hxxps://drive[.]google[.]com/file/d/15FTrCRoDmx0Cj4ogb4FgqSa5weMDZ5yX/view

Analysis

max time kernel
189s
max time network
190s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-08-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/15FTrCRoDmx0Cj4ogb4FgqSa5weMDZ5yX/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
3	drive.google.com
100	drive.google.com
101	drive.google.com
102	drive.google.com

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 202c1c8f55e5da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d0bd93da82feda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "752"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 3027713e23e5da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a5f1f82923e5da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson).apk:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson)(1).apk:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson):Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6228	OpenWith.exe
2864	firefox.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3952	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

description	pid	Process
Token: SeDebugPrivilege	360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	3196	MicrosoftEdge.exe
Token: SeDebugPrivilege	3196	MicrosoftEdge.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe
Token: SeDebugPrivilege	2864	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3196	MicrosoftEdge.exe
3952	MicrosoftEdgeCP.exe
360	MicrosoftEdgeCP.exe
3952	MicrosoftEdgeCP.exe
592	MicrosoftEdgeCP.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
6228	OpenWith.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 3952 wrote to memory of 832	3952	MicrosoftEdgeCP.exe	77
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 996 wrote to memory of 2864	996	firefox.exe	82
PID 2864 wrote to memory of 216	2864	firefox.exe	83
PID 2864 wrote to memory of 216	2864	firefox.exe	83
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84
PID 2864 wrote to memory of 428	2864	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/15FTrCRoDmx0Cj4ogb4FgqSa5weMDZ5yX/view"
1⤵
PID:3336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3196

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.0.2084510156\14382214" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c9141e-eeca-44d0-bb2e-53ac5d6b6ab6} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 1764 21d693d8b58 gpu
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.1.325231870\1699387083" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f24536ce-7d31-42ed-8568-67bcd0f69ecd} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 2120 21d5e372858 socket
    3⤵
    PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.2.252358814\1679799801" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6500ee3-db94-4ca1-9fe4-02b11f741a3d} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 2816 21d6d594558 tab
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.3.101766239\1048148274" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3544 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {071db9aa-5443-4343-b18d-a553d56cb056} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 3560 21d6cece858 tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.4.1320148294\1023581069" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3596 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e172fb-eaa8-4023-a340-a8dfda08423a} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 3720 21d6f4d8b58 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.5.1205965116\1171393176" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4864 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f75de9d2-85cd-4504-8a76-76c9b3f070b6} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 4872 21d6dbcd658 tab
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.6.1299787001\1081484714" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b1af683-6070-4c3c-bac4-a86d6cf25859} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 5004 21d6fa27b58 tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.7.272272379\1005599703" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e7565bf-ae93-4223-99ba-33c7bdcd2e2c} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 5196 21d6faf0458 tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.8.860355289\969265257" -childID 7 -isForBrowser -prefsHandle 5664 -prefMapHandle 5648 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c8f9ae4-db33-44e1-9ca4-628f29f2e7ec} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 5672 21d70e35758 tab
    3⤵
    PID:5848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.9.1910583277\2072956584" -childID 8 -isForBrowser -prefsHandle 5704 -prefMapHandle 5876 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb33141b-3a4f-4692-8adf-bd2a550df266} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 5664 21d71008758 tab
    3⤵
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.10.1613123924\2123097581" -childID 9 -isForBrowser -prefsHandle 2496 -prefMapHandle 4692 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5db7f869-71f4-4280-8f75-4f7c9adabd10} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 4468 21d5e361358 tab
    3⤵
    PID:6332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.11.753316287\1980216181" -childID 10 -isForBrowser -prefsHandle 4680 -prefMapHandle 5660 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab09602-0a9a-4935-9205-0fbd1a76aac6} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 5552 21d70e34558 tab
    3⤵
    PID:6756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.12.1339909413\2011732948" -childID 11 -isForBrowser -prefsHandle 3436 -prefMapHandle 4564 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e86876ba-0c91-49c1-981e-73ed3dee47d6} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 4408 21d6985bb58 tab
    3⤵
    PID:3612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.13.1731345492\1245737192" -childID 12 -isForBrowser -prefsHandle 6448 -prefMapHandle 6452 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecb896c-8f26-4091-ab02-330e6db19502} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 6536 21d70f2cd58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.14.1531983419\811901785" -parentBuildID 20221007134813 -prefsHandle 6772 -prefMapHandle 6768 -prefsLen 26864 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f242496-6058-41a2-b22a-e020441aeb98} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 6780 21d72e83258 rdd
    3⤵
    PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.15.239732349\313920176" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10728 -prefMapHandle 10732 -prefsLen 26864 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a3574d-0fb5-4051-ab59-4cb60e32bd59} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 10716 21d7311e858 utility
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.16.812533006\1553913387" -childID 13 -isForBrowser -prefsHandle 6380 -prefMapHandle 6400 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa91d62d-e150-4a1a-93a7-5d952c11fabe} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 6376 21d758e2e58 tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.17.1952403858\1322012851" -childID 14 -isForBrowser -prefsHandle 9752 -prefMapHandle 9756 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6fa06a0-39d8-40f2-b937-94dc7b8bb663} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 9704 21d758e2b58 tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.18.1035328187\1926653122" -childID 15 -isForBrowser -prefsHandle 6464 -prefMapHandle 5372 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6bacae1-f085-4320-9549-366d55e586f3} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 9892 21d757bb658 tab
    3⤵
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.19.55094678\1338926197" -childID 16 -isForBrowser -prefsHandle 9896 -prefMapHandle 2640 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2133323c-f387-4a5a-a777-ef10b14067a2} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 9704 21d757bb958 tab
    3⤵
    PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2864.20.2083642417\1057146481" -childID 17 -isForBrowser -prefsHandle 8928 -prefMapHandle 8924 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ecc044e-f2c6-4ee7-9cad-4054eec682a1} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 8908 21d76e08158 tab
    3⤵
    PID:6220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4332

