Analysis Overview
Threat Level: Known bad
The file https://github.com/fdh54h54h54hg/57547547g/releases/download/Download/Setup7.0.zip was found to be: Known bad.
Malicious Activity Summary
Meduza Stealer payload
Meduza family
Meduza
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Accesses Microsoft Outlook profiles
Checks installed software on the system
Looks up external IP address via web service
Suspicious use of SetThreadContext
Enumerates physical storage devices
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of FindShellTrayWindow
NTFS ADS
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
outlook_win_path
Runs ping.exe
Checks SCSI registry key(s)
outlook_office_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 00:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 00:19
Reported
2024-11-10 00:29
Platform
win11-20241007-en
Max time kernel
450s
Max time network
452s
Command Line
Signatures
Meduza
Meduza Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Meduza family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4672 set thread context of 1248 | N/A | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe |
Browser Information Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe:a.dll | C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe:a.dll | C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Setup7.0.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe:a.dll | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/fdh54h54h54hg/57547547g/releases/download/Download/Setup7.0.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffd0c4e3cb8,0x7ffd0c4e3cc8,0x7ffd0c4e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,10692409567817706519,7372715098055604372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe"
C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c4e3cb8,0x7ffd0c4e3cc8,0x7ffd0c4e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,557319325673593348,15952351933285770240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe"
C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_Setup7.0.zip\setup7.0.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1888 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed623da2-41b3-4206-a3d5-f8efbe1f8182} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e2c83d-1f57-49e2-8000-9d3acafbf173} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3284 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4a897b-1845-4292-9da0-7290720bf87f} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 2972 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a1c1f5-83c2-440e-a872-ed9354bc08a4} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4792 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bf27721-c9fd-404c-ac1b-39acc545bd9c} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 3 -isForBrowser -prefsHandle 5552 -prefMapHandle 5540 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60be8803-b76a-4398-ab61-2bb92b924bf1} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5680 -prefMapHandle 5676 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fccb6c77-1197-4674-a95a-4cb14c5f9780} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5972 -childID 5 -isForBrowser -prefsHandle 5892 -prefMapHandle 5896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {056425ae-0e75-4522-9b18-f99a003e312b} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" tab
