d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403

max time kernel
368s
max time network
428s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-12-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoIt-Extractor-net40-x64.exe
Size

1.2MB
MD5

205792ce0da5273baffa6aa5b87d3a88
SHA1

50439afe5c2bd328f68206d06d6c31190b3946c6
SHA256

d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
SHA512

186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
SSDEEP

24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu

Score

8^/10

discovery execution phishing upx

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 2 IoCs

pid	Process
6816	winrar-x64-710b2.exe
6644	winrar-x64-710b2.exe

Loads dropped DLL 26 IoCs

pid	Process
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe
3300	winws1.exe

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
476	api.ipify.org
477	api.ipify.org
478	ipinfo.io
479	ipinfo.io

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Start PowerShell.

execution

PowerShell

T1059.001

pid	Process
3528	powershell.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/6696-2096-0x00007FFA08EA0000-0x00007FFA091B2000-memory.dmp	upx
behavioral1/memory/6696-2101-0x00007FFA08EA0000-0x00007FFA091B2000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\910b6ffe-4d84-4427-b906-2cefd78cf6c1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241211153238.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
6900	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f44471a0359723fa74489c55595fe6b30ee0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DiscordFix.rar:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 274764.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5288	msedge.exe
5288	msedge.exe
3448	msedge.exe
3448	msedge.exe
5800	identity_helper.exe
5800	identity_helper.exe
6696	msedge.exe
6696	msedge.exe
6840	msedge.exe
6840	msedge.exe
6840	msedge.exe
6840	msedge.exe
5336	msedge.exe
5336	msedge.exe
1708	msedge.exe
1708	msedge.exe
6496	msedge.exe
6496	msedge.exe
3528	powershell.exe
3528	powershell.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	4380	firefox.exe
Token: SeDebugPrivilege	3528	powershell.exe
Token: SeDebugPrivilege	3300	winws1.exe
Token: SeRestorePrivilege	6696	winws.exe
Token: SeBackupPrivilege	6696	winws.exe
Token: SeDebugPrivilege	6696	winws.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
1492	OpenWith.exe
4380	firefox.exe
4380	firefox.exe
4380	firefox.exe
1492	OpenWith.exe
1492	OpenWith.exe
6816	winrar-x64-710b2.exe
6816	winrar-x64-710b2.exe
6644	winrar-x64-710b2.exe
6644	winrar-x64-710b2.exe
5336	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 1792 wrote to memory of 4380	1792	firefox.exe	94
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 1780	4380	firefox.exe	95
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96
PID 4380 wrote to memory of 2220	4380	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe
"C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe"
1⤵
PID:400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bed91e79-f4b6-440c-b1d5-b99150ae52d4} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" gpu
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cd1a562-eb9d-4e88-a0fe-5f44555b63d5} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" socket
    3⤵
    - Checks processor information in registry
    PID:2220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2792 -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 1604 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5648e7a2-ec94-44e4-bbb4-600518b02a64} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -childID 2 -isForBrowser -prefsHandle 4328 -prefMapHandle 4264 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3255502-1127-47fe-bd94-813dfa66693e} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4932 -prefMapHandle 4928 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdfdbf04-d7e9-4997-b17a-56669b487b7c} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" utility
    3⤵
    - Checks processor information in registry
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 4224 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34046f17-53d3-4db3-b5ac-1ec7f274f4d7} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:3660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bafef94-f170-469c-861b-9763287fc87a} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:1044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7110884-6668-435c-95f3-832097ad41f4} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 6 -isForBrowser -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2820dc39-6b69-4dbd-b237-680678cb6d0c} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6436 -childID 7 -isForBrowser -prefsHandle 6368 -prefMapHandle 6380 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c1dc05b-cd46-4f3f-9cdb-43fa88a047e4} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -childID 8 -isForBrowser -prefsHandle 6332 -prefMapHandle 6240 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79b412c-0580-47fd-a805-00387927b196} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7040 -childID 9 -isForBrowser -prefsHandle 7064 -prefMapHandle 7060 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc25cd5a-6834-4bdb-8c1f-04955b8a4907} 4380 "\\.\pipe\gecko-crash-server-pipe.4380" tab
    3⤵
    PID:2128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffa0a0046f8,0x7ffa0a004708,0x7ffa0a004718
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5716
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff730275460,0x7ff730275470,0x7ff730275480
    3⤵
    PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:6384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:6500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6696
- C:\Users\Admin\Downloads\winrar-x64-710b2.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:6284
- C:\Users\Admin\Downloads\winrar-x64-710b2.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,7503766890555188770,183364864579145940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5600

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\af0dc63daec84a62a21f2eb1273e4bac /t 6820 /p 6816
1⤵
PID:4164