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson).apk"
  2⤵
  PID:6300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson).apk"
    3⤵
    - Checks processor information in registry
    PID:6316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6944
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson)
  2⤵
  PID:6984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\20552

Filesize
8KB

MD5
60fb7d480763410fb78111c6c7a6bb87

SHA1
5b2678710b53986807ba98340f9897adc87fb93f

SHA256
3a563424c3315d1fa1102bc326a78b9f56eff8d3b3680099e24b8b7e2103aa0d

SHA512
e4e0be57261181f1df97a5269aec8836e743fddb725851ea62b04f527df80cc6459876d63a3c1416a7fb6bd4bbe041a66db86b12a8283ed5cb4434dc1e76232f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\22541

Filesize
8KB

MD5
47edd98e2a65a1c41f3a58647c571598

SHA1
303eaaeff40a7383aeea0bb51690cd2213ba2c20

SHA256
621040102ff9cc4f99e818154bddafe1d1a1f09e320d9c682747b762dc560c79

SHA512
1e5caa610996b27cbc9e437d9376c25faf07771a53fa6c69f5c57a5ffcf7da8d8b7e3b5ba3e49593a5c2b9a671b8d0aeec55ff97f2c051e2756bb74a5008db29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\23144

Filesize
7KB

MD5
569c351b8f3f57d30d7774c267388304

SHA1
e37834c8a4e4bf40c37190222d9d23f39dbdb67b

SHA256
88c5f3ca04e902cb067c2023ff0d48530ffd836868bb74066feec8defb4a745c

SHA512
f6209ec427912166755d92e8104229ef58cf939661f9477b4727a00bfa358b6b2aea38b6f6daa182769c54b81a629cd6ffe5a82e3cffda7aae40000bf84863fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\29857

Filesize
14KB

MD5
7e9eb7e0dfd5ecf071f6401defce2f30

SHA1
0377bd0cc75df623f520bbc2526a3c772e3c3093

SHA256
a729bf4ec2cd4c7b961c232c0e948569e064abe95a2312e8cf8eac0b346e8e22

SHA512
50729e721c7c740982b69e70a12d5671efe2a32fdb9ec8c2ebc790b0990c0b5fa4259abee71ef914901b44fea57e747720fca5b4034d9dd3fe558c30a109c6e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\2998

Filesize
8KB

MD5
efe2b29de55dc839517b93227b5dfb26

SHA1
30fba1521e37cef4d4688bb3c73a1669c7403878

SHA256
684205f5c28a480179a0d405e69df8f6528a9edeafce338ef3b19d28e6272b49

SHA512
675aa7bd7dbc7c59a75e7f2abecfaf2e18c605097fce302aa6033534034332eec7c696d15c3fecd92313e85ca191372ce522f53f73637ccf569dcaeacf9b7e60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\30223

Filesize
7KB

MD5
6f4cdf67953cd0067f671cf509858045

SHA1
d6459962c325c87179d0945275f0f7a8f5534492

SHA256
5ef7af8811e5a1c0b5f5121890ded08a769f1c5814b123791a950027b9343fba

SHA512
8f1b4091a750795a01bb18fd0be880ce77b72d8676d737314b634d0582c4bb34ce5292ffb6803fc181c64066adc752e23f14d12f4e0bc3ca5518d1e912b356da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\30994