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\System32\PhotoScreensaver.scr
"C:\Windows\System32\PhotoScreensaver.scr" /S
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 109.107.181.162:15666 | tcp | |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 104.86.110.128:443 | tcp | |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| US | 52.168.117.170:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 104.86.110.128:443 | tcp | |
| US | 52.168.117.170:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 152.199.19.161:443 | fp-vp-nocache.azureedge.net | tcp |
| US | 13.107.246.254:443 | t-ring-s.msedge.net | tcp |
| FR | 152.199.21.118:443 | static-ecst.licdn.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| N/A | 127.0.0.1:50113 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50120 | tcp | |
| US | 13.107.244.2:443 | c7d84f23b7efbd821ebe69a5201636ec.nrb.footprintdns.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| DE | 23.55.161.185:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | tcp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fc959921446fa3ab5813f75ca4d0235 |
| SHA1 | 0aeef3ba7ba2aa1f725fca09432d384b06995e2a |
| SHA256 | 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c |
| SHA512 | 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06 |
\??\pipe\LOCAL\crashpad_4660_HCOWRRMFKHWQHSSE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e9a2c784e6d797d91d4b8612e14d51bd |
| SHA1 | 25e2b07c396ee82e4404af09424f747fc05f04c2 |
| SHA256 | 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6 |
| SHA512 | fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f12eabb-417c-4d3a-aaf9-845b545c4527.tmp
| MD5 | 8d749685c1483c28064aa32921b0c7b3 |
| SHA1 | 350d5927c9296b6e77b88f895fabe752d937c4cd |
| SHA256 | cf6c0cfc99d46c60cb9da5bfc5aba057bca88aeec729b6ee85135101dcc51e78 |
| SHA512 | 8d921cc643482d2bd4b9742cf2cc4c6819e37aa8faea8f1ec689fd2922969b4dfa3421f7103211cf91307d850fc5185be067f79daa1fae60e8374fdb2af667fd |
C:\Users\Admin\Downloads\Setup7.0.zip
| MD5 | caf07843d0eec5fd5d9b131256361752 |
| SHA1 | 1ce0acf5f2b521752440ce6d1c108a365a1dca50 |
| SHA256 | abdc12b4bb4b9a7309bc067be6b097a4e11b0dccbf19494edb971b510303c923 |
| SHA512 | b72e81797f4d3264b12675e2d35c56d76ec9110c3814776068d23a51c5de20ed3bd0dd414fb3f0564633b408dc040eaf8407c5e319df7014c9249e5fbaea2839 |
C:\Users\Admin\Downloads\Setup7.0.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64913dfe143c1590a0b51844a1b46edf |
| SHA1 | 0c0f3d36d0bf62eb601f01f7567aac63ea4d8b6a |
| SHA256 | ebbaa9982b2bfa0b6cd1a51353c36f8b1a79f566d2ef9d3ae8a8c20ea6f59f81 |
| SHA512 | c45cafcbcaf78bce97cc23556d24849ebb87f9663f646e8ea2bfb9e459fefa69be24e1264839c6e636fd752adef373d499857b23164025bdbfccdcf8780141c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97707de59413b67d358ce6124f084981 |
| SHA1 | 1aaefd14d10f3ee8db6a413583ec8b2810ca60f2 |
| SHA256 | cac3b4ae3dd9eda86fb42101a9273200d140c469597e8b98ec5720dc3c9d6fe2 |
| SHA512 | 9d93441bd8b894fba3b6de00b0bfaa0434dc294d8ef06a1d3d73fc5a0e699602daf25b7c68c251e9827fdb3d69e4f416bc54be4469d9650450070d49cc07da2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe:a.dll