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b35c285a25454ea8bcb71f7d83af24f9 /t 2964 /p 6644
1⤵
PID:3220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\DiscordFix\discord.bat"
1⤵
PID:2264
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:5128
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "Start-Process "C:\Users\Admin\Desktop\DiscordFix\bin\winws1.exe" -Verb RunAs"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3528
- - C:\Users\Admin\Desktop\DiscordFix\bin\winws1.exe
    "C:\Users\Admin\Desktop\DiscordFix\bin\winws1.exe"
    3⤵
    PID:1100
  - - C:\Users\Admin\Desktop\DiscordFix\bin\winws1.exe
      "C:\Users\Admin\Desktop\DiscordFix\bin\winws1.exe"
      4⤵
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:3300
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:6900
- C:\Users\Admin\Desktop\DiscordFix\bin\winws.exe
  "C:\Users\Admin\Desktop\DiscordFix\bin\winws.exe" --wf-tcp=443 --wf-udp=443,50000-50100 --filter-udp=443 --hostlist="list-discord.txt" --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic="C:\Users\Admin\Desktop\DiscordFix\bin\quic_initial_www_google_com.bin" --new --filter-udp=50000-50100 --ipset="ipset-discord.txt" --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-cutoff=d3 --dpi-desync-repeats=6 --new --filter-tcp=443 --hostlist="list-discord.txt" --dpi-desync=fake,split --dpi-desync-autottl=2 --dpi-desync-repeats=6 --dpi-desync-fooling=badseq --dpi-desync-fake-tls="C:\Users\Admin\Desktop\DiscordFix\bin\tls_clienthello_www_google_com.bin"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:6696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93738d72-0120-40b3-a0bb-cbd5b8d746d7.tmp

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
68KB

MD5
7057bbea327b8a1ab91aa99426d71557

SHA1
486262c0277d0a5ac74ba889722345488e817f3b

SHA256
cb13a106b6efc6fc5121d233391f66545575660ea00c36009348671293677d3b

SHA512
5b0a8bf662f0a9356ad08ad8832d82398ecaeac5464e20f6e760895b5f0898f85bc9d6f6a926b3d5284cd190214dc6868519cafb03a4ef2570298f87031a8633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0bcc01432c5ef2a98cde7796f2ff37fc

SHA1
dc88d5b6deb4e238c5b5854f54b87d3551f7ba00

SHA256
97f1303d1655399875be6f181d057f53f051ae301ab907b950f933bfbfeaa4c0

SHA512
de9fc525d30c93ca72742ed124b042c41783cfbd38bbdd5181502fb8182942c50c11535983d22d67ebfc69983352064a150fa7f06d42f76352d77f6f620d56b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cf024bd121c5fffc2ddb0e92d3d3eeee

SHA1
ad39c8d006735d8779774f011a02f2c0de1680d9

SHA256
3734cb2d1127782dc3686f10c2f4c09bb7fdcac1b51224c743e07d306ed52801

SHA512
a448e53c5e32330429eb76e01ac41f494c52affc193d70c2589f3bedff3b468207cf3921664f56ccc6dc324a9e1dc588ad2d5122ad88c491047a006fc9130741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
baf72de2420fdda6efd2426c096e02a1

SHA1
f5717d1ea6070fcbae348a64c13ac1e64b38b5e9

SHA256
3a628953682f6352232f8edb7ac30fa58aed52f5bc8dfa258b58bf4804dc7a14

SHA512
a38fd03e0edb1f72993b85d711e18ffa5c4bdbb84d26b9c584e58575a54d5621965580f2350dc3c0efdef2f58e4807ccf5d5a46348b33eb7e80d08ff63de7ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
967123c356fbf0f643f5fecdb41c235e

SHA1
74c956f361c990b3fda33473dfd4622530ff49e0

SHA256
b23eacfb80895bee8c1c77ca9ecdc07e2cfb582a728570c41b75f5ec9be1b21c

SHA512
27b56f05a27e166db0dfc7b4fdaba7eedbd346e5402c343e3a8a8bbaed83f308362b8ce0a18b118f67bf37ff0899545c4067488e2e3ea6fa23f2b5e0afdd0f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
b4d86ed3dd8f336bb4ac1ef5a17a323e

SHA1
3f7fbeacf107c59138944df861a7f49c44f355cc

SHA256
f780ad0f34156b3b2ef492df2d426f5af3a740940a107bd93631f7fed69041a3

SHA512
b90bcd9df6a29d91138062a7e75f52b42853ee68fdeabe0aaf891abde0bf5f72d488463f4240c0007030e04071eb53c48c7552df7d1d1ad10c386e3f839daa68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
883a437015cd60969d680b3969574216