Filesize
8KB

MD5
bf40c77a4d22840f35989f2f377f1bf6

SHA1
95b269254ed29cf2041ede4f967222b42c98d8e5

SHA256
d6b4e6593f5982684a57ebcbad4c9a55fb3f32221deccd7fc691549d747a6058

SHA512
3c958351320c588c50b8cf2454ad0de20395c12d062e06692fdd0308c79b6281ea538efb6185eed1eea619e2943187174645fa83e5d97b573e93c064dbe4c2c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\6781

Filesize
15KB

MD5
b281e5a259186d031377b75adffbfbf5

SHA1
75ef684f18b0a86dcddb2489f383c8d3f616a893

SHA256
bdf1a0a884210a234cc398a1f5267d2c61185a9ba04f77a1668c15a33fd42004

SHA512
63fb0510c136eab33b5bdc83a9f68813567fc0682715162c6aafeb6a01f3485a39b9ecf3e42fa6d4958c3b5b921c29c4b4b4463d404ed84bfe7728cbe95c0d11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0A9D57E44BE726901CFE1427BDF51CA295532500

Filesize
131KB

MD5
6a1b71a4c12027e897376276c1a283a2

SHA1
0964515341f31afacf3b5ef2eb3990ce0a592de4

SHA256
3afc73342de86ccb7934c85e892a3dd5dfd1a4fad6853485e6c68a804158ba3a

SHA512
80715fc117ee5dc8311b9efdd7a728f873ceabb93c4893b9b6319984c6cb6184751ae0711d1bc1c4c231bf0df1ae20a0153d90cceb8721b2726e36546c46b084

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\265758A57862C39DEDE111BA7971C6AEB77F3520

Filesize
72KB

MD5
5bc30d1a87babd164f788e4452522466

SHA1
bae46100fb5688048de9a8841ed180d8adb48eae

SHA256
b32ce1341ba796e9889340327b221acc4d8688ec8a392a7f9b196ffc4c1d7fe1

SHA512
2d9893384017d1cf2234eb492585dd11f2bcb127718f079a3d0d3185d7f9f82a7a3345826548c4108873c0595a84a83441859fc507235308dde5132569936334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\61901BF2FDAA0F33BCD8B51622062A97E0100192

Filesize
1.0MB

MD5
1c23f8f1a6e843f52ec544811c53dd8d

SHA1
f5528fcb8673ff05a2d5ae931487ec4d7e3b2ed9

SHA256
7a0023e154eb64194c90a11ef536c74d7e3b49139638c938f5f60732f9b5820b

SHA512
d50539c8fb729e63d987e5a274196e18c9042cde9305262e0723ec03d5fcf27b168b7fe9331e9759fd0a8b423dd1a2f11f2f314446baba09da50f1b99f6d466b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7F398FD6CA19212A43741AA5945B76AD7C573BD9

Filesize
139KB

MD5
d279ae33a77cda6791c418a7e6478bc6

SHA1
79a7041d133e5fcd157a3adbb0c5c4717341a583

SHA256
ddc6f1423d291d1448ccd6e6d55e49e9c40f66d2b7ca6d3bc21fa8e365b74303

SHA512
34aa11d5cb5b003e0b1abec6123b46fb840f73b8f1b97f6deaefdf02099e46b999dd50cae0fa3a50d6f0171f253290942ccc51fe2f9c2255e56f31449a4264bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\8D77139E2E308DDBD3ED6E671FE242255D7366C8

Filesize
21KB

MD5
27a2ab948ba416563ea9841ad3da605c

SHA1
b6e1a73fae17df5994b0b4e4b5136d5bbca8bd56

SHA256
3cad2d68c683657bc5965f85a4d4d0655c0e3235abdeaadb80278a404845f748

SHA512
3caf5e1aafcb67444e9a695e7805aec234d1936c8c96c12fb6b23d59107e7682c9d6d9d103946a7b0ea03db41457e21aa60922f47354c3cf98c89365dd8438de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\8F675CBBF96455106ECD56A08EFD5D086C257587

Filesize
204KB

MD5
b6a150ba187aba5091d40a22efa4e2f4

SHA1
f95074bd3f5fead6d511521da08b57981ad8eee8

SHA256
f0451a41cca84b7135eaf2e5efc64fd2b03f1d44374ef191b098a229990ece15

SHA512
962c7bb8e6896b9d95ab82784a4a17f5522b691bab8a7492eaeb1801b1c54e79cccf5a6122f748ed58362097db170756b379cc2b19590a8c907de260d6bc4265

