hxxps://drive[.]google[.]com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing

Analysis

max time kernel
478s
max time network
480s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-11-2024 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 9 IoCs

pid	Process
3788	7z2408-x64 (1).exe
4940	7zG.exe
5384	7zG.exe
5656	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
5932	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
1240	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
4932	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
2388	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
5828	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp

Loads dropped DLL 3 IoCs

pid	Process
3684	Process not Found
4940	7zG.exe
5384	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\_uninstaller\Fabfilter Total Bundle	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-1PAF0.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\_uninstaller\Fabfilter Total Bundle\is-EIHC7.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\_uninstaller\Fabfilter Total Bundle\is-G0EDI.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files (x86)\Common Files\VST3\FabFilter	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\_uninstaller\Fabfilter Total Bundle\is-C6I0K.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\_uninstaller\Fabfilter Total Bundle\unins000.dat	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-KEOBJ.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\FabFilter\is-EVG65.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-R21T5.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\FabFilter\is-MTP0O.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-21JTP.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\FabFilter\is-0F407.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-C7C99.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\97dabff5-7ad4-4004-85ee-7eeba306780b.tmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-M2GEK.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-6RF2J.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\_uninstaller\Fabfilter Total Bundle\is-CTAPT.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-H4N65.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-HC2QF.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-SJHTB.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-6V7VB.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\FabFilter\is-ANO07.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-D88EE.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\_uninstaller\Fabfilter Total Bundle\unins000.dat	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64 (1).exe
File created	C:\Program Files\_uninstaller\Fabfilter Total Bundle\is-OFBLR.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-UEVGQ.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files (x86)\Common Files\VST3\FabFilter	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-TH2FL.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64 (1).exe
File created	C:\Program Files (x86)\Common Files\VST3\FabFilter\is-KOJNL.tmp	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64 (1).exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 466898.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 215132.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
4852	msedge.exe
4852	msedge.exe
252	msedge.exe
252	msedge.exe
1868	identity_helper.exe
1868	identity_helper.exe
648	msedge.exe
648	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeRestorePrivilege	4940	7zG.exe
Token: 35	4940	7zG.exe
Token: SeSecurityPrivilege	4940	7zG.exe
Token: SeSecurityPrivilege	4940	7zG.exe
Token: SeRestorePrivilege	5384	7zG.exe
Token: 35	5384	7zG.exe
Token: SeSecurityPrivilege	5384	7zG.exe
Token: SeSecurityPrivilege	5384	7zG.exe
Token: SeDebugPrivilege	5692	firefox.exe
Token: SeDebugPrivilege	5692	firefox.exe
Token: SeDebugPrivilege	5692	firefox.exe
Token: SeDebugPrivilege	5692	firefox.exe
Token: SeDebugPrivilege	5692	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4940	7zG.exe
5384	7zG.exe
5932	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
4932	FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3788	7z2408-x64 (1).exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 420	4852	msedge.exe	81
PID 4852 wrote to memory of 420	4852	msedge.exe	81
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2688	4852	msedge.exe	82
PID 4852 wrote to memory of 2580	4852	msedge.exe	83
PID 4852 wrote to memory of 2580	4852	msedge.exe	83
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84
PID 4852 wrote to memory of 2416	4852	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x108,0x130,0x7ffc319846f8,0x7ffc31984708,0x7ffc31984718
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x11c,0x254,0x7ff7408f5460,0x7ff7408f5470,0x7ff7408f5480
    3⤵
    PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,18214798242505862546,1003319732721136108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:5396
- C:\Users\Admin\Downloads\7z2408-x64 (1).exe
  "C:\Users\Admin\Downloads\7z2408-x64 (1).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5620

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap22308:138:7zEvent24452
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4940

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap31891:138:7zEvent25463
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5384

C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
"C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5656
- C:\Users\Admin\AppData\Local\Temp\is-JG1E2.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-JG1E2.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp" /SL5="$40208,33648760,743936,C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5932

C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
"C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1240
- C:\Users\Admin\AppData\Local\Temp\is-77HDM.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-77HDM.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp" /SL5="$302DE,33648760,743936,C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:4932