SHA1
aed0eba994c64f5452e76b2a564662bb6b4efb7d

SHA256
e900b368009a609056c73aaefd0b89c517304de18b129dda606fd9e9ee9d0ac7

SHA512
182c6f0ceaed62ce68066c4785752162143d742a4dbd51a1a76e5b0595bfa01aedfe6f8c32cddb7564434c0b98f6adf91eae30959fb245d8b8b429cb0ded77d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5a1ad4aa05a866f5212033cb85270c2e

SHA1
00981ff60105d16ef6f49a657cb8185de2cfdf40

SHA256
6b871b72fad2b48cfe314e2422acc5d638a9150c562ef98aa689af6fcb4f6877

SHA512
12686c5f0140fa2b069e16cb5a56cda204a5014c25bb7cb6dc0d2595e962b57453d66840d18a6a85f84674751c01cc50d490662af5cb7811bbf9b7081aec1d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe61343e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7223896eede2d6ef8638c317f89e15a

SHA1
f20fea65de562844eccafadb2d122935c947b06e

SHA256
eea185b858469ce375bff8dfb26a843004cc5fd5abf9b6d897c6064f4622a0de

SHA512
65f3b077a8eb66f3dcc4c9092e0a0e1f86777ae7507695dc2f9417ffbe49c367fce5517425b985cde94a4a081950d617931427ade751ef6b8423eb3e64d253e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b55b4029b64a16ad81ab406940239ea5

SHA1
0d60023147d25c31643252a5dc1ce432d8682fd5

SHA256
b0080ef42791fcfaac816ff77972c9dc09ac5a66b42fcb4bedda2858de272086

SHA512
95e9cf282ddb8fed3094cda8a2469f15ea9c09252f0db0844d68dae3d2424e783b2fe65d989527c2c1b5b0aef44d5b923ded1e7ac12a541bcb39b769f40e5e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
ed4e63cdb2e094639a86f857cb5e67a6

SHA1
1e85337035d6fab49113cce081793a31e35e5ecb

SHA256
1170185b9543a22f1dab1cad55fc9ab791fbd146ebd2987c13595dc417a4fef3

SHA512
1586d24966e4410b62f7de086af025c6e729f0d1aa839bc806c2afc2a03c3546d2bf16b946de75b94305dc41a656b04e328bc3f73f61d7bd10a4ea38684fddde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7472cd340ee428591d9ffef11c66f251

SHA1
843a2179ccb3d6ae66aab36169273901d63b97c7

SHA256
701371ec48f0011ee3e74b60d27c5f729cbc5af20bdd6521d35641b0d0344b8f

SHA512
6868f3a61c77f5308f0dadc24847b326d8c1c6bf7800a3243a8b161c6d81fac21ef3f581d47c57a6ed6f7b4b07ab1e0c0403f8e8d847ee5901dbce9e15cd318f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
15d0289cdfa14e390da67800a7bd9088

SHA1
3fe76f27c9be3d6cf9b6c36268ce950dab8630cc

SHA256
2258d2261bc728bec2b6f279f69debf1c2aec37ecb61d6d6e8c7e77e5bd47c8b

SHA512
84655d08b8811f84df299873cbb29eaeacf1624ade311b146684e2ddec96829dd07323a2b5d52ac31c9217d0f4f41dd2c1f7772976f0825ec1a5e3364c6ff5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed94a04785e251d35e7765f7e6718a81

SHA1
0525a9deee782210287ef747258200010dee3b1d

SHA256
ab9872fcabdb195368febef24825c902e6e239c67e167cb88e186777507e0efd

SHA512
eddc4ff2abcbeaa500dbc772d1dd8bfc26d4cfbb96f1e76d150dc437a9481cffcb7545d1df77691586e51cc4794d871f09bf2993c0ea3b44e26990922c019f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88502d6a036c6239547c1be2aa871c18

SHA1
378841440f6b089d2621d5a5ebf2fd12bd393b20

SHA256
6a880692436a1dd828c11d85675fc40a8df74eb341c49aec6449f57a04902276

SHA512
ba63bac08d1be6755ceb50b74b5099234068235b2ee49661806f07a8d943baf250012ccd716d62b17b6d6e29212646770d8e16605308677bf62fc787ce1b5391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
58abb803661055b90b6ceb396cc495bb

SHA1
73dd0bd400f43e31bb08b017921db836f71609e8

SHA256
ff5fb4f6015be1dcd1460ea4c19a395a44ea9c13604db331c46b4857901578ce

SHA512
9c19e8ba72b2001bd7790a2c5338f31c846baca7ca10df9f825544137a3c33a2b109d1681e7c5bd5937e3ec4920f9378393580af55af3a74ed60c44c4437c37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6188361aa5a9dc248d4a48671d4cba5e