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9CD83235EF45378CCCF5DE52A4F096B27C67EDD1

Filesize
250KB

MD5
7555c3137423a589805ed0fca024cdc8

SHA1
8ccc30c49bf12e4a4641586035636099e41cbf8f

SHA256
504b4385ea2294c0fafcd3b3e59b547d9cdd9f1ecbd623e05368b149bce1bd89

SHA512
b28ad9c9b47d825c0f7e608843629ddaf3cf3342ee352c0da8b9dba51285f5b207814e9a11be037484f5027120c5bdf7aa95d72601c1a5a6327ca185964461df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\AF679D5E6BB68F4EFDB88A9E0E35A11F12AE1316

Filesize
30KB

MD5
d99116901e9bbaa6a307ee4b9375308a

SHA1
1aad622aabf05ad8c7446db9e672811cd128194b

SHA256
5df0c56c3e39bc352b0e9533f3f8c68539ac4d0e27b157762af9aaf11540c00e

SHA512
3dcd6bc3ccff06142ba96c018888312c803f7358f9fe95a16914ab689ad65a95b9647fc221b4417cda1c66c9f4f8d09387f370238705c9bffdede33a6bbf94bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\E5B6B08CD82D19E3AFE06D208F9A7DDEB47D21F0

Filesize
524KB

MD5
75755dcf4786653950330311cf6ed622

SHA1
28744b6117f488a8e00aef1f8507d650e00fe5ee

SHA256
8366234ae528180b75585ebee1837c2f03a06d345f9903f4ef903817c6a69caa

SHA512
c0a84ebeda1ee815b38ae286c586299e4facd3f246ac552b7226b4a9d53dbc61582f11ed3e3d663dd162b2f50f18ea20756f2f7ffdc564849a671696234c3f17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F20EF22E722F53AA402304C7327E36B653BB6BD7

Filesize
102KB

MD5
a32ad288132c7fa82e1ca5c3ba234c3e

SHA1
a427d8dcdd639cc7786535cb8642100a587dc0b3

SHA256
7081c70a110ca7cc09a50c89077b670ab36723c20daa6c427056cb6da5f6f2e9

SHA512
2ffa54de24517a8165177f36986e409847e8568c6a0648435254a69c8da5e47c4dbe0f4cbc066800a56cb52c1272074b1c9cfdf5fed997be49c16900a39f5046

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\cb=gapi[1].js

Filesize
206KB

MD5
01aca6d674132913ecbc9db2b2d9ad03

SHA1
c9fb646739e2ed2e18869867e3fcdd9364ff046f

SHA256
f41d574aeffffe2094c610397398b37da40813e31cded45f92037c49295f4d15

SHA512
c96ab1a80f2db279ea53f8bedbd1b2feb17c3ac7ff29181235883d78b065fca21c59c832b04bb6c50fc6cd56287f5fb7977a1d9a2dfb5c7ac45443d86f56bbd0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\css[1].css

Filesize
800B

MD5
70c68652f820a1f9bb3545003bb8af67

SHA1
91e38bedbf9024f34b0a3fd5211b2d3608ac839e

SHA256
133f0fed047d2bbf088f16379d699d60665ea1d8792c588fcb2c0d1f6d2fde7f

SHA512
a07bfd5a0c553ea233255956bf99d0a0ed10d0255d64d215193c8c8782572c40b710769b42483e464a667ae2c4a0981a2cb25238d0e0bbebfcc4a39ddffbb5dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\m=_b,_tp[1].js

Filesize
186KB

MD5
a387bfe4373f8bafb7c3e1f7a32c10c2

SHA1
c1c2f8fa561b4c918d18e7f8e1fc0c5c461e09b7

SHA256
88fe11722dd06573277dc7b0e522f379fee49cc15ae17081dc214b24c96caa02

SHA512
07a3129dfdcac73103e03588750fb220a8f34198455b8d64889919fc4cb16e1c0c6cc78b06eaaff6c580ce513b16861017432e73c777c16973fb04bbbc3f8869

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CL4ZN3B\rs=AO0039tDxhvzbw2EwUQWsR3gko7YtJzYtQ[1].css