C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe
"C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2388
- C:\Users\Admin\AppData\Local\Temp\is-29CLH.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-29CLH.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp" /SL5="$402D6,33648760,743936,C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5372
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {618bf633-1f82-4a24-b14a-29b7d734ae4e} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" gpu
    3⤵
    PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c315cd7-93dd-4a47-ad94-d29664ef867a} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" socket
    3⤵
    PID:3592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 3008 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f8ffdf4-d1c1-4baf-8cea-f1d5ffe6596e} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:2640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -childID 2 -isForBrowser -prefsHandle 4308 -prefMapHandle 4260 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46488d16-74ff-4e5b-a7d7-4aeaf92b8e83} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e20446b4-9cdf-46c6-b12b-da96443eafc1} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" utility
    3⤵
    - Checks processor information in registry
    PID:4260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5072 -childID 3 -isForBrowser -prefsHandle 4820 -prefMapHandle 4804 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7cc12bf-2d9d-49eb-ab73-d5780fe3de8c} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 4 -isForBrowser -prefsHandle 5264 -prefMapHandle 5272 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e23f6dc-f76b-4094-bb00-5d15559bb2ec} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d515f2-5105-42b9-b2c1-c7355369d5a2} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3484 -childID 6 -isForBrowser -prefsHandle 5796 -prefMapHandle 6020 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c146cb25-3549-4aea-87a7-be45c6aa2f0c} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6116 -childID 7 -isForBrowser -prefsHandle 6108 -prefMapHandle 6104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7f64198-4fca-4d1b-845d-43f39ef95101} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6400 -childID 8 -isForBrowser -prefsHandle 6464 -prefMapHandle 6460 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b409b1-9bf4-41b7-8de3-03139157fc63} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6820 -childID 9 -isForBrowser -prefsHandle 6764 -prefMapHandle 6760 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b0abea-d965-46d5-b106-f578c5a873d0} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7064 -parentBuildID 20240401114208 -prefsHandle 6764 -prefMapHandle 7048 -prefsLen 30533 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42811334-4826-4e48-85dc-ca25e8192685} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" rdd
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7200 -childID 10 -isForBrowser -prefsHandle 7188 -prefMapHandle 7192 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d479774-1455-48c2-9460-4dfa33cdb8be} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6940 -childID 11 -isForBrowser -prefsHandle 7408 -prefMapHandle 7348 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e75b84-6154-46b3-8719-3d4fb4042481} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7568 -childID 12 -isForBrowser -prefsHandle 7500 -prefMapHandle 7576 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77bd1d68-b6f0-4d49-a15d-737f0fc5476d} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7388 -childID 13 -isForBrowser -prefsHandle 7392 -prefMapHandle 7952 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cf11498-3e67-4694-858e-75482f507a2f} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -childID 14 -isForBrowser -prefsHandle 8036 -prefMapHandle 8040 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4470d77-529d-4cf9-8e10-bbd68c27f29c} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -childID 15 -isForBrowser -prefsHandle 6588 -prefMapHandle 3204 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1472cfe-b59c-4496-9aec-474fe68a195f} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8300 -childID 16 -isForBrowser -prefsHandle 8304 -prefMapHandle 8308 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95534a2c-eee4-4dba-9550-f545f4b25d27} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8504 -childID 17 -isForBrowser -prefsHandle 8512 -prefMapHandle 8520 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efc5d370-f60e-46c6-a1aa-cb1159ad3032} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8780 -childID 18 -isForBrowser -prefsHandle 8700 -prefMapHandle 8704 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef05d8d4-444b-41ac-91b0-72a84a663962} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8984 -childID 19 -isForBrowser -prefsHandle 8904 -prefMapHandle 8912 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f84681b1-eafc-4dd6-be76-46b3d72107d3} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9008 -childID 20 -isForBrowser -prefsHandle 9100 -prefMapHandle 9104 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b138f309-08ab-42ad-9800-9333fef9c5b9} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9244 -childID 21 -isForBrowser -prefsHandle 6564 -prefMapHandle 9268 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac158b06-c861-4cc4-b0e1-aebc1b66f573} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9480 -childID 22 -isForBrowser -prefsHandle 9208 -prefMapHandle 7580 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {becfa080-80d0-4f8e-8ddb-bf2091cf2cf6} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9684 -childID 23 -isForBrowser -prefsHandle 9664 -prefMapHandle 9668 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79365237-7180-4537-b50b-a609fa957d43} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7556 -childID 24 -isForBrowser -prefsHandle 7408 -prefMapHandle 7224 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f62108-50d3-4e4f-8040-d393f160fa04} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8304 -childID 25 -isForBrowser -prefsHandle 8528 -prefMapHandle 8516 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6a4869-5f0d-417c-9957-0fcaf1109683} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10348 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 10332 -prefMapHandle 8964 -prefsLen 30583 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2fe3cf2-e7d7-4835-8d4b-6034ae1d3bef} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" utility
    3⤵
    - Checks processor information in registry
    PID:6888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10488 -childID 26 -isForBrowser -prefsHandle 10504 -prefMapHandle 10500 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce85f994-68cc-4992-862f-b5c8598d7715} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:6892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1548 -childID 27 -isForBrowser -prefsHandle 7260 -prefMapHandle 3540 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {939f1f82-4556-46cf-8ccc-5b6926a74175} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -childID 28 -isForBrowser -prefsHandle 5468 -prefMapHandle 2912 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ada7b4b-9928-4bc1-8b64-9eda2ffddd60} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10668 -childID 29 -isForBrowser -prefsHandle 10328 -prefMapHandle 10316 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {905e7ba3-d34d-49bb-8a1b-12a69e09124c} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 30 -isForBrowser -prefsHandle 6196 -prefMapHandle 6208 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be2f9a37-1e7c-48c8-aa13-3d0a21d44de4} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7240 -childID 31 -isForBrowser -prefsHandle 1184 -prefMapHandle 5296 -prefsLen 28292 -prefMapSize 244658 -jsInitHandle 1092 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3aab096-a743-4b7b-847b-cff26f9ff58a} 5692 "\\.\pipe\gecko-crash-server-pipe.5692" tab
    3⤵
    PID:5600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Micro.vst3

Filesize
1.6MB

MD5
3870b6f51a762d4a46c82948c2773922

SHA1
76f06282741052cedf8ddc7cada87cb23a38135f

SHA256
ef443fefd55790d5ff8f98624a64e69eca810ef3ecdf6e074e2951574b51f725

SHA512
cb54d4e82d605a1f0a95bb1dac0f429588d796bd9079b051c5f580be2d849a1d362b05b953f236c6a475e15c49ff52cfbfc46379d269a66ad92f4c181968c627

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter One.vst3

Filesize
1.7MB

MD5
f760a0eeaff0c2b38c2db12af2f291e5

SHA1
6eb77e480274d9a18d2378220daa86fa718d70cd

SHA256
126d2c84812b423e0411fb1abc52f8515dba78a959f01273a456bf5e3bbce6d9

SHA512
88cd96e888c44044f975c44397f01452ad417d728d465b0790d804a12bc6f426e90de8273cb3b6a01d0645db1569e618df14f69fbecb7ea0f95609de3d370cd5

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-C 2.vst3

Filesize
2.4MB

MD5
4726a6a665b6b29f19436f09e923e5bd

SHA1
d9eff7756593c8b38525815acb7a54bc3fdf7d29

SHA256
434e061a5318571defb7e63e6873da128e12877ce6e39a325fc94bcc5bbc4fc1

SHA512
795093bd403b46fe69bf4a3acc77d90788d757d2d8fe4eb69590c3fee188b6edad451ec0a0ad316dd1be511f7a74eb5dd6af4f223dc391c632c9b53e8f5f9911

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-DS.vst3

Filesize
2.2MB

MD5
4b67627af275769e6435d5cbac136658

SHA1
a188e0710f9426e20ef4208f1fb21d4595cf474e

SHA256
be1c2f6c9d10c799d518e68152fad501573284ac2853df3ae08e484bcee04084

SHA512
bcd6ad7adb92c2a01ff86afc78a4ad0ab5cd8659efd7a9f1a4ef5f04760923e47c9b3efeb1cd309086e642cf5f45cc62d2e1467484937e063b2f249a25315c97

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-G.vst3

Filesize
2.5MB

MD5
f8560376a9dbcf3c7839766388600480

SHA1
e0c67ac748c0757930807575485d479945b1c9a5

SHA256
0eccb6403df711c7c0c0148b17c5c56dae3a914d98d4a64a44ec8a91382d9fa2

SHA512
29c04f829043e08d7883210c3f51a13b0938b975f1e16decf8bbd7634075e7160f5f436420b40dbd3e633bec6ea586b44c1aa06ad2dec4a5bbd99439ee932de3