SHA1
1d3fd71537d129fa3a4f5548493550dee214b7a8

SHA256
a9530bfbe8876de8b9a939aa76a804d198e990da27ae6d8809553da04b58bd0f

SHA512
cb1c67476417fcc24da549e86f2b2dfadd1c20c03b4904f68091443b63f129ee9a084a54ae61a8c4e1738cae47743a8f5a28cf90604915ef44fc96b9e261a6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4db464dbb320123ab2761ff685f7a96

SHA1
cb3106b1803a2f660b5951a07b88ab4facba4f72

SHA256
1de91e6c48a950289a4e7cc9a1feabad7a2f676e7e0fdfc2f1b684bd34f0ac45

SHA512
9de13cf8cfc822e7ff73be6ab7113621b7e6f141e682f721b1e7119758cbfd2d68f96077bdc5ed549b75279c48e268d569a27faf68d91d76c0d944f4753a8dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e46f8faf15a634ffeb3052896fa1e6cd

SHA1
e64fe6a8e5c178d5f11888472b7efbc36154fed7

SHA256
c7456e4a742afce52ed6166e89d7c36b99005e250539d64b7a821e9cae6b779b

SHA512
409110f524c779204dae55efcaed95163bf1c573be93c7d17ae5a3c1cae6d2e1001ad827606514163234d7bed09e997d52c68da26f82c39f3f92db23d9ad39e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0593d39917d18c3df1d540962df69458

SHA1
ff89ee15e22387fa93712d1273a440d00402cbf8

SHA256
5a2ef9c2a2b5c1fa8be8b202f9672eab8d38921ac4c51f91f9c2805b4d307d12

SHA512
03d2b50418aaec6f08375d8886187b5613047aaaed05f8982b182a58371e0d3809ff2c97102b6b3c5ea9942db591ba803e95c2b36876e835055c36bf792ac4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe608ef6.TMP

Filesize
703B

MD5
0e5c9055a9dd1f536af4299fa28949c5

SHA1
ce167219351726d2861ff5bacb3340ec6bc7191d

SHA256
24eb8f25bfaf2e1281012e52d52b0e2b472f1980a6d9d76a63f04751927e47e4

SHA512
b26837aa32e0e00deed4e6f66f3f63232653e437d500a594bac7680c7ab853818f995654d4dbffe0d7c95893113cbad7ec720539e21842948daec6d51175d7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b6e0dcca361f951b76a2e5c4aa80a02d

SHA1
b619ba3b6cdab86af0ccb6ce0693a10fa8d2e2f3

SHA256
9fd448b745520bcbbd5b02061e7ba18e14ca141c0c1664e4fe09f669b5268795

SHA512
fba57de4d43b764e4b0e9fb9103c1f4179b9adb3cc1d425e008f3f2b51fdb13fa54a64c789f0c2739afc38818da6fd8f0b9537b75f4ac5a77534cce2ab004427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84e2b1b20c7d48836adecdedd7cf0801

SHA1
153f69e6aec9d517f886ace2cb7f8d73dfea85c1

SHA256
058a6e7b01c132e96c40bb6a7506c0b106cd5e1631c80eaced196d09c339d406

SHA512
d6b463ed279cf400afd19dbd78cf16e9e6f6543b80bd021cd131f89dac4a38e2b0236a291c982a54efae0544dc2ba0c95fc36a0ee3bd6ffb08256f4e0f173192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dfa6dda00f8ac307e6e5f58adbf86278

SHA1
6b3af4b53e86d1bc51efe17e8f8741997ad97500

SHA256
af30819875f66badab1ffe9b7473e690df7406473e670f382b0fc5a1afb6918d

SHA512
9b8be378e6357dc990a6ff7851545fe76cac47f2a67c3faf536712ce6f8a1a3e73e38d7842681a0ef80394df886ecd42b5f5369639c44f5a509e3391a2453c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9db71929ce16d5bc03d17e4c68c5e3a

SHA1
3ff8828fa00b9b2f823d3647a962f91e8ab1ddd1

SHA256
99fde94575139cdf17405bf521908dd0ed82f4a50cd871498443c6395c1a6f02

SHA512
bc275920c0ac39b0f711f7e1fda242d3ceccb66581e2fd23937d37ae69d3b6646672f3967d7a23b953c1e42980e6fc5c433c1f37821087510a0ce5946fe893ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be65439ae6cfb5fe631d9cda5b0231e0

SHA1
cebbb4b93596f723d2de41c3fce4df5e92708650

SHA256
13bf7d05d051a8b40ff2cec4932419d14079efdd45bb7934296413cfa9239ab0

SHA512
3a5ebdec247134717b90cd853e04a2708fc5c4b2c9f1da0b9c2a646176e459314fd10b8243633588b10be76d67767b4b69c60dfa74e10f23d0dfbc38ac37fb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06d50f15cfbb49b26c43e5aa57f2e3c3

