FC2000-memory.dmp

Filesize
8KB

Download
memory/4720-75-0x0000021413D40000-0x0000021413D42000-memory.dmp

Filesize
8KB

Download
memory/4720-153-0x0000021415900000-0x0000021415A00000-memory.dmp

Filesize
1024KB

Download
memory/4720-77-0x0000021413D60000-0x0000021413D62000-memory.dmp

Filesize
8KB

Download
memory/4720-171-0x0000021415F00000-0x0000021415F02000-memory.dmp

Filesize
8KB

Download
memory/4720-64-0x0000021403700000-0x0000021403800000-memory.dmp

Filesize
1024KB

Download
memory/4720-148-0x0000021415BF0000-0x0000021415CF0000-memory.dmp

Filesize
1024KB

Download
memory/4720-135-0x00000214143E0000-0x00000214143E2000-memory.dmp

Filesize
8KB

Download
memory/4720-154-0x0000021414AF0000-0x0000021414AF2000-memory.dmp

Filesize
8KB

Download
memory/4720-177-0x0000021413F20000-0x0000021413F22000-memory.dmp

Filesize
8KB

Download
memory/4720-127-0x0000021413AD0000-0x0000021413AD2000-memory.dmp

Filesize
8KB

Download
memory/4720-175-0x0000021413F10000-0x0000021413F12000-memory.dmp

Filesize
8KB

Download
memory/4720-149-0x0000021415BF0000-0x0000021415CF0000-memory.dmp

Filesize
1024KB

Download
memory/4720-169-0x00000214157F0000-0x00000214157F2000-memory.dmp

Filesize
8KB

Download
memory/4720-156-0x0000021414EE0000-0x0000021414EE2000-memory.dmp

Filesize
8KB

Download
memory/4900-43-0x0000015EBAA40000-0x0000015EBAB40000-memory.dmp

Filesize
1024KB

Download
memory/4900-44-0x0000015EBAA40000-0x0000015EBAB40000-memory.dmp

Filesize
1024KB

Download
memory/5980-1165-0x0000000000BE0000-0x0000000001AFC000-memory.dmp

Filesize
15.1MB

Download