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-L 2.vst3

Filesize
2.5MB

MD5
65459ec4cab14bd513848ec3271ad9d9

SHA1
dbadc4bcbb3f5b5b84146714b9594b8d613d7fa0

SHA256
ea349b7e4987d23141081eb798074a238678b4fb67e522df22df96ccde78dd27

SHA512
6d54843bb7b7b4eae932507ba7c365b31e90955e21767cce3491b2358a2e2235456d55aadbc2f29d424bdf633f189559347f6dcaf06b68b0198140357725e7ac

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-MB.vst3

Filesize
2.3MB

MD5
1b943cf10e806d454bfaa8da50036888

SHA1
5adaa6589b35f2d4b39355866b992f6db05f9cba

SHA256
4f0a2a69291c1c3d0805a5e542cf08ef8e7cba0d44a93077a9cf5ed70522a45f

SHA512
3edffb51e14fb01ac8d3ee3f5ba1c1286fb9b1064c60ac4f96dd0759d959f353713da00a230a3db8372baf764e61d7007a4c873a10ada73c40a14278382b891e

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-Q 3.vst3

Filesize
2.6MB

MD5
af3bdf4845c39fc9d2d08b88f979cd3b

SHA1
8cc6e0529e313c350b3869e597214c585608a550

SHA256
112dcb8925fec3ac0ade86e1518d686d2d6586e72a1ccd5773b1b319cbb50f8a

SHA512
5d367c61505d18f4303e8a0361efa00e4db7511830732f4ee8031e34abb812052eddf656531eb7d405321168a50f47a5924e3e88a83eff85a441e2e14c04ab90

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Pro-R 2.vst3

Filesize
3.3MB

MD5
6b087b8257f0922ccc1bc93d918aaf0b

SHA1
69444b9e396cc007aaf1c1974c6b82628101d338

SHA256
b870f3d476c51cb93c85e6ea3b372f29052052900961d5357c86bc3800782aac

SHA512
a4f68c4e914f991c956b027ae65dadffafb591578c2319b6fbc581ed363258564e6f04c4c7d51950262f51751e4a828631fc961cb8f321f06c085b9b524c20fb

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Saturn 2.vst3

Filesize
3.1MB

MD5
a7a97e018de904a2b6cc1bfa07928183

SHA1
ee821f54d88dcca0ace35f36702c2c4c2679e606

SHA256
c43829c4f3f34e8559d72fe1e341185854761d2053d9959426b5dfb9f42a3b01

SHA512
8cd44b3c30178b24ed7d454c943981c9e5508d32357ff4b8fe6857cbbc6ce03291abc4b56565300d75a244a270ba5baba824ada96474c2a53d9884d0be9f8515

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Simplon.vst3

Filesize
1.7MB

MD5
2ee913c675b448e0fac5cc0fd6726ce2

SHA1
1e235dcdeb1b0064bf37a96973794db2c08109aa

SHA256
c7926bd2279b8c5b75f3965d656760208564d6eea6709c74848b0cda9f56bc89

SHA512
6d3d353a7f21604d1c099c2e5b838711c5b861a74269c53d4e0782797554995b8ddcd0f5fe1972d6c470350ab1536125e00603217a3b4c8f4f53a7df53df809f

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Timeless 3.vst3

Filesize
3.4MB

MD5
fd8569be84ad47126cd0b4d855228d93

SHA1
9a728120057d3c6436cc3c76aa24e8ff4a7e44cc

SHA256
470ec578b81ca98311e2827a3b622f7e0a1d71ccfbdc4f677d97906e672eab82

SHA512
8c4d48dfec5f1252529c65d54b685b40a9ee68bef8d166360f7fd033c1d92c4aeacadcee6f490e5317731f7199bf771ab60db597887767bed07a85a01ee8ab02

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Twin 3.vst3

Filesize
4.2MB

MD5
df35133dce03314499d7ce1d7245b184

SHA1
f4b3508a91676d8cf62dbb109d672832ce7f8c83

SHA256
0252714ed48008e20d41824ccf2d9ded70d2489620639bb9a9a66628799328be

SHA512
fa5c3fd273b629312b8cf22d61e9db7ed4d874aa8ad11dbbf50c2bab33633ede80a20498cdc047f61130ce97a58304ec10f7a1b2d49893e3048cb8cb5bf67e63

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\FabFilter Volcano 3.vst3

Filesize
3.2MB

MD5
3afb1a48443092820617b25d10869287

SHA1
7b6c60710e96a81cba5dad8e92facd9e80fa7366

SHA256
e8bfc78663909b28dfbb0dc380c6980c9e20c1e45de1f11b94e82997fb3137fd

SHA512
f23fa39d091e36bc5dc66bf4d08e1cd3da2b8af019f89803c9b92a1002b748c5562da8c5a4919d51e2f3eedc517658d65ce555725aa42f2a9dc8d529148de4a4

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\PlugIn.ico

Filesize
22KB

MD5
e3d495b5f293e8e2f424999d79d8c244

SHA1
b1a997ccabb2f4ad77299a245e866c2982af9c87

SHA256
620b2446c613da1f6d3bd76920d3b4a27fae68ef37179258b0a73e35043fe2b2

SHA512
81dc883c22afa44843b589bfcf5515cbfe0b4fe3c5f1b2185673b84126644003b408906d319c678101774a17784388aedd952dbcaafcfdc5ed109fd6df84faf3

Download Submit
C:\Program Files (x86)\Common Files\VST3\FabFilter\desktop.ini

Filesize
48B

MD5
3fd9a457e4fb03c9dfc15b7c2ee46385

SHA1
7aecb0ff07a387eeda70b80efd260d9d71b52e0d

SHA256
0121b3869435f9c6ffcc154d6977b05b22695d83beb5ddd433d34226ecd5c7c5

SHA512
323228e47052ad7fd017ab19f0515456e31f0f022b079dbda45e735b8e1d601cc69476b84b6656d5645beba7aa919157c401346daada10b990824088fe3a9913

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
692KB

MD5
4159ff3f09b72e504e25a5f3c7ed3a5b

SHA1
b79ab2c83803e1d6da1dcd902f41e45d6cd26346

SHA256
0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101

SHA512
48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

Download Submit
C:\Program Files\_uninstaller\Fabfilter Total Bundle\unins000.dat