SHA1
e50c3db171a67f4db0246d4347d1ae4e82f12181

SHA256
44c82a86cef499aa274e71bd2f759dd1a533571db9994061f572c21a1724b1c7

SHA512
4f8e56c5b9fb229f0798306dfecc83a49d143e0a6d938a0ef7d8a71dcd27c0b7b4ae0c17b027c9e6d83625fd83e21491df133a7d8608b86788497807ac4fe805

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
2970b69dcb81e2dae5f453d5978f5997

SHA1
b2ff999c8e4375b05bb77a7f61cd56cd4e57c6ba

SHA256
b02ee3534837ed320eaee4abb458139a240277c74430b9b5c470f0096bf84bc1

SHA512
1b7684335ade79ba6b2874d4abc385fa84dc85b16b642fe68ab65f11e63b71d368cd878f856a26728a0d1fb93508db001ab8dd246a3188988fda3044c904d8ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_ctypes.pyd

Filesize
120KB

MD5
df6be515e183a0e4dbe9cdda17836664

SHA1
a5e8796189631c1aaca6b1c40bc5a23eb20b85db

SHA256
af598ae52ddc6869f24d36a483b77988385a5bbbf4618b2e2630d89d10a107ee

SHA512
b3f23530de7386cc4dcf6ad39141240e56d36322e3d4041e40d69d80dd529d1f8ef5f65b55cdca9641e378603b5252acfe5d50f39f0c6032fd4c307f73ef9253

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\base_library.zip

Filesize
1.4MB

MD5
9dc12ea9f7821873da74c772abb280f0

SHA1
3f271c9f54bc7740b95eaa20debbd156ebd50760

SHA256
c5ec59385bfac2a0ac38abf1377360cd1fddd05c31f8a8b4e44252e0e63acb10

SHA512
a3175c170bbb28c199ab74ad3116e71f03f124d448bf0e9dd4afcacdc08a7a52284cf858cfd7e72d35bd1e68c6ba0c2a1a0025199aeb671777977ea53e1f2535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libffi-8.dll

Filesize
37KB

MD5
d86a9d75380fab7640bb950aeb05e50e

SHA1
1c61aaf9022cd1f09a959f7b2a65fb1372d187d7

SHA256
68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b

SHA512
18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\python3.dll

Filesize
64KB

MD5
7feb3da304a2fead0bb07d06c6c6a151

SHA1
ee4122563d9309926ba32be201895d4905d686ce

SHA256
ddd2c77222e2c693ef73d142422d6bf37d6a37deead17e70741b0ac5c9fe095b

SHA512
325568bcf1835dd3f454a74012f5d7c6877496068ad0c2421bf65e0640910ae43b06e920f4d0024277eee1683f0ce27959843526d0070683da0c02f1eac0e7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\select.pyd

Filesize
28KB

MD5
116335ebc419dd5224dd9a4f2a765467

SHA1
482ef3d79bfd6b6b737f8d546cd9f1812bd1663d

SHA256
813eede996fc08e1c9a6d45aaa4cbae1e82e781d69885680a358b4d818cfc0d4

SHA512
41dc7facab0757ed1e286ae8e41122e09738733ad110c2918f5e2120dfb0dbff0daefcad2bffd1715b15b44c861b1dd7fb0d514983db50ddc758f47c1b9b3bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11002\unicodedata.pyd

Filesize
1.1MB

MD5
cdb5f373d24adceb4dc4fa1677757f0c

SHA1
af6b381eed65d244c57129346008ec8532ba336b

SHA256
175c4cb528f1ac4e285c575cc3f5e85ec4b3ae88860210b5d795b580c7f0b5d9

SHA512
429a326648c761bf068ca7735094644f532d631cf9355c9f1a5743a5791837a36cd6aa2efe2265c7541feb06310d0c07b634dd04438d8eddbdf1c4147938a868

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yii42h1s.ylf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8c76dafc12ab7636fdd3d06ef42ca78f

SHA1
0e898cab016a3d9367e9cc744e557540ffa94981

SHA256
fe81f0ccac8e64a6a0f78d850de78409dbdf3579ecaed2a579ef02bb7bae7a25

SHA512
8474f21ea020e8beae68c6bdbe428872d21dfbcb515a398d2a38999eea71378d675997bc41f98aa4364a32c014e6eec24b48cc8df5e4390bb5d1511cf07e9a85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
21ad0cb5b841858f6cf0c8a1b36443fa