| MD5 | d9a74092beacfbf63708895c03774dce |
| SHA1 | 44b28f038e8aabd1718b904ebc58a91b7f8be103 |
| SHA256 | 6abbad8087891836e562bdf0420ce019471b649574caf68a938e300e9c546793 |
| SHA512 | 4dec51a48b700ec4585bef9edd6d329dca1b562eae7e0609dd05462b4810f457e94fbefcd25e2853f27f36c4b8707676f34075cfe1ce2f00830d23a4a3a32f2e |
memory/4672-81-0x00007FFCF4F80000-0x00007FFCF50E4000-memory.dmp
C:\Users\Admin\Downloads\Setup7.0\setup7.0.exe
| MD5 | 2c685fc5572fee6107d76c17fa873a45 |
| SHA1 | 05436164ce59ab80e0bcae7aa779b2426866446e |
| SHA256 | f585f729ebcdaf7a70e16690398cca0036d1dd4c398b4044004e7ab0ccc6bf56 |
| SHA512 | 6bd9fbf04c75c0a6a07846233e5cb31f7f8373f3bd2fc62f70f27c34d37d640d80647ca980530ba99d77586a954c73899a257e1dc2e422279a0c46f69e2107e3 |
memory/4672-79-0x00007FF6F7F80000-0x00007FF6F8135000-memory.dmp
memory/1248-78-0x0000000140000000-0x000000014013B000-memory.dmp
memory/1248-82-0x0000000140000000-0x000000014013B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 87eec674841778ae1f9a9a9a0e3d325e |
| SHA1 | 8c4f69c3534b68877c7aaa9256423d96fdab4eb0 |
| SHA256 | f880e90fd5dc1597fc11fe769893efea33553ea50ad0e4561f91a8c1c57b4f82 |
| SHA512 | cb6c673515c446a4750e614aaa6521419d44097ef6eb99c5a795c2620b2bbc45eda508f47f5ae1280e39a09a87552debc77845e53cd31523047b44200c28256b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | f9d98245b7704b6db79372510f862445 |
| SHA1 | 34548a7121b92c47f2ba94e169b9fde84f187d07 |
| SHA256 | caca3c0871b5feef7ae7d887b92daa166c8b847135a57441ba13fb4c3bb8701c |
| SHA512 | ac09a315593adacc68cb4e531c33ea42bfa77de6ed71ee37b089402bea627858dc92c06311925137bab743686cf4814bc27d295c937c5830ef40c4dc5b08936f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ad57edab8848c1660e997935099e4c4 |
| SHA1 | d49f31836bb15e60ced44f26b9cf6192599d8c16 |
| SHA256 | 412c5b8987a98c3a09a0f0dfbe1418ba7853161d94d47d0035dfcefbde1b632a |
| SHA512 | e61e11da4e4ef616ba93e121651ea0ec6ff9621fdabfbbaa58fc080fc1ceadb056ec1859dfab74844eb2a75c0b6e47d49d8a5d6dd264718bc2692e54c5a2e606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6ae83763a803cacca988ace17e7556c |
| SHA1 | abb40f6a7253c019a18d55f01d5a3497fef1b70d |
| SHA256 | 690ea5c4c56da05a1699e97c77bd0c4272ff154649be3f71ec6d3fbb834d05d4 |
| SHA512 | 35958fe5a59204d79f451fd0d56ab66c7ffbc48a45a96cc176c70b46d6c7e0b8c5a3ab39a96c09d59c3e89009f498f65d6b3a46cc677a1c9b9813dc98d6710fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2cfd0f7d2b3b8732d33615b902ca4ef8 |
| SHA1 | 469d914c0ff86ef345a06525f2f3472e9ca2ca90 |
| SHA256 | c7267cfcb5a8108e9931b3b6dbc915955a1cef3e36b530e196fa6d914d27d5ad |
| SHA512 | dd5ecac788d4754645d767564714e34d250eb5646ad812d539941fa1afe60d3b56f0ba1c2f36b459d5ee9a22947881e7c8a6e5159d6caee4d0fba7fda4d5e6e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5cd008cf465804d0e6f39a8d81f9a2d |
| SHA1 | 6b2907356472ed4a719e5675cc08969f30adc855 |
| SHA256 | fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d |
| SHA512 | dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\675911d6-1bec-4c0b-bff4-a67eb77e1049.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 214a65e61b2c17b34b4702192b071661 |
| SHA1 | 1d38f3f0af5cd18e24624fd2e542b808f2619e24 |
| SHA256 | 67c4b2ccc4fba6862c945cada5af01b4c3535f7b17cb128fe1cbe52805a3d0fd |