Filesize
8KB

MD5
a2c884cecb5ee5e028fb6bed3990526b

SHA1
5e80ad187460687101f38d0c9e0f125e0729f3e6

SHA256
804f8872525f7dd21f4b659c254d80cc508714c934df728f5e191ef8a6fb3a08

SHA512
9313cea4be0a1c551a7b8637680d72a2af20907863fc34663adcc210cc31494e1ab8c3497a42bf264af8fa58bb9ac887f392f789c1d0c1f0b38e512956a0a0c0

Download Submit
C:\Program Files\_uninstaller\Fabfilter Total Bundle\unins000.exe

Filesize
2.9MB

MD5
2640318b6a35d9e30ca7a6d679960533

SHA1
b589864bbead0ad6648fe90dc70b32aa42f06978

SHA256
58a22dc56c89377142de3f22e899780930234e38a1c714a2bb3eec90b91f6f65

SHA512
c91e4f5a33677b4e75725fd661a5ea5ed209f0757669b02ce88348d24b87c867342586b57d5fe7b43bfe02c8b9b2e1443bc7529073049a93d0d5dbe19161e6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d9c9a841c4d3c390d06a3cc8d508ae6

SHA1
052145bf6c75ab8d907fc83b33ef0af2173a313f

SHA256
915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

SHA512
8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e87625b4a77de67df5a963bf1f1b9f24

SHA1
727c79941debbd77b12d0a016164bae1dd3f127c

SHA256
07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

SHA512
000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e62789c0552e6a8ee16fe9a61f672f38

SHA1
2c1b982fba8315c274a28ccaf8cf35d4fa7efdb4

SHA256
abadf4768cbf75c1374a8393003407ff20e4a5db49ccc4febc6746f83a4d585a

SHA512
472e323a8802a14b54d757ca2d001518f69a58d127145d8d275382b07d71e72439e0d3c29cbaea1a546cd3c607346acc01ba74e9b7a3620bb04bab9039c15953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
907934017bbb7da2e9261e0a6d9d8d1d

SHA1
c3dd199de84ffb40edad19d24171e2286cb63f8b

SHA256
3c9717dba7c4dc398b99c79f94bbb064c30db828cf1abcc3cf9f1ca50f36d1bd

SHA512
a096d92af15073588c9ceaef1c8c4c60e89368ce5714af10af66ec202de4bf9a531a6d68ab83a25f87b1e2b61f2ec2b68847e9742cbdde456ac352178aa8128a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ca5dee60d0bd5ab97dd7ff70b5765d2b

SHA1
60b033215fdcd85e89949a6ae091d392065e8357

SHA256
6ad7f746ba766ea62dd85af7e0e7880a196f19129022b9aa6abb0cab49de80f7

SHA512
91cc92ec799d1389acbffbc66a46e3c6378db0728a1269b29e71c17fcd6ea997547906f9f44b8804e881f6184b6f17c81d642858ee40d215ee3ba6b778946967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c68a4baed07ce40dd3feabb65aafcd67

SHA1
25357676ed7e225f5a750e2acb0add478d94760c

SHA256
b2952143d1ed10bb119cbbf1c3016e33c7c976eb1f8aa6dd00a18c19bdf83fd6

SHA512
c784ccd541ff48099c1d02a978c30691d38abbbb65fe23ad60ade855b220ac6bbc3d4989fdc0036673925fb02ecaedae158178dcf3030a1bfbc528f2e61f5447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d890663b58c9ae7dd931d342e83e5a3c

SHA1
8dc9d967d138ec8a63245b3884defb330f3df893

SHA256
069122d834255beca09de82ae288fbaad29d7c27a86e569f580a214b9b4a9ba6

SHA512
4edeb8747c8c64e4c4d3987e38f7e01a7af29a36cc606bf21e4c5ac8e1fe8319a631646ff2591435769ff99646e4fce4aa585c1f0ec6cd57f536701a027cd5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7d17b04648ed53ab6103b6d31ada39a

SHA1
d9e3d09b3bbff5dd00e2750209cac6c3c6677166

SHA256
fe6c868242834ddd5623a5180f7292028357e58b65d4b666d1a68cbd810cbe61

SHA512
3aedcce1407d081617391438fa4b65114558678c707d8db10c795ae0f99b357a9568c31f0fe001af626a7a30e069c9781ddbbd2d9f4e75920a2bc17d3790c082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
935c0fe46615eb53a22c555316673c10

SHA1
04a51c829ab557205f34de551f4cda39b75435cb

SHA256
7c76a6eba03840fea708402f0129e6082422d6777c6ac3e8da261f6056ae028b

SHA512
a46b0492e5598676e011da1072cb39359096e7f74e42b7b343e90d05f7e85c043800234a3c32a56271479f3b06c4b544ebc6e95facf52c31febaaf2d4592bd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21a6b49174259319e18643c253f2cf25

SHA1
7dc9bf8057d5c303bb20c4de28418c1515d6106d

SHA256
1f8ea3008415418698aab3aa3694e2b474a47c3619ad8e31a58c95ee4f1c773e

SHA512
80f08c8a7437b2fe8e60d802671233dd7eea842eba52941d92df802ad44cbbaec096f7161cec5fecb632d2f82fe0144abcdba1aa7a8ee0bdafe26ab6dcd4e9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
016003ddd291498221616e2994ca5937

SHA1
d79f96c0809f3e33c6ef6b7dae0c60f42083fc0c

SHA256
9620e3fad71b677ea78dbda0b9e44cbfbf8168653e4e8fcdb1a53f77566ae51e

SHA512
3b98f059299e220d829e70751742e07d0e93867f233f3a42d47178c1fb3d4989aeb14c212ccdd8d2a45c5df4e45c00abf86805f2979bd46d8b42519c49e0f34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
137094a3453899bc0bc86df52edd9186

SHA1
66bc2c2b45b63826bb233156bab8ce31c593ba99

SHA256
72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

SHA512
f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
364592d2cc18adf665987584bf528cba

SHA1
d1225b2b8ee4038b0c42229833acc543deeab0f6

SHA256
bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

SHA512
0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8315603636582a0615ca6b7649143bf

SHA1
8b756351223453c0a26fa21ceb5c9161105a5403

SHA256
79e6b70a3e80ea831d5231aed8604437a737b7fce533f7c4c1b737268279f3fe

SHA512
9822c4bf85fa4b281e844cbbe7492fceb8fe9ce10b83e95d7cc39a177dfc59be88c832edb94edc15cc27ed28cb00553ce2db61acc7b56b92cb00725f60250eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59af4cac33cf836dfebad92b988849b0