Filesize
2.3MB

MD5
d481e32e6a57bedcd1fe675a8642e21f

SHA1
9239eb0e6d67a20beb53641013e9f05cf5a24bdd

SHA256
5be98894bf7d355b23cf93bd4b2788d6376648712fe39f4911b8862b1e88db90

SHA512
f96bd0d8469a39cd780bedea1f7e7ce5c95b908961103f16e1965c4a306850ae9799c582fe578c56ecf534274fb212015695fac939607f7cbaccb90df00f4fd8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9FUJG84S\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9FUJG84S\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9FUJG84S\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9FUJG84S\m=MpJwZc,UUJqVe,sy7,s39S4,syo,pw70Gc[1].js

Filesize
6KB

MD5
4d3717cd54422f70cd4158b4c41c863e

SHA1
c2ac3db74c3b05fb0d4712843034715ae50f474b

SHA256
2dc80cb7643e9f0b559c00c6bd542bf400268aa39ac6cc67ce64440359ff97a2

SHA512
e3dc5a0015f6f871775a0c14aaaca143630f166c3eef55ae2a522b0275d52913ff25d841986f5aff54cf4553c62f6cbd3e270c1f4e6147510a0f00f356ff0545

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DES1E8D5\FOUGKLE5.js

Filesize
260KB

MD5
e50541c540d008740255d474f8dd4cd6

SHA1
c5d8c0a9c82178fbfdaad0c6054237843711046e

SHA256
3819295ac380707e99189875f92f85824f65d2545ab23721ff8f23a1189cc27e

SHA512
d6f88b50e2eb0e1947112e814e0ea2e6ce0903510ea1afb42ef80240b6a4d9b44d234b82e04795aab84624c2b4f2058bb60cff75360d3988e0441c3a74ed45f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DES1E8D5\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DES1E8D5\lazy.min[1].js

Filesize
117KB

MD5
34c50e202d526894778ec0b5f19109fc

SHA1
1dc0b8ec47bd933d0a6844f7001e2aac2f8b1af4

SHA256
5421cdc5a74b2355bd6cdc57f2a201bb91fd882a90c9354be6eebb4c9807f6d6

SHA512
294f4b7734a84e64a741623831cc91a141430fec44548818550c5d9100b48ffb5d5425e1bff65fa8b610a6070500d9e097adaec86acdf7929da598193880e84c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DES1E8D5\m=bm51tf[2].js

Filesize
1KB

MD5
1c3cc58d1238dbf021aa956365718fda

SHA1
4987b3754cb52820805b47118906fff2daae9a07

SHA256
9336d140abddeb7ac56d286e3f3ec08705e32d32cfd7954c30692d0de804ca3a

SHA512
d0fa1ea3519b25f9a496dbc815a9ba16ef0e145372d2e820596c57155bd8038dc8cc2db0897a29867c8e4067781991865e5146622f889ffe731e0a830c13f1eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DES1E8D5\m=v,wb[1].js

Filesize
1.8MB

MD5
08955c3e569ef60490363bafdf1d7adb

SHA1
b885bfda2ea71c83d5dcf7616f40a851600f15f1

SHA256
17eb5c7dba30a7c58d7162c3caae00aeb4c18a68f8155fcb981f773d1c311671

SHA512
a30bfc8fb9e86e7020aa4e37047e18db1761e6bc3f33f547bd87013838ff409aef2e86c022ad1222f0a7766b60ba3b4ddf8171abde6748f8bb3eba4519039034

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\cb=gapi[1].js

Filesize
122KB

MD5
7d41ce8af12a1020f76d0d4620a30b79

SHA1
913cdcd6daf53cecb2639d9a451c4f1f88071d9e

SHA256
2b4ae5731b6361fef2a0b2ea0d005ca674d5cfa837628dc8acf4140b2c8b3843

SHA512
f42cd6041d26407cb75ab57788a71aab626d3a94c50a2a4a04dcb6c89fb728695c44054c0dd79e3c2824bfa9188d6ca8e7a3cb71e6eef7f645f93839147ae0f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\m=RqjULd[2].js

Filesize
18KB

MD5
e95653e4fbc897499096fb0d822740e7

SHA1
851b7c1a447e1c0b20fb151744118c20109a1a5e

SHA256
6e907a0bdaa5a79461b71a7196261826f886dc179c39937f47da69b78479d396

SHA512
831095b46f1de2f05f7efc904fb7406a973b2094c24a3060481d0f00c97a3ede2b69d8b6ee9c05c49aec1e0de2b9ce5f73f31e5028abfb6b34c525c90b9a25bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\m=Wt6vjf,hhhU8,FCpbqb,WhJNk[1].js