| SHA512 | 5762b3718f8154c1fd5439c0cc83a3398dcc15226231124ff8a2c9c6f3ea8d85fbbe8f2644a9720119992bd1079416031bc85aa5d7007481b9ea642bb75334db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 3ab2ded9706ce9cdde7b55fc0c7d1498 |
| SHA1 | cb547d9ed449b6c06ed2de53813df1fa035b320c |
| SHA256 | d438a3077145e97e1e98d710cb74d96afe94b2770c434b60a9fcd0a24451d519 |
| SHA512 | 0d72e7faeb0933fb24051a2aff668043fa4b8bea7c5d29c7ac4862246e31c9579573f5c137a58530dda38eba830e118c33ecfaec5f53ea95933fb213d0b87f59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375671599330997
| MD5 | e3ebc9ed015fd8bc0846279c2d95bc60 |
| SHA1 | 9785a10f7bb7569f6932a887e689d848f9a299d9 |
| SHA256 | 1962f08d7a40f1bb0e813f88f2a01a7f23b34552c97fc3c10eb8f84f9580fb44 |
| SHA512 | 6e5380a3e037884d8dbd4764cfa3e32b4fa71a7db68f7bc8ec8de29b145873fc2db27d3aa594669a0c5889b354bd629e5373f300df3c70a1d0b22bff80b6dc13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cac9b3fa8d9bc24e9a49faee780235fa |
| SHA1 | a6253ef0b8c96f9bc03330bd390eaa2d7d7d657a |
| SHA256 | d1a8af3ee4e683e42d858cd465de28f15886ee6ca8baabf47f07f653ae27d8d8 |
| SHA512 | f3b9c4f08d7387801d1635235c2494a41e1517c218721b2371266c8051f03c9ee4177ed40be22ec8d7a21c9304b96907bcabf7e88e80ab88c8de1719844f2c13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 12333ba63fc93e515fc1f3a97631f6c2 |
| SHA1 | 3036ca3e8200a5b432325214a69327ac54ca93c4 |
| SHA256 | a84db03bf4126b852c3aeb05f23630c97158dfaa59f308f99b93dba7ed6dd07d |
| SHA512 | 1b1357e79ab2659e4ab9aecc050d02ff7eb10b7eb5e722382ab899135460da4137e0cc53990ae675f2bf3e2819c959cbc770f41dd829e00bcaa7c5b762df634d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 39bfcf3cfbc436d4881e027bd2c0f59c |
| SHA1 | 4431c3ed87c8410f5008e0baebf09d6576316c9c |
| SHA256 | 9ee69650ea015f234db03f2f9929c78c9e4885a911ea219c6c46b1e20d5f658c |
| SHA512 | c580a78dbbc172402ece17ed49bdab4ff3deabfa7120300d1a25a0dbfadb73a4352d0b4edcabaceaf0d5287f263f98fdad7de493dfd3dd7523a5c76f93607457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 98eec8765c8cbeef71e36e03df0837b4 |
| SHA1 | aca33d741af9784f8c2eeff7991c737d185b499f |
| SHA256 | f5aa3d299e04ae30c3dddce0e76ad612b5e6f64859ff89d2099b9b5595998914 |
| SHA512 | 0d2766f391c718be5928181f29de3ff8d86f54bf2e7f0a29eed6618c80a554d752675b003350608f105cc16ecd332d56910071c49b0d1c0b55fb020bc74a3d82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 508fd62750250d4e159ab6fae75c084a |
| SHA1 | 7b50b204d1d9a93c28c29eba11cb64a14c77cb2b |
| SHA256 | f942b3304241aacac9c3674b32c0c022cd5fa27957d8f5548fcfe900fd700b19 |
| SHA512 | 82289e39db69312145bfbef3c63c53fa49566e6aa0507fcdbd269a026ce364880c314ceb7da31d2ae84b495b84749ca547a112b2eb803d5082e403c4433cef8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | dc43dab014461ba8b730cb81289d0139 |
| SHA1 | ab0f6f3c026cede19392a661cc6c382683297e37 |
| SHA256 | b57198504616dd36e71ad1496ce6139d3f6e46cde40a83f3321dcf43faebadd7 |
| SHA512 | f9bc9b4aec30ce6d4336f40f835530708132ff3b1254a5b9d7d5532c479a06a58489fcdea93a6d4ff06e6af8fdf59bf0f581c533b4cc0568e37bf59235dd993e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f975c99adbf062d4f5200abb97fc2ce |
| SHA1 | 5c7837508700b634953959109b4f98c0c11c621d |
| SHA256 | 65c853aa4f96f16d8e62a10a13d9212c71bad718d17d8a45618102fe08993f2c |