SHA1
d0037276622a22a1a994bbfcae2455e1234ecf01

SHA256
979927aba681559bd86303b8d451dd24dce930e255f9e0ab407fd94422da67d5

SHA512
527e0c36d3ac3b9322eb811f3076a574853471ea1153c388c16ad1718de192742b7566117a107b34baeaf92541a87dc2499d5bfa8d09d25b60bb28c128e9c4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
774d4111fc9ffd3a3020e883453f0007

SHA1
e14297c08df93c8f04e691d42a4c490d609d5f3a

SHA256
ddbb042e5a235b8899444683b5987006186f7d9e457157f482f53ac5ab3bb03f

SHA512
9692a9cd11e78a09cefbaadbdecd0b5ca38ae3d8c8b4170dc005638e8dbac41324bf988950ae8d67b85ce361b3c04c103348bbe29b38efa776fceb487bc5a905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5819fb.TMP

Filesize
1KB

MD5
935f0923961b17955ce42d5dc55d89e3

SHA1
7bcbff69a30f7bac0cc79aa5b0e19816b81b222b

SHA256
4675691782038bbd7dc84a2488f7e6296680fff35be795923c9f7977c8a27e1c

SHA512
583a38c90fdc28eb3cfbfdf22c9ed2fcfe01b7a75549391a6a5fff55c20087b2696aaf7b2801664c8b3db76305e6177f38d4ea6d8af41e2ced86e25111e533d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a8ce99181b99012e117a502caefb0d44

SHA1
321bdd0d3ba9d0d4216db50568d8e062cef2ac13

SHA256
7d770ccfebdae208342af39bf1c24f8f6b8582bc7666ff0446f81e34e1d9d9c3

SHA512
80a321952308c21f5aa0b0de78ba9fca2e0a63a8812a73b5a730e2a23a3198dfc4b3998956167b8e45937c89798848182a4042575fe2cb90b70456423fc3d5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd09d878985ee3fe718a93828c3de83e

SHA1
4bfa0186b3df47e4587ebf4fff99a93e77cb3967

SHA256
96021c44521dce72f29438bb8e98a6050aeb54c6bf3d46d98c758f1a6efa4489

SHA512
8ed95751d8914d0e9d13a9cd79b7898ac02edc6b1df00511af2ab135d46865f70490e957ae0a4432253504635329e131f01799017e53365204e3af85bf9422dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4b93281957403b28625b23ffcbefd121

SHA1
63f35aca5dfde162bf615ac3799e1ef016f4ccc0

SHA256
442a2dc19bbc413c35712ae1c018eb80d584096b06d230ecfbd6dd6279f2e3f1

SHA512
59ece52207ed9ce2a67ab5d9a4eae8c4dea0c588633ad29f4457eede11185658144cfbecf236190b1cdb2ce223c288c13775ba9c15747250ee8c8fb47d4db317

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
27058ceace58f26503cb2f1d8f35a8a2

SHA1
9e679fdbb52be3d0d0509a942108c172eedf2aee

SHA256
c5f3992f1ca352749b95e4f847693bdd216b913c6798447f66e64cd7b019d1f3

SHA512
210fe83dbd05e417f196cc2a002ea962aef55938d60a50ef632259531320961163978c07b41fc8394ed980854afd444844fff342905a5f94760825b6f770a79b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\3C844FA76C167FE368E575F4A97038FD3BF26C57

Filesize
104KB

MD5
a2e33c030f1e81ff50ccec8c1329e072

SHA1
51cc7be04ac40719b799d3d7a414f3a63000dd08

SHA256
d1c37f42bddc676797c7a04845aaeb91c924adb59287d26978ba75d17bf76331

SHA512
94b812a4133d0348977113fd31193daed52907302cb9e8d14589243d15461b965e5752ceb76b33dc015eb7f222a3fd09d36d935fb5aed794999f13de3d03aaa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\83A80AE80EFA4F372E9B745562D9DC597A810F17

Filesize
1.0MB

MD5
552e90092853e310412378cb9a1a868b

SHA1
45dafc719be6198f8eb5f1ea7a80a9932769590b

SHA256
63f2fd8224b99cb8cc6cffc7b0031ecb4f9002e174e9001f2b536eaceefccc68

SHA512
e9d9159611a3f2ebde166bcc6eca4153d71981700786c0311df343553fe8e8949fe5e78ad73ddfd7ee8ea7e552452ab90f3d7a22fc58e60f3c0ed42a0a417a60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\890C80FA0A471A1B5620C022DE780AB525830277

Filesize
534KB

MD5
44b09daaeffc6b1fa35541ac711b46f0

SHA1
bb1e71a0ca0c8d9f40ce9a8c91ffdf4c1c77a27c

SHA256
32e9ce2395eaccecb4c2bed365652f3ef3472e206c3e50a6882849a6d0af25db

SHA512
7eb60f7545adda90a38852c64a2442503ece892160a885c61bf4e6e45abfec012210022bcb6100a02316a1e0cc20ae9bc30d55c23797b6c8ab80628ecdb5525a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\BA461C72F2186FAFF563B4DA161A216C6F0DAF16

Filesize
44KB

MD5
f360f59c2ddd94ec4d8aa559c420bb1e

SHA1
0d4fa7e503b775be4a020b20f7c82b13085fd222

SHA256
d9bc5e729f376ae838a7282dc3221492f125a0ae42ce443d4f9f0a0ed8d7fd9e

SHA512
7da8467c96179a75aec09a0bb626774d9b6b3eec9cb00777d0ccf9ef1645a01b4b68732a505b8b23b2991b0269c1a6a52750c035c68ffb8d766a3c2b8fd5f6be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\FD5C83B0560A7BE10E1FC8E11B6AF6D05619F323

Filesize
255KB

MD5
d19b75c411d9b322f9fae8f02b01e59c

SHA1
e21de86f2d1ba7238a054cf28ed7a6529fdbf08d

SHA256
3230215ec7335ed63391773f2ae45f94bc10edc467a8e238c074721a2b3cc070

SHA512
ccad9f0332dfb98a39c9a841424e5b8650464e5f8e5b5f580d7314b71b696c8bb82cddafbea21a1e64415acbf3e9045ff8d32dbf856cfb91b25cfce8746f8f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JG1E2.tmp\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.tmp