SHA1
9e0f3069e0e0ba8eb3b35dbc85e05b04df124f02

SHA256
1725ee9ea7c6d00b1a88e604c481cd9d756289f99dd63212065e3fe4046c42a2

SHA512
a2a25b10b2f3307fc69d5c752e46bd04e76eaeca7910c157d0861c75b74f45ede22134005a712fefc9afebcea0a2f4868ea7971a1d9136df8a51824259a71acf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\AlternateServices.bin

Filesize
6KB

MD5
344ed633f5d8f71c171709c3deb663dc

SHA1
349438b6b841edb7575c9337be81d6d274c64985

SHA256
da9b561d58fb23486e6cb9e20eaf35c791897fff61d6c91a7ab0b7b7e4622340

SHA512
d7d05d3e6dc4d57a213b33cc74bca2513118f30ca0b192e0e785e35daf6227a98a072db5287e23b06608cd2a80b8b86193d2995fb68b41f4353e9c6b4aa337e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\AlternateServices.bin

Filesize
8KB

MD5
d2ff4412dae6ff297b98b078428e635c

SHA1
69043bcdded9231b350cc85e689ca660a4fb405a

SHA256
2865acfcfa4dac96a14555f1ba0a9943901a158091f9b5f17d342c05d2f4de6e

SHA512
c323e34b241e44f6f7757a0eaf21c096bf0b3af33081eb1fe981a55e3321b17dd89f59d301111776cf2bfed0cf051287c258154de446cc2568d437731eca8ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f843e458c48b2d5bf04d05641ff02ddd

SHA1
02315af5719259f4cf46f0dff0aba39c702d7283

SHA256
8682a70ac0b32d034ff6122c91e1c654b721eabb17fafe9b84a3db04e3e766ac

SHA512
8dd1dc2aa350645243f39e7f688564482400069fca76fcaa281cfd7d79714eb5e2aa114743d2ca67e7ddf645a0e5f3be11176a59fef9b4c76b883f626c5a15e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
55e99b951f207f89677f89bb0bd81e55

SHA1
f91355759e7985074238cf0c1cc20b56bf3a4d12

SHA256
c38477a4b08d9fcc9845be4ed2460854c4775502935925bdbfa618f5dbb76bcf

SHA512
8725988bbdfdd01079b5b3c92f7a84d329b6a92af389c4f1e0645a6b8557fba185400413c8053d563c73e417d4fd92c1fc71a1c68ce8cbcbfe7349530ef89ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
6534d9bbd71346da459e614f2eaa6296

SHA1
d05fa8ed415d44e15b7231bea03d404b3e2c97f8

SHA256
9fe8295a18179fcf2784c9800d40079c1407b69a99f6d9917612e402c3590ed6

SHA512
4ee3f09d6275e02eca748efb6cf4ca8575a81bb0ac313435b3d0d6015c575c28020b74bf251e2fe66f328f9fcae4d719ad84fa03c04599b77577bb5e311bf3f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
82d1b571ca735595358d326849c1d33a

SHA1
8e39751c1e9c7168a1954c96a0eca01859693458

SHA256
37be8775fc582d3dabfe132f6e30b69a9d7744101f5e56397a22b48475d013d6

SHA512
1fdd4a566fba3ce93328d016c75fdd136985d01a3a7b81e33cee5038b671626eb3c946361d898498c3fa32b844b40a6560daad267ce3f491f77ea67a17628788

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2c8acfa343f5d72c0cf5b03570f4501e

SHA1
a2ea4c7e524d60bfe2c386682bcfa3f82a0f2110

SHA256
5aef377ea7990927c85cb5a6433bc9e478a324ec67e90cd44fd2b4ca19988b63

SHA512
a6b105fc11f42766a1538ee22232d756a31ae9623750d320295bd65ad187c386617dac7f8eb377a9f9a2aaecc27dcb5fc554f201e6fa8c06711f76cc75977a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\35648154-5fed-46ae-8d58-66b07e15e9bb

Filesize
982B

MD5
d70d9782a38f245e97babe6af447758a

SHA1
698903ec8ef690d576c40a061ad73cce2a253f13

SHA256
7ab53b5d2c2f6f0fcab284c76991d6b9558e40a6f0447d7d271e5a49995ec607

SHA512
ca9bbff26621ed22aa73cd00513f5ab8a6643a2522e91966e67249d653f421a63cd417a4557a840e70e1f956de636ea54c8e15c35748b3f5504fa8210ca9af18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\68ec906e-9753-493c-b09d-86707a9f0409

Filesize
671B

MD5
968e4de90a5ff8f844df436274177754

SHA1
d32247be46c652b2ae86603e19d03249aeaaaaf9

SHA256
a652ed61ca3fc016c6022347fb04a90658a8074dd746da9ef1999317783ddc0a

SHA512
1aa3738bc324e056e5e6d3f5b088cb8b6619e2daa1705cd356d7a4972630d7590dd04ea1e22a457aff2826e485b5e51063ba6ad6460504bcd866f9c941054a3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\969911a7-ef08-4b8c-84fc-28a83226f90c