Filesize
3KB

MD5
8177ed7559a049dc4833c130b10ce15e

SHA1
838c68c303c0282e5d9ea6fc0a21f44fc52a5446

SHA256
b662417f6cecb860d564b75c40c2026a9cba40c096109d56db480df3e6d5518e

SHA512
6fb7cc73438cd5b43720245a5763f84065295e599b6c9f9bcb8ce0a8045cf388e67cd3cfcb8f6243e4479965178bb84f39c1c30b9c80712f1288478a554b5cda

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\rs=AA2YrTtu68wU8rQSEu1zLoTY_BOBQXibAg[1].css

Filesize
3KB

MD5
48f5c818894433670d96c3583ee2aa3b

SHA1
49be98e9c4dadcfcdbec38084c07c81ecef7469a

SHA256
0044ba73ab1aca417121434dc303867366beead312f0bbe2a1a18d9c397e12b2

SHA512
18d2d44dbfd07292d4b0eb6a08dc4ab22e6b8efdc4dd17dc30c683c0913eac27e0db7afacdf50e545522fb2ad1468f06af96f3ce8ad09872711032adac038b37

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\rs=AA2YrTtz52bnQKD0_FuEioBge0VOKV8DNw[1].js

Filesize
227KB

MD5
780c670aa2efdc14e9e98bc130d4f7b6

SHA1
672d29a5d24e110713e075eb465a178005e361bb

SHA256
f1b89f7c47403558459fe7a8e1123cacd63863691c90654981a3ce27a6219c54

SHA512
29131bd3b780e0cd9b1aad7738c496823a154d31f4c7b1ad5bf468f203bf98c4382a0f37c1dc9e8ee3ef764d0568f173a06748ba90176657769b079c2d8cc4ef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJS3NZH0\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\XU0BOD7E\www.bing[1].xml

Filesize
1KB

MD5
29dd2913c4c7b50be89b8df2445e9b45

SHA1
97972f3e02c5f91fccf3ea747593aa91d949a48f

SHA256
be7f2bed5599fd3e6b723247fb39bb32cf1da4385d422f0f05a6f650cb9b8be2

SHA512
f14225e2002f352eb077bb5aa7e26c51b0de727af9f60884582942787dca2dc49d42b774ece1c0145683edf1037a242410c43f3f5acba4dbc20ae6073d0ec53a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z4LDA95A\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFFDEBF9B2C9C398A9.TMP

Filesize
16KB

MD5
3479900ff14086b6c630042e2c6e2913

SHA1
d4ad17906a50cc17abed26f7eb1311d4fd3a0c6a

SHA256
5e6ca9626b579d67377e7c06985c4ba2b02f13de4c848c645e5ac4002038830f

SHA512
b35e814079c9290da83b2eaf8ab1cdb129a0430315c63cdc4cbeed80a0de529b9f599d1b79ae0a263d65a51fd5732e637930da8b7d2e7f8381fc2ceed9a35517

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
33258b5be8e831de2ff862a40b4e83f3

SHA1
80d5e25ff735f0015e605292cac742f1a42da82f

SHA256
541efcd4d7f9a631e03aa31d96deecf49f0299db281970dfea56fb049e32e430

SHA512
07386e61a363b6cead1edcfcf0dc8ba9044358324cc4f2fabe37cbc089d47af458dc63a96ce5a0260de91bec0d145708ce14c060c371d008ba22017220fc23d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\363c3505-4fee-4935-a482-d3d90505b524

Filesize
10KB

MD5
fa99d759798da445f288713593a324e0

SHA1
dd1cae87c133f6ea0dc85e6d427a209d43fee8a6

SHA256
19646992132d9fcf24b6eaed34a13166b468b15ad51054b7688511c84fd4d078

SHA512
5cec80989e28842664425f7f8d5465c197a153eff46c22e4e791a424e17e1195e29c4978296f91327a818f0e2f7698acc4c25196a708c174b131f894936fcf89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\cafabdc5-7940-4f70-b306-04e467db3cd4

Filesize
746B

MD5
ce4eb9909b39dadc5c7870205ed8def7

SHA1
70ff89515515a7b62b499e51004e33709dca937b

SHA256
fc8619c4410b4769713a739d167705a9a4e859d8e77e3a11605e99518225f22f

SHA512
fd5d642308ad96eae3549b3364bf318f797c1e7b1b80b6c11c82c7c18d41e3f4112c5dd2ac964f6dfadbc6484f6d9aea1260a00eb0a0090b17b9f559bbfb0c95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
1375e29ff9b8c5381372b8f3b91bbbe2