Filesize
2.9MB

MD5
61f123752ed4b5f496a7d42f3fc48f3c

SHA1
e8a80463e5e990d8bcfae02fa15e087fe6a066a0

SHA256
30c57f0703379ffd35d5a463a9fbd59205431f405140dfe7e09109a9f6d89131

SHA512
844914a6d99f5df38591a7869bb7999d094dba527ce1c65a5fd23920bc5faf7794a44de0639bcdea8b02076029e7e83508ad32d6b2f4367ccfcd891f08ce9935

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2f6b22731bbd875048fd4fadb21583c9

SHA1
d663a38a3448647d2cc3050996bfacac8207a5b1

SHA256
30c8fc36a739904a944cab8556ee3934806bb3765c9e52b6a7b3919559d80b86

SHA512
c83cbb9fee1826354aab365551f9d9a4d54aadf744ca9fd44ff2cee6adf4f78c2bb149d1df1ef35befa0ca2c03957b633a08f977abea241a2827d7f2d1012424

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5aab8bab042b1a8c99f5237c6d5d88be

SHA1
c5b3b8770c0d0624c3d9c5b201bf0c3b426b09e4

SHA256
12ee6a4e561d56c7060107f8f522681862cedbfe99004ce18b69ec6e91dab503

SHA512
0f196eb939bd89726dc464bacd0b900865982c8688eea474eb2bc495861892c56c3fb39d80d6ad1a48f1b4ad6892ecc5f5b50aa613b4a77bd7b18130404a8164

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
71eae8e898d0c70c97925d4a4fd0a6ae

SHA1
731cc013c4ef68595a046a9f327dccec7f2d67f2

SHA256
e660e61ae77e499e59005dd53a1931f36f60a9847d83b3bc79014ea7aea2f5b4

SHA512
55b70cdb461ba4195d6e9fddc6f859ce6b11a6a95c3028ccf8200db8c9e73c8a28e71193a453da94b0747cc04d551f1015760d3fc767215f2902f1a3b8d7ca05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

Filesize
8KB

MD5
5d673f0ad0768d1b9e0561616f446344

SHA1
32583ff2eb46087e5bf8d9f7c14a5f094ef5f8aa

SHA256
b9d8216253d834af8d0cd47d5ed828ed04da4f870e8d2b344c294cb85cc46e9d

SHA512
6d3bc18db89eafb4883c2e8b3adf80ed38aec243e834ea8813bb10f04861128e4f5d4902bb344167ace9f788572300522ed15fc91afbfa4437b166cf20ce2113

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
75191313a58e24ca2d1abd92899028be

SHA1
0d51870925c84dffe0fbb7cb5517f8fc3f6197b3

SHA256
2ab2d8d7b61dcea3fdf9c6dd887b26b7a2ce916abeb5ac18b7aa2a9148c46acb

SHA512
3223b60a649661e96f12dafed6c06e3a3a69be898ac2310ab9f1eb861813430fedb962815271f684eaa3891fc71bf31c312e239381bdbc9a010ebed957606982

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
aa217c5fc01d94d1b721865b9ec391b1

SHA1
37781690d9e1310acc7444085d0f758e41e88588

SHA256
8590a8b2297969212a49c842cb749534b46ad9253e3f076260b245243d71f42e

SHA512
95ae4b6f9d9d2403295c796afa0f706e13b49f449cb715df6008629bc2d5d009dc68d7e9bf8ec6a7fbd42bf572d77ff76e48b266fce2661797f08440a6180ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b22ecd0bfbdaf6fbab0b2446608ba4fe

SHA1
41c878879c88dad4736fb415cc7424858f52ea3c

SHA256
60a7e2fa66ac64210d3676117089b0704c910f3187ed8ebd020eea5accedc960

SHA512
06f3fe469b5a03696af6d1184fc1fd6cb589a2ceaca375a0230b6903899207a9d20dec90c1a2dd27400f9f7c15ff8c6b530a6c90904f6762ebff4e2743f66dd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
65KB

MD5
8bd5a7c63b955e4fe584c8c5a110cb19

SHA1
c01774741907aba756cb6493f49647dc7e095eb1

SHA256
a06f10913b1785beac61661a0b1c4106b141d37b88d57314ba5841b45beb2976

SHA512
965b8c0921b245101ed21f5a7b361c48177118c8166ac3e5602db91e8c9a60b9e32766800ea07ec5080c7f616585717082f18efff1c87a2d48b8290701111e3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\3a927280-500a-418a-ae51-08a97eec2578

Filesize
671B

MD5
38622e1e51707a1d43b96bc87a92489a

SHA1
33cd8828a31a3b65f2120fabf1f250f068707f66

SHA256
4694e74017a7b7091ab45e75acff7c5e0a6397261c5af0fdfb73268a2c07375a

SHA512
e4b30ce54d130bdf47152e47f82562ae99e8de579567560a2efd7bbdaedac639d00bd86aaae66a9edc8ae5941d77eb3ca9c8608f7afb82320f10a81f3f608d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\779e021a-84e8-4feb-82eb-1e0cff6d2d66

Filesize
25KB

MD5
c1487b5f430d677c47cf217b7d2e4c38

SHA1
069c081003a1e3c4c64288baca6226b83381e0e8

SHA256
2229acacc2b214dc85ed798b4810aa46ac0b19168461ac3623eb154905036e31

SHA512
7493d4f7914397449792984f18baee4fb7757d8d4a5374892c9d5e09aa8eba953853eb8c0eab86b0a013c65dd6a2dee6361613f1b53086a889c4025b39158b92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\a2ee9e60-89b0-4595-b791-deffa6fa9fdd

Filesize
982B

MD5
4af0502228a89fc8c6c3d746a12b66a6

SHA1
6a25939cc538236bc8d36438f8bde3784bfcc94b

SHA256
30b74fcb55454fe8432b8534ca30ecde04d4da37797efdeaebcd200bd50ce73f

SHA512
0dd5510bc70507522da7a23735b58daaece0860bba94be5ae55d55ea12b50cfa0c6d96d57f127422fdb99a8f86ff613892d7596b2fde91827bebdf796dc2fdd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
10KB