Filesize
26KB

MD5
05e59adbe88176441edca88bd54d4626

SHA1
a67d9badea181634be531fcf631813562410475a

SHA256
5e32340fb72d71601faf869c605510116819a297f21f6463cb254da385a3af34

SHA512
42c38662775bdf9c34d7ab521dd3b1110b66808baff86979977d2e5ff96cc354c7918200b5ef5442c5860284076fcdf904b1727cabeeeecc099963a398fffe64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\fd76c98c-6305-4e4f-b532-f7cfc75fd20a

Filesize
13KB

MD5
bfa8996a90cc2930d437d9225add1b77

SHA1
e83a7a170991821556ee313793bfaf5b69bd9112

SHA256
be0745629f03e45951be32a5b40d01df53f6e23d505e0516f2c672d1413bde14

SHA512
802991feb77af7dc5a369fbef2033bab4087629f243a77408d725e11116ac5224980cdef01857edab432591b35834c0ba869742aadadd6d30058b06cf4d8d8f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs-1.js

Filesize
11KB

MD5
23158835cc5eda8229e3f748e859d430

SHA1
bcf512e0e997ac2662119120f2c743f99ec37c6b

SHA256
0ea4e394e800c84869bc84ddfd29026e12775515cd326e82b69394037126b377

SHA512
2d76703990a2ec416699f286c80ddc2b589459f9d4decca011b8050cd51de72c972863e2167e28a1f392c550352488b25160c1715b7e5e0c6096037586bb6bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

Filesize
11KB

MD5
56967ec71be15a03f2df7b6daf3fe016

SHA1
ddde26b99eeb749b76f8286f4bb2829d6c217ada

SHA256
0a31ee6226627406074e1461011252792a76fec39749a354d450bc52dde3d364

SHA512
6835e0bd3a36af0d135618f6a4b723b035e95fda08fd127556f10a285fc0f147cc292a96a31d5c7418457d56724cbedfdf241150d0e5147a008167c08f0e4da8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

Filesize
11KB

MD5
56d688c878cf74e1fcf9addbc2b9e994

SHA1
f4f32878408d11a7ebb3c63be87ba44c17d82ef4

SHA256
a8d46b434aa01c38c851ae09b45b4b999746932db974a86875741f3e143c2519

SHA512
4d0fb4586f3df0ded7a62fa72a15e88c2dbbf533da46e64bdd116807fe0393c4e9a5cfc080469f98b42c329f47c5c18c22decf2c48a0e574b877d084aa8b1a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js

Filesize
10KB

MD5
da6897a1fcdbeb9e8a0310db0da78665

SHA1
5654bcd9edcd38ac5f7884085f26956f3444f3b2

SHA256
9294ea73538de5f060bfaf0335b9e953f1c02b5310b8ed206c71eb9519ad2e3f

SHA512
9e6f9bd38cc359b25a043aad932dd31f7702223eae70f2382c5068e05ee5794a0b51372bd5a1ce0f7f6675a687d92236be40df782caff4489b8a1843f8e5b133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2513e980c8192899017ac351977630e7

SHA1
a2c8f3cf17aa877d1d8eb15e17532a42708aafef

SHA256
7c18a578c05601a36efb14b79149ec36d778112d5286d29dab4612a424e7b821

SHA512
618d03b2d5f74381dc190fe81fe3a06383ddb8e123ad0270e77aa090231efd6c81a01f51335b7b6f4d6ed3200f6da041bf25e03552b27fa02c275a148c47131b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
74bbc232e49f97c1b9f62e6de83d3306

SHA1
e3421ea89b5cadd499b89567513662f1e7643cff

SHA256
c934845f30658c608b976f34705d80550e3f2716eee6bdfd5de8d382a316ca31

SHA512
a8c50993730bf5e0a2cbcf888361dbc3067bf025e80f9a80260c41cff22da3b29807b8d50e1473279b666ca93a48139be764f57bac245705aaa853154ad9f507

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
e2349974f1ee49089fbffb3ee2893376

SHA1
6cdcb59378a38964ea9bcac04d12ce2bdd2bf371

SHA256
4744fa7e2befa10213fd2d4ef9a44cc85eefe9fec1810cda960d094ad1300029

SHA512
ebfbf77805c2ede79691271207c2ec18c5289c44f94f6bc317c8f050ca6d801d5e0eaa24e0af86706e92a67d1c60eb20761ecc19d9d5c345eb7520c7cd8a0965

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
da0d1651a1f9138dd4a354b245c283ee