SHA1
b77d1e34a1c03e205eac26563fd78b669ef428ea

SHA256
5656fb61f561df768d14cf181fadc6427d3ae8375ca4b8b3624ee113da8f471f

SHA512
5cab742454bfbb4dc229e08bcf9f995b6a912acd4222cefbf4cd23ff9f6bcddbd53b69e6a31374340a6c8995f24b41e5bc679dbc673efca8c536f35f674fa6bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
62148e1248170829e09084dbedc139d2

SHA1
65c6e1f2d8e1bce5bdd0e17be23b0b08f53077d9

SHA256
fb9233e697d8f89c159d91e3facb3736cf590d4365a9f1f939d65f54acb44e8a

SHA512
a4e0a17f3c7a0ec9bf2b6888ad3fdfb84a83019321f5e03f9fe3212ab6db8e5d2c3099056e3daa75a1440a114ccd6a64a3bf48dc99316bb0cfea5b10365115c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
c4b9593288515e62ca608731ebfea45b

SHA1
f2300538ddccb95ac547ce88bf37ba0d0bfccfc2

SHA256
489fcdf02836d0ed4c7bb2af14daedd4d655dc9d1cfa21273c051c2b2ae887a9

SHA512
3ec843556b70a213f6815653db1d261cd0ec1c51f997046bb86bd774d4897d4f1a779ee5fa1335ff35f0c0d6ee40d2ddecce4b119ced18242f03533258505199

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
ad37656e37f559663d9d51921cd6719a

SHA1
a57824b5976deab2d669fe9bc3723fb0323bd8b1

SHA256
734daaf8f689570b06e740a6455375776f9b8b72e33f6a43d0f97ad1c0e770e7

SHA512
5e841b1df4e1692f1f151f3dd8fef2db9139470544aa4385d8fcc76e35492ed27c26d5e18e511b849a088771f91104b3927b920f084593c167d29e23f8a88a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
3324690d0b24ae8843347000b4d47ee9

SHA1
1a24fc86f48b543578b80122eb6617c5b1548a1b

SHA256
25b6dff860d1e3074d3fef37056ed366d12838e74fd86688dd9e73ba7d9bb578

SHA512
fdbba3301d4c5bc9921d3a99beff7c3a66f8f520181510673e5c4a34e8a155221e5d02c517a8c55d7584de566f396b7cc5b7eb160b938b9d36e117088891a0b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2e7824e23400a75afa525f0211c8581d

SHA1
fcd30f1eb180308f4b7e1c7c9ca34b4218c1ab2e

SHA256
a5358d16856a3877b50df2622eedb643b3ea1534980368483dcbdf65b79cde19

SHA512
5941796d15f8268454d2af35e612266bdc5b96277b888a594e390079cbb7c697c4d2d29e099e69ce57d6c1e0c1ff9e12bfbc57cd5a7c190a027c7ac75d48768e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
07a0a6d613467a3bf5b60cc500f3e6c5

SHA1
d6310466d6530eb2314d0ed4a3472c11d35a1b56

SHA256
99d52cb514bacffe9e34582bfe45015c4daf6bb57bba233784e4c22d708b41da

SHA512
38dd75f24eef690b6f43d273453663a4bb58d7f93f7a66c75da58d70d951eec1b56ebfd458c6c3e023409ed17b9ce411c00b3896d637eed5be36b005ee894cae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
959b6df901c518aedd8546631c5f59c3

SHA1
15aa08d4ca04e76a708cdf6d503977df35277f8e

SHA256
910e80a693ac46b84e701cde7f4b9dda6b2be946c1c2cba360f2ac5bd4bff13f

SHA512
04ad665664409f118ddf3921fa082d7ea66fd3478f19137d217bd49051fe1eb6bbde0c8b7d877c4aeae6e421b1a124dd94ff0b62afe295e643a61b0d60226a93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
928efc578cde76b2b89cc438ddcd367d

SHA1
aba9c90bb90be78c7475c25eec15c0e548109498

SHA256
2e74071fc716ab82e8b7bf66a9e13896b93949bbf6354db13cdaf65896c1e882

SHA512
13b4b14e812384310ebb108dd7da45b4d9fd37cfd52c12907c9d7872351787860eab2e942394132ef553c96fd07aa4e8b4c9e7ff51ddf3dc0d98bca45bc1f9b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
1bae05887b7494e3e9a2ea75aa99956b