MD5
c217055493d05d2234e6f35e8f98443c

SHA1
b4815b0319de7ba9af07ca2ff24c20ef762f53a4

SHA256
954e465b3803c5ee5b55a9b3e375956bd53835cf924e5fb59a6aef1b91869a17

SHA512
81767780754ef45dcec8c63957b1fbdb51342b93b2ddffeabb6c9b56d20c9aa116ef47e49ebc9fde8640ecbc30e8cea0a885b546d55df1bb8e53a423da173fc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
11KB

MD5
f0348aef0bfd5cffe79e5522f737203c

SHA1
36943252d9aed9a1ec25341dcf493d010a37de29

SHA256
e3e21b5ec6fd2fcd1c94ba93b0c898639386ffe1acea7459718cdac638cb5b0e

SHA512
7798d58513176436a8ba28c6aca232cd4466521e3bd46f43e9437d8cef342e41976168108c9b7e8c5dded3f7a3476d76e8917025e99540f88b870abe5df77f1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
fbeb2c5a5c3cb9335cc377b8869d5e77

SHA1
c30932f7db2960a29436fc54229811de9cbebfe0

SHA256
ee20c7c99152a7bb1b3aba9cc6508f5cf2913943438820de5a8facff10092519

SHA512
d897752ad8ad80e62e3a4fce9c06b56b87c5c9289afc6e025bb896fafb17f1b1d6a7f9d9de8227730aa7d1ca9eabbb852cd8fdb6b85df164baa6e72ce19336cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
6556274535567242e815485090735663

SHA1
cf364fe60c4f10cd9bc816b7219cd6db1eaef951

SHA256
cd354f34fc4d7266d8fab94fc30acce8d0f7e1cddbb849d8c1d18ff977658afb

SHA512
f2a02e1e53fb56b6ad1e1bb7ee1870b6345bcc4bdc461af9e67ada80febf7cd2fdc696e3281b98e5237c91a78c62f44deecb9555cf649c5a66fd04cd801ab4c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
f17ee9cd4e11794a45c088e64c2874ae

SHA1
21efda3ba401aa87e8780e30aba08a7f921854b6

SHA256
c179f357d3e55c6eb1c848a95773f366a6f71578fd0e16a688d20e23e9a408dc

SHA512
e90ec492664671f5d39411461564e6d573aee1e282869ddd56d6a6447cdbf89011e8d0806a6fe37d6dc4aee387a8c46a339791d2325e9b242724ba4b2621897d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f5c1d397367cc423f5f44060831b09a3

SHA1
9b9bdcc821d4ab091d54e11645c3061a54965821

SHA256
99d64c667596091deaa29e35d7e89f47ccffa93495c6df1be7801ed7e8f09461

SHA512
faa732c92c7f696d8053eb8ee5a01ba5e7ea7bbdac568e24918939cd5e6f179bb53566aed7e4ba1336f43be75bafaeb507cbed28c55734196438bffd1cecfeab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
5cab03df0f5a29b9769b815dc8d05917

SHA1
1e7d1dd1eb6623d7915b63d464360bd02f089d6e

SHA256
c4090e453aab2df68d65a4dcbadbab4ca1947a8600d04582a91758a586cf5665

SHA512
eda18d7da3c98c29dc8997ac05324d927347e289fc218cfd7605482f5dbcda8b714774f8abbf6e36c5a683d72a67d373316caaf74ed9b31511baafce950df5ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
9ce1c4f0d4c0c97f3d550eb7b05d0ceb

SHA1
294cde5229ea793a33bb789b649b672cea0afd62

SHA256
7cc916218f2bcf1590d159f6720bf96ee570e8eeb952a098c95ddcb18822f497

SHA512
b5c1f0f422eddd778c59e438da8352300108a4be1027713a0036777232b7a3a68cf76289a6c0302f24948b9d92b45527fc9170c4659134e31e13cc4349e95e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
bdbb76305f639a8ec980518cff774585

SHA1
00295329bb93ee5349acaf29c1673cccd965cacd

SHA256
8575536ccd5c4399490e1d44c39ea8d994b220eb2ff9e14ccaec93a9b3d0caba

SHA512
3d4e6038a8e0c5a3e3798446730d84b02987b6aad0f6694b2a2a2d90a1ccdf63a8a3d025004225337ad969fd5da5ea64263944aae2832902687036e7e697592f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
693141f8b95672150182236cbe6e502a

SHA1
be93da1c3fdf6a820c1afe1d186790bd6131efb9

SHA256
01ef8b800b55288412ffbf8dd7198688a0d298df6c327674087a30b3d77fe289

SHA512
f4e9236625067563487162681b121234fb0eb7bf822efaf9fb1c248bb8abf53364f786c574114f4e54cb7546cb5af9096da97b8132d4a8b9fa00fc41179ef7a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\126\{276c8f08-a3ec-4bcc-93fe-66c86b1f517e}.final

Filesize
914B

MD5
42be2d91dc1832eaf1260fa229a36e5e

SHA1
8a9705fbc8e6b1d239e4830b985b446e8ba82824

SHA256
586ec9b20c107b3bc831af9a3999e6b040b13c0c140ac10dcbb150fe7e724c11

SHA512
ac5ba80bf723afc86efb632959236de0563bfc5425bdec4cc0039e38aa8c50848159577b1d7229da82d726cd93d069dd12e47c41378ecd5e51cbca2808b4e808

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\150\{6bc3ac71-1459-456e-8dd1-f6c658539696}.final

Filesize
766B

MD5
13bb7cafbb20a6fa9f4bc3ad8c6f445f

SHA1
6213a897213cc032762e499bfd0fce811c455e05

SHA256
424b5bcbd11ddb43282b3d0041b1664d12992994116ce6e473a8679e18043874

SHA512
b6c8715b80b32816fa1512a0ce86f8a4583d54f75a118e2b17f07a757a7012601b77a4ea3e0cc33fbede46d12780376a0616aabb71330973005c89507acf4da0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\163\{764a16d5-d0ab-4085-b4f5-98b0cbcf1ea3}.final

Filesize
463B

MD5
7004f20cae1adb3acfd6a2e66a249d67

SHA1
74f91d638a7a974894bb0502d62638f56b2e57b9

SHA256
8f503fb7cf36105221e29684674f9da176ae85019b82e889e70ca3f181803af8

SHA512
1b10acea9bc2ab27bc9644410439136b56af3a307b7b5f1335039b54603a78b4261685b14fee86b4572a0067c5b13218f0c6eeec9febdaf6c349db31447d9bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\170\{c2813357-3ebb-4096-8844-c93ac2f11faa}.final