SHA1
657faaa79cef63ec80cea1db9b9a45987a1694a4

SHA256
23dcdc9163f867d248f92b41723fd02d232eca24fe8c99252b1b383c3ad24691

SHA512
bda22be7d300d97bdc4a588b24c061955d8b9edd7d45d96f68d13c0717348e9206bbe7506bf344360a88ac4963657c67a1223b90d4c5acfcf54398ae86637ceb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
568KB

MD5
1ec2670800a68692d36052e2ecb6b839

SHA1
0fb95bc980a05ccf48ccca9ed3ce039b0a03aba2

SHA256
889b3b8a330d298ed137a8c3f9d54472d18e36264f58f62b6623c828a5390bd2

SHA512
cf118afb2608719ce723d02aae274665a7ecaba908b2c54271d5911546db5b3824d9f03a0112f00d37fbc0c42645df51dce814b3a133c489cdf0c0e38c04d09c

Download Submit
C:\Users\Admin\Downloads\DiscordFix.7J9PEhzc.rar.part

Filesize
23.5MB

MD5
086c6f0c8abe42e78bd137ff543bb98a

SHA1
136bf868b9912f9e7640bdab4f98b80b6c9cede5

SHA256
ca0a620aa36a8505d9a747670465977c93a46466068becd9fda08b7c9cd92d70

SHA512
76d6c01e46dba50db4ee1be637bf8cd695883b2d25e6614736ba75ef7eaaa91382017083808f41c751a4c5344a96f61ee29e9ab66077e20e5de0d5f5a8922caf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 725075.crdownload

Filesize
23.5MB

MD5
944c4b9e12ac9eb01c0087bb6380556e

SHA1
fe7c975fe9388e055ffff512f80a91db2050f089

SHA256
d79ce6b0dd9364067e6dbc1149da59b0b94e2effe884910469404e4a3a6e0a7c

SHA512
b682ce0c1c7abd848af14a9f33cce6d295738c1ae7e54e1bbeed6ed153ccde6fcc1cd85d079eecccb9fc52d25c8b767bcdaa5cd49c3d06e493a218b1c66fbf6e

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710b2.exe

Filesize
3.6MB

MD5
3c9512d7311c9e872648ae9e3d2dbf11

SHA1
fb936c0d067106bc49f4dfae0ae884e7e783fd72

SHA256
e279e8e4c1239a734af40eddac745eebca791c0bfa68e67021a472b43fdfb32a

SHA512
acec6ae26528aafa90a4b4abbdca6f21bee23c0bf0b993fa562e40aa7870f24a0dd3cd162eab5ea92fb0faaf636309a4b9e11f5ce633950162ba76f853ca7aa4

Download Submit
memory/400-0-0x00007FFA0F563000-0x00007FFA0F565000-memory.dmp

Filesize
8KB

Download
memory/400-2-0x00007FFA0F560000-0x00007FFA10022000-memory.dmp

Filesize
10.8MB

Download
memory/400-5-0x00007FFA0F560000-0x00007FFA10022000-memory.dmp

Filesize
10.8MB

Download
memory/400-1-0x0000000000C50000-0x0000000000D8C000-memory.dmp

Filesize
1.2MB

Download
memory/400-4-0x00007FFA0F563000-0x00007FFA0F565000-memory.dmp

Filesize
8KB

Download
memory/400-3-0x00007FFA0F560000-0x00007FFA10022000-memory.dmp

Filesize
10.8MB

Download
memory/1100-2095-0x00007FF6F93A0000-0x00007FF6F93DE000-memory.dmp

Filesize
248KB

Download
memory/3300-2085-0x0000029A0DC60000-0x0000029A0DC61000-memory.dmp

Filesize
4KB

Download
memory/3300-2086-0x0000029A0DC70000-0x0000029A0DC72000-memory.dmp

Filesize
8KB

Download
memory/3300-2089-0x00007FF6F93A0000-0x00007FF6F93DE000-memory.dmp

Filesize
248KB

Download
memory/3300-2090-0x00000000655C0000-0x0000000065669000-memory.dmp

Filesize
676KB

Download
memory/3528-2032-0x000001D6AB010000-0x000001D6AB032000-memory.dmp

Filesize
136KB

Download
memory/6696-2096-0x00007FFA08EA0000-0x00007FFA091B2000-memory.dmp

Filesize
3.1MB

Download
memory/6696-2097-0x0000000100400000-0x000000010044B000-memory.dmp

Filesize
300KB

Download
memory/6696-2099-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download
memory/6696-2098-0x0000000100400000-0x000000010044B000-memory.dmp

Filesize
300KB

Download
memory/6696-2101-0x00007FFA08EA0000-0x00007FFA091B2000-memory.dmp

Filesize
3.1MB

Download