| SHA512 | c9b3dc274cc61ede4f167394563bf4e757862edde1706d267d0e70a7587c0e229486025085684ac1abdf3aff6ddec752a7b3504c0704eb763ed16b90317e7c41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | d3532fa3341920c3a5b428ce11d15961 |
| SHA1 | ea6bf4f71331c01d59c2ae6c50a43f52d4f053bd |
| SHA256 | 51a9c7e5ee54d3af7ed068891688d9429afbcaafbfef753d314e539ed2546d4a |
| SHA512 | 3dac39932780b9bb811703ffbba768c526ced59ca9fa23fbb762f9204b6c9f26c11ad1d6f52286598aca701b6e3f33162fbaaa6cae704556a60316ce6d1eaf29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 5d2014829d83e495a54d0a6501107134 |
| SHA1 | cf8a1508e67a6358b5cbed7e9f7e34a32645334c |
| SHA256 | 1773ef819323f396c94e104559ad6e0a4ad95a69a5b4fa429f3bdf4603cdf86c |
| SHA512 | 02b7c081b7710ecdce8921eebfa58e4b33dee7994fbf6d9af5bb7ae187c34bbdcf28f2ce8114b74948cfc519e93f74d5b2f6db6a08212b47240344f5e5ed193b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 04c236c58dcd6b131851f621bd9633ca |
| SHA1 | 9043efb5bae8fcca88d046816d32b0c908eb3f79 |
| SHA256 | fb24a157dbcc77a8b9589fc17d9549f7dcb329696f30039d9333ac6a93675742 |
| SHA512 | 13d7b7df2d0c86b37a153e89f0eab61c789429d96efa1898a610503abab61110e3e1b3944b36b9893c8835d6ea0ab13f061affbba162e905eb2ad9e0d712a9a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 753a4726b3bc0fc442f1dbf11676b86b |
| SHA1 | 7ad5be9047e80a874f2fb0ba383eb390e1197b23 |
| SHA256 | 2dd3c16e432a841a09bf2e6ee716bc3d56877b7faf75a63e0c9947db11efbf74 |
| SHA512 | a541bfd0e8700dd53166c650cfa05edf02c2e2f054dfbfcf36d74c2e8c0efd3abf0711e93f66dc8031a3a8e3facaa3701177b12ef61f10d49d33e4a627addf89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f042123e93b8f3b479df73f861fa5fe3 |
| SHA1 | 711d2ea41e0638254e4068ab18ef1f6d8e782251 |
| SHA256 | 7660adcaac2d009e9f14fd4928a46359bdcedc3217a48bec3195155823fe5ac4 |
| SHA512 | cf6249e6d9332472b7367711674d5c9898c12381d2bcd7407cc4be66bee79f7dfb92831b0d45d4a7abad79ed53f5403d4aaf3834ffb4b723f0c281cfe221bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 3aa77506c28437a47c7612681a7f7f02 |
| SHA1 | b33f88a0e7a2e062182b25a4bad05ae5804a665e |
| SHA256 | a286fc309be38ec0e9238e4ec06d88fbd491aa86de92d511240a07e6c0133fc6 |
| SHA512 | f34c21574cdc02d627690290a942ee4ee837006dabf1300b6b5b2e44e9e2fe2fe2cb64f8cd9c43a5e1db5cbde78543aea70aba5524c989b6653bf8bf862d9738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 030006fcab3b5716cd8935313122abc7 |
| SHA1 | eda5dd5bc1412ac8e3e623e5a947a91476ec312a |
| SHA256 | ab853d45d585a27e689406d6cbad8bf885276173cfd51504fa55987f27e5319f |
| SHA512 | 8cccaef82b6b374b63da33c80e49846a045ca87eb1cd4e71e0279c46957d663f204c38abe145ff6682d16d13bd870873d9942243cb5ef6dfc4da2d3128abf41f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 074f947f79be1746aa1d72ed8a28cd34 |
| SHA1 | ff6f60089882d2af91e6158b5b315b9cd4a1f862 |
| SHA256 | 9e2b6c727d1a745b481d49a5e039934d191f539ff4c83dcac43a82a9933a68db |
| SHA512 | 3f731e139d50215b348619f361c336dba75780e8feaf5d9734dfcae47fc126bdd2325e8d58bdf4a802baf825c2f74c3ae1bd101ddae123ca7c64863843e34500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57e879dda93533d4a7dad0a5a95238c6 |
| SHA1 | fbd8772d5d5850248417f52a35a4f0baee8fdc6a |
| SHA256 | 61515c6e54786fb6de6d4d0dfa5022c1b79231e4327e26e95af41ba70854cca1 |
| SHA512 | f1bc98edd140a7aa36b45b3e5cc2a55455dabf6d84330d3652f76d6956396f6ace2c547eff523bf34c2c65008518f5038ab7e4885319c0bc92ec83ba41211d89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375671599143997