Filesize
31KB

MD5
4bfe8e77bd1310f663096697db87ae6a

SHA1
46b2e8c8ae0d646535a4dea56070913cf354ef2f

SHA256
85dd75f0fdea3b8a116f833fd7a44f24844fbbcddb01f444d445e3461d46ba88

SHA512
3bdbd35512cf5fbf1856a3ba21fe2dbea03ea36480ff5c6efc35eaad703319daf271ff4c81198a1796e7f96f2a058a9c7d79187f88322b6a9ccb2557f5e212af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\201\{d3b924ab-8003-4440-b3da-e6bcdf8894c9}.final

Filesize
496B

MD5
a60533e1a43b07c7b6b5d026896fa7d4

SHA1
a9eff8cfba426a21a39f4fc2f1078bb6e41a915c

SHA256
c2be993a36460471113c9c1c60b146f08591b34a033e62cde1f4a97eff18c639

SHA512
66fa58027edc3f8b371d80e8a4cea629bb81837c6437e756266418f900e897e052cef7eca4ea8ed87b71c79695c427914c8a3ce99226eecb24da435fe4078279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\229\{f9b5e4e1-e619-458a-80d3-de53a6cd5be5}.final

Filesize
428B

MD5
bd0fb6c22ff19f80048e77c6eef33bf3

SHA1
bd9c8294f218dd922054d89698d189d377a9df3b

SHA256
54e87ae167f0372aab65ac65d6c69328bfc5e8ff440b3855852323b9e83d8b93

SHA512
c35d77cbe3b5408b6c68d782e0f78bdce1c4b801bff7156f67a1589e8573a8da9582f8c20351c105595d3d46a116c72e9acb2bbf8ab805c33120ab6d0ba95ad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\236\{8b020733-b28b-4515-b95e-8a58f4ae72ec}.final

Filesize
337B

MD5
b46bb855075541f60eea8ad442f517b9

SHA1
ca4373bc0e8aed3b7b02ed851aa72ff40680b0eb

SHA256
a97b85742818490272f85519dbe775243b9c2fd83c0fdf7d9577ff1a8b6721ae

SHA512
8f788d7d00f20881c3066cc1ddfffc82abcdc0702ca004b0614a67ef935ea3ce7a74a87a2882203d86a273a69cb7b2cca8bfad7b0a0b6f546d75a3c8b274d7b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\250\{45096227-949a-4827-bc31-39438a87f7fa}.final

Filesize
231B

MD5
6de7aa303cf9221ae762ea40bdd4c2a3

SHA1
4d78038733358dadfc4d99a4e06547fef2480c12

SHA256
fa7935dbd66301c7c780ae92563943fdbdb04ee0b1a1641f30c008bfdb174f85

SHA512
468a77dfcbf8ee2257b1dbf8246977de7405631fc821579cb1c30b68e2f19bd8eac77ba4a2c3900e64e16cb10253781caa0346b972b547d495295563662ecfd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\253\{947d83b3-fc01-4a62-a515-25c278be55fd}.final

Filesize
889B

MD5
a7da4cb90c13baf8d8e9eb051ccea9e0

SHA1
6120025c6820a5a74ff71966e521bbfa66c8f5dd

SHA256
8b362cb4f00aac3423dc90d28871105d2436600b0ff8ad8309ff9296a826e692

SHA512
962f166a9658623a4dae5fc2d52b0c40472a3648b37d62629c96150fef28fa4f02ebdd7ea62529da9715d054f2f1f6eac9194bb0b501c2500595c2287cf8d8ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\35\{71f3dbd7-36f6-4f06-b7d3-452276635023}.final

Filesize
1KB

MD5
1ca3cf57769dcc70bc5b5bec5f472f2d

SHA1
dcad2370499395ff807e5f2bbfab69d7255b0099

SHA256
82f8ccbabf81006933f2b4a212dc45521bf512ae513ffa04140a776753f52be4

SHA512
6d016cfe9586dc6926c6d93b704949b6e12bb9ecf1b09da83e085cfc4661577b718376fb8771bbf5c5df4c75aca0fc8df55f7314e45efd33e6b95e5e00a9ca2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\default\https+++send.vis.ee\cache\morgue\46\{93643edc-f805-4918-9599-303cefd8352e}.final

Filesize
1KB

MD5
405b669e8079d96f7bcc412bc1c2e9b8

SHA1
708cbb4f6beee3f4d5f0d371b081c5c251601fdb

SHA256
19c8781adef7b3758fc70b15072ad164095d8b7bc6f30de8e5919283b83d140f

SHA512
4dfbda91b86fe59b77bbfe1ae4d193b6677d1d6c9bd25f691da0c05b60c25d1d0d2aceee347c3324afff7e7071f2810f74742752407fbc04a0cf247c359815ba

Download Submit
C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD.rar

Filesize
32.7MB

MD5
196402b1a22cbf412870d3dfa93f7f88

SHA1
7078241622eba22736d20d4e935222c1878a4f88

SHA256
d634fa713cd01106a8d417519881671c3232dc2e02e942298cd9610bb1617c5c

SHA512
2cdb222874a61b205ff774b48e4ee8879229270a34aa0f1120dcd04e850eddf209bad7308da17d47bf24fd8012ba65267c52c6bcddaeb363e87f8b29ca273f10

Download Submit
C:\Users\Admin\Desktop\FabFilter Total Bundle 2024.5.30 WIN-TCD\FabFilter.Total.Bundle.2024.5.30-TeamCubeadooby.exe

Filesize
33.1MB

MD5
3b98aaf495a4fe74781f5f319c705acb

SHA1
b951c5cc0906c9575de5ee7b0677c5b993a2320b

SHA256
38aaa2a63c2bbc8338c08cc05bf1d47efe1065fa72a214e2310ce217fbe5691c

SHA512
ee00471e20181592e9408b1fc76461860449fd322c7fd72f5f9f506e29d8396442df9216b781576e7d7a0ec77e52f228b4f868809ee509ef4f0e4fa3b7ffd521

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 466898.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
memory/1240-956-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1240-962-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1240-1047-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2388-1144-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2388-1053-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2388-1048-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/4932-1046-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/4932-963-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/4932-1038-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/4932-965-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/4932-967-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5656-897-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/5656-954-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/5656-891-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/5828-1054-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5828-1056-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5828-1141-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5828-1143-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5932-953-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5932-902-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/5932-898-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download