SHA1
a170e0b8c5b99908841184d7ec1aaf0b8b710206

SHA256
16101b5c2f94347e7119e20e37173f7e173773df4e1d782755b693763dcf81cd

SHA512
6ad555f1a9f5bd44b8217931dce1a25baa6659c70c7a9528d4a840b17f93d2db1afbd4f04137ad82d0c7c8059ee0e1d0f5fc29eadb0210ddf9be2a6c604f1c1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
ea27e3919848dcf3b79df050f89d5b5e

SHA1
d4082c0bfebd1c28f995569239ed0d892e9cf744

SHA256
2ae2eae01fbcc9bd78422a82501eb90beac78220bd3444bfdf89f93bf8b15071

SHA512
9c041ad7b87cff0bb14467d49066667f097ed80d8c022585d37a159851df500f8b9fc89c2f09c3bf69c32e195fd148269e125e34c752573a5dca2bc4ac9c4c09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
01dc1136cda163e238bb629a47873ea2

SHA1
bb1ca19706ec2decaaf6d123cd5cfc04389d9fbd

SHA256
50dbbda0a1c574017f66fa2c1a3e3ac59176f8388da6fbfff7c7a0d2fd8a5f32

SHA512
bddcd65a11f1019bd09fc1c1f83ed5c4afd62f60cda8eebe360fd28827e9df03d795c3cb36526b38a6a6ce5bbb2ac9a93d2a38ac7cd6068ce240fa88d5baa10a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b4e5977e57a92a063c8c6bffb922456e

SHA1
3ae5fdcdc6ffb10d24be81c74cf35aca630dcbd2

SHA256
6b8674d0cc6be01e18926937a1cb151a9a993adba9e67f761c3b3b8d258ddeb9

SHA512
d2199708795e600fcf94fb35fd3a0240b6291fd81ebe0430352fa70a1466424ece8ee5916146bd3c584bcd250b644f3c2ad4f5a33c8738e6a8388d60b266d2be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3018d1aad8385b734068dbad441e344e

SHA1
2a3925bc92ec843db64b6db2cd6fe18ccf084a86

SHA256
f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

SHA512
7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

Download Submit
C:\Users\Admin\Downloads\Vanced Manager_2.6.2 (Crimson).apk

Filesize
4.3MB

MD5
02a2ff9e69d85de4dad105213f620382

SHA1
690396a68222724daff6622715643cfa48ce5940

SHA256
c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9

SHA512
041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23

Download Submit
C:\Users\Admin\Downloads\Vanced Manager_2.gcvj73eV.6.2 (Crimson).apk.part

Filesize
4KB

MD5
fe893e7027d98463e12a4d7c659fabb2

SHA1
8e2177f0546f1b925cd7c3981b3427fa853f7e30

SHA256
5a160490283e40883bbf0698bedd362ba9a09a39e536067b159237bb01dc3cc2

SHA512
8115e5dc478d2ae2e07eebdbdbc35b57b925d39a64763d25e473c8f68f9350a82bcd3c2c1096234b98f6bbb582bb3b86bd608edb532c8df2fb84240713b9d8ad

Download Submit
memory/360-43-0x000002CF82F00000-0x000002CF83000000-memory.dmp

Filesize
1024KB

Download
memory/832-335-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-318-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-331-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-333-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-329-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-328-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-326-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-319-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-334-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-325-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-324-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-336-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-337-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-330-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-327-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-332-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-315-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-314-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-323-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-321-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-134-0x000002C254EC0000-0x000002C254EE0000-memory.dmp

Filesize
128KB

Download
memory/832-96-0x000002C24B940000-0x000002C24B960000-memory.dmp

Filesize
128KB

Download
memory/832-89-0x000002C2494C0000-0x000002C2494C2000-memory.dmp

Filesize
8KB

Download
memory/832-322-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-320-0x000002C2380F0000-0x000002C238100000-memory.dmp

Filesize
64KB

Download
memory/832-85-0x000002C249280000-0x000002C249282000-memory.dmp

Filesize
8KB

Download
memory/832-87-0x000002C2492A0000-0x000002C2492A2000-memory.dmp

Filesize
8KB

Download
memory/832-83-0x000002C248E60000-0x000002C248E80000-memory.dmp

Filesize
128KB

Download
memory/3196-0-0x000001A91AE20000-0x000001A91AE30000-memory.dmp

Filesize
64KB

Download
memory/3196-35-0x000001A9183E0000-0x000001A9183E2000-memory.dmp

Filesize
8KB

Download
memory/3196-16-0x000001A91AF20000-0x000001A91AF30000-memory.dmp

Filesize
64KB

Download