| MD5 | 60cc0820eadb3a9bd6aaddb328237304 |
| SHA1 | b40d3080f80326c065c547d12f873f2f201fb8aa |
| SHA256 | bd1267ef7e994ae3ccc5c5f3ae3383a5673cdf2be96771b12637271fca2a658c |
| SHA512 | 4fe8a54a38a67c013b6577680f9b1d273831c62ec8e42dd905ac6e793bed20806636c012960b7b96ca29e9cc282df27f61dca7ed6992e227c8da0396a0b6cdff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b81a95122ac8eac0563b94fc05c99fdd |
| SHA1 | e6b1c014fd6e40f212d6fe5b06f80dc688918b9a |
| SHA256 | f6cda6cf25442bae85171d9c464547c6c6255e7228b2002b01fd6b9d56f37518 |
| SHA512 | fdf31a01083889498f2715ddc686b1d3fc688cf52ff9baef05fb54b125ee26fa40d8ed7a6ebc02c547c2cb22a3ed01560c83247a87061dc38b4537bef17aad06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f85a5fdb843b291b9c05bb96bb4ee9d |
| SHA1 | 8c2d231ba12d37df8c2081aabcc7d0b17d0fc720 |
| SHA256 | ee4c88cd36afc7244fb25a854218147bdb7ebd5e5defe4984fd704339c5aa3b5 |
| SHA512 | 0e2afb716d38ed4c9f6231fa95ea6f4dce72de7ff7f5088e9b17cad7421522d00fc89ed3126a3cd0acab9609d09d268c3be7c829a6522f198560058ca03a598e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0af7920878b30234eb1642e14b1c9a84 |
| SHA1 | d55b8de170cf293fc523d2ccc4f68fd2d26dca92 |
| SHA256 | 9e14dd09f4467b0e79416dbf16de1e3dcd352d4a2447f5a7f3f1aa105aa9eaa5 |
| SHA512 | 006b38fd84a13854593f3af6f5369f87a2cc6793bfe1fe2d84db6971377adfa8cc536cbaa8bcd863a45001d29f89f2bdd05198fd37f30d7ed4158384572bf1e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 0883108856685f5d483772ed4d84c777 |
| SHA1 | 0c4a32cb64a4d9056d86d5f0aa6fac700403e819 |
| SHA256 | 55712f76c9eed948e53fe46d2960101dabf9cd2edca0fd17c3c8de4fda92d410 |
| SHA512 | 93e3703f3a7e9209c1e60b7795931a94dc76c3a87244c49e1d50f0df0f52bc0f9aebfe1239fbfd19b9836e418ca5face45dd7ed2d1e1b759099c6787a28400c1 |
memory/424-333-0x00007FF7228F0000-0x00007FF722AA5000-memory.dmp
memory/3860-334-0x00007FF7228F0000-0x00007FF722AA5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\7bf75386-b09a-4461-b9de-5bd86f34fe82
| MD5 | 46c65acfdeb5e5f5e34c589a0761db39 |
| SHA1 | 469df2ab1d311f4d26b339e6fc91d1b19ab6cf43 |
| SHA256 | ab27639e3f748d2cc749a07b2844e4310e7ecaf620bb4dee6c6e8fcd089f6153 |
| SHA512 | 27673a63a2142e60be71b41e69a4979f324d468a3ebc90e582aa3a7b7bf833c6ee634398deda11c7f8785de131da21ea2f65a1da31f5574a02f07a44e042a537 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\f29bf608-b641-47c3-8768-0396ffe115be
| MD5 | e5a4f2e9889bccb530de72cdfb18caaf |
| SHA1 | e45732eedbc6cdcfbff93a5882c3b2861adfe3e6 |
| SHA256 | 073bea954e1c0dcadea3d425a6dfb0d791f9fef57eacc9988e7625254f4d086d |
| SHA512 | c253f4edc9b66b14c94e01e9965eac7f8650a07f2ff9c665fb095222995bdf939a1eceab83c070ec1aa0e9a9e7aa6e1264f90ccee6ae8ed99ae4a26f1c426c02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 778a950580fdcbb7567c40c344978ebe |
| SHA1 | cf82371949a4d3a69aa70bc65ea3ada2c5723fa4 |
| SHA256 | f6ccc73f5f52c2092309665925afa3f6c057daeab15068c67370664ba810223e |
| SHA512 | fafacdba04a2835861a76f3f0a62a29f0f639bd00c2a4eb0bb479a8df351efd204e6e250192b275c77a3af9839de074864b08a68cc2ca30ffa9eb607041390cf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
| MD5 | 9ff56dd5128ec08fbbef3dabf648a7af |
| SHA1 | 955f0b5ff63883e8dac1dd7e879b44e0529717d9 |
| SHA256 | 259da1abfd84c7355d86ff0131c7e0e76e9f7e6b820f69a52118b6bc668307d2 |
| SHA512 | 72c7a688d9b3e8ea7c67413c6f9cdc10b46c2227b201f82bc1ff0911b8d7eb875a2dfc166425299dd24dc95bd8ba75174219d577700c8fa250b97ef2ad4e0d8e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fcdf3f6d75be804278691add52ffd235 |
| SHA1 | a8b57e4b565ac8d28824e680b11bc4d225676be2 |
| SHA256 | 14badbcd16b4ab450c469007c645d8569ef9dc3567ce0aedb4cd701b1465284b |
| SHA512 | 18e5c05dbdae8fd80b756d25c809b70a93260acea2b51a577b8590aa6a82ccb0e1f9d36208eabd84d2903666d226ec0ba350e30bc6cc74f4600994fbda4aa6ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs.js
| MD5 | 80626aebfc3b6d87c17833c970a42788 |
| SHA1 | 4d5290a8b686b97b87c9a01788f711842ad27dd8 |
| SHA256 | 28b80535a3f29066bac7e1845e866fe79abf8c14e55ae5c86c5034a84f51c7ae |
| SHA512 | ae79543a9b2b5a04191c88bdafd805b37f1bf81a99d17039a5f9ec214c6a579a894741b4418310b354327e95d175ea30c5c8dc1b4b80648a9087961ec7e0e906 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | 0b6ecec3309520af102b4050b6690be2 |
| SHA1 | 2a997413aa51746df4ae14a8b722f1d93560ecac |
| SHA256 | 2f20a27f3a9bb64aa7a84239a6e38450f79e3a04fefe669fdfd41e960aaaa13c |
| SHA512 | 033ef80bfc236012e6da5fe32f61514f1d2d9cd2a2f87d6c1786010d3c8853da14377c589cc9558144409aac4a443b64c6a80c0e9ba7dcbea707c06383d86cf4 |
memory/4640-625-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-627-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-626-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-637-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-636-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-635-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-634-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-633-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-632-0x00000289634B0000-0x00000289634B1000-memory.dmp
memory/4640-631-0x00000289634B0000-0x00000289634B1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0206629fe85ffdcf1c2ef8bc8e93f862 |
| SHA1 | cb161f6161f13aef580a24ac3ced6f3a1b86a36d |
| SHA256 | a6ef7ea601ad40e89bffdfb0a4d2f328e17e27b5debb5594cf590d8c0fc48a40 |
| SHA512 | 723bd1fc79166e3f848b6bfd09e002f05c5411169d897a385d85e9abef9d98fdadc124ea8a9415b226d80588d137d8ec5399a349c3b52dd04991720996c4c160 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | fd1de5682853d83100488ea02d16c8c1 |
| SHA1 | f130c5a944c4825595f40ec0abb17bef8e577d0a |
| SHA256 | e34af6d57d165481ba04a33a75620426535e2ccf2b0abe0eb86c1facd6932828 |
| SHA512 | 2c231bdf2f78dc9ac2926d1c261a48cdf2c3787ce32476dab366644eab7a0c498d79b276f13f7ec55d42188b53949faf55ccea58994b6dbd68b155ad2670a2c6 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
| MD5 | 42df039682855ba857d40180a7c97bf8 |
| SHA1 | 5811f12e6b56e0ba17398d14f0c14716f3168eb9 |
| SHA256 | 215845c1a35ab6259460d4b85fd0e489f943f45ceec2c5d513d278021279b550 |
| SHA512 | ca1d8d35b2322dd44c9dc83b6a0fdda29f7e91930ebbc5a86296613a1d4c66d61de5aca6fab916b2c88b638d5cd2fcbd9bcb35140aa91cff64b7eb512bd287af |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6161ae9b2a9ed8e82b9d2473ad082372 |
| SHA1 | b51217c3f3208f666c2d0f049fe55a8e844875ce |
| SHA256 | 6a41183dc9f2aa320ca415cf794ec24913d80389805b07e6a8cb3831f83ddddd |
| SHA512 | 3096e9baa0062e6d6a58cd732df95344142977c9717d16cfe11aded9f562d4e3735db335b8b53abe176875830040b76f75f39c0e31207e31739ed04d151bbfc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |