vidar | hxxps://gist[.]github[.]com/quisilisbuns51/bdf744ac7e9e0bcb56ae7ecad03f4ac3

Analysis

max time kernel
899s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-12-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gist.github.com/quisilisbuns51/bdf744ac7e9e0bcb56ae7ecad03f4ac3

Score

10^/10

vidar credential_access defense_evasion discovery spyware stealer

Malware Config

Signatures

Detect Vidar Stealer 4 IoCs

stealer

resource	yara_rule
behavioral3/memory/2912-4120-0x0000000000400000-0x0000000000639000-memory.dmp	family_vidar_v7
behavioral3/memory/2912-4122-0x0000000000400000-0x0000000000639000-memory.dmp	family_vidar_v7
behavioral3/memory/2912-4129-0x0000000000400000-0x0000000000639000-memory.dmp	family_vidar_v7
behavioral3/memory/2912-4130-0x0000000000400000-0x0000000000639000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
6072	winrar-x64-701.exe
1824	Unlock_App_v1.4.exe
2912	Unlock_App_v1.4.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
33	camo.githubusercontent.com
34	camo.githubusercontent.com
35	camo.githubusercontent.com
36	camo.githubusercontent.com
37	camo.githubusercontent.com
2	camo.githubusercontent.com
3	camo.githubusercontent.com
6	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1824 set thread context of 2912	1824	Unlock_App_v1.4.exe	129

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_App_v1.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_App_v1.4.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Unlock_App_v1.4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Unlock_App_v1.4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5876	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\link.txt:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Unlock_App_v1.4.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
1004	NOTEPAD.EXE
1560	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
4452	identity_helper.exe
4452	identity_helper.exe
5220	msedge.exe
5220	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
2912	Unlock_App_v1.4.exe
2912	Unlock_App_v1.4.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6004	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeRestorePrivilege	5184	7zG.exe
Token: 35	5184	7zG.exe
Token: SeSecurityPrivilege	5184	7zG.exe
Token: SeSecurityPrivilege	5184	7zG.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeRestorePrivilege	1572	7zG.exe
Token: 35	1572	7zG.exe
Token: SeSecurityPrivilege	1572	7zG.exe
Token: SeSecurityPrivilege	1572	7zG.exe
Token: SeRestorePrivilege	4120	7zG.exe
Token: 35	4120	7zG.exe
Token: SeSecurityPrivilege	4120	7zG.exe
Token: SeSecurityPrivilege	4120	7zG.exe
Token: SeDebugPrivilege	2108	firefox.exe
Token: SeDebugPrivilege	2108	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
5184	7zG.exe
1572	7zG.exe
4120	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
2108	firefox.exe
6072	winrar-x64-701.exe
6072	winrar-x64-701.exe
6072	winrar-x64-701.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe
6004	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 4956 wrote to memory of 2108	4956	firefox.exe	77
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 3452	2108	firefox.exe	78
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79
PID 2108 wrote to memory of 1284	2108	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gist.github.com/quisilisbuns51/bdf744ac7e9e0bcb56ae7ecad03f4ac3"
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gist.github.com/quisilisbuns51/bdf744ac7e9e0bcb56ae7ecad03f4ac3
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1888 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1104010-21e9-4c17-afbd-7b05844d47cc} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" gpu
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d13d0975-7b05-443b-8738-388b1fe3877c} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" socket
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3292 -childID 1 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31587a09-39a9-44a4-a3de-1db3c758f6e9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 2 -isForBrowser -prefsHandle 3764 -prefMapHandle 3084 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7681a08-5bc1-4de4-9719-3478fc90ca5b} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:1544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4796 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce6fd8e4-3b5f-4366-997a-0f1aaefe2671} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" utility
    3⤵
    - Checks processor information in registry
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 5160 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a41afa2-46e4-41fa-9a68-81eb68ef05ea} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 4 -isForBrowser -prefsHandle 5852 -prefMapHandle 2744 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dae0dd9-a1ad-485b-922e-627b99641b9e} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f52c9224-9b30-4d5b-b4c2-2103210b8cfa} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6808 -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 1468 -prefsLen 34300 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd35ce2-af14-4c68-af0d-7616051adbfa} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:2804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 7 -isForBrowser -prefsHandle 6748 -prefMapHandle 2984 -prefsLen 31276 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6678a56-ef8f-41f0-885a-5977cfc4aadc} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
    3⤵
    PID:5700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1164

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\link.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9cf6e3cb8,0x7ff9cf6e3cc8,0x7ff9cf6e3cd8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7786944521036170665,13261899566133787170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6072

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\935517bfea3f4ce8a4d2e1d15dbd3dd2 /t 6076 /p 6072
1⤵
PID:5892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_App_v1.4\" -ad -an -ai#7zMap16716:92:7zEvent8363
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5184

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_App_v1.4\" -an -ai#7zMap15147:124:7zEvent17841
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1572

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\" -ad -an -ai#7zMap30075:124:7zEvent27598
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4120

C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe
"C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1824
- C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe
  "C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe" & rd /s /q "C:\ProgramData\YU3ECBI5FCBA" & exit
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6028
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 10
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:5876

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5bf231cda57e25305e09b21abdbc76b6

SHA1
1d11b3a5f0c69d93b02255b9e32d594029773e74

SHA256
98635018104014650452505ae4378d0acdc5d4b640ef91803821e6301f8571b3

SHA512
b72f7f628e2f436de1748cd5ba334ebb01018ed5c55d1c50dcf093c8e27a0a0b1aab52c3187261148e19d244f380482456419c2e3cc5bc665324b7805c598e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
544B

MD5
c1b3b54b9e2423e9ad3abe10ae2687b1

SHA1
72fc03d83fadd6784e72bd9503600d7d78039e73

SHA256
2b796764275672b7998482f60565068acc4995072dcbe8e9a015de6b8a70b58f

SHA512
6ef37ad12a46627eaace5a4f4544c75e094c42b3e36435d19f054dba40fbe899028d7c128b2618bf98080e9b5b91fc875c0aa65404b424e4d6967c3d15b55076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13da7395de3d0ff8ca0d154d234ca279

SHA1
0e54d352e07f8af8640eb352066a7c6b970b1e00

SHA256
8cfdb715ccccb122e7b991a62d770d3b3c186725f5c3ddb32b276289f375f8f4

SHA512
5137c0d0ea23c00265d11629257b330d132a891d8440a6bd751479c72cc61c778fb6e4eebfe751e1e81184585bcd8c2030caadc76d01a2469e8999a45ae5b986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad3bd4b86cc747193460a97c5aaf936f

SHA1
eacf318f20eb66703ab9cfbf2985a558a0a52817

SHA256
b22b518026713b55e7607be77037815ef271a7a9e2cc170d046345c8b382d8af

SHA512
f00a01c1df663302bb755ef8009733d6868f9db0620d34f0690fca216793de014da9d05de8b71d9c3b06d7bbe8e891258250a55409d4b9e0d50eb99d1d049548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8aecc1dd4d739ab1f3da3c4b2260c70

SHA1
9033e40d8e6bfa17eca35d3ec6d844fedbacd67f

SHA256
92435947f7c69fb4738f1a319b0c65027723c0cfd7cd3a168d8ac63491561248

SHA512
01be1ca41243de47571bfd890a12021589b516c7a05561d4edfd0813d70f1c9824ed460a4dcb033d3290842b308a56d3e05fa5f62c45e124ccfb67dcb4b241f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1a321123b87327c651e2789e548e0b2

SHA1
08d44c6b680c27dfc22a028d217403e8134ca3a8

SHA256
d08a1edd8eb1b0df5b2d74d8b081febb52abaca40a1eb2ea3baed5276b8f6984

SHA512
6f3fd6dac3b1b21f511af1a7c87ca4d4008c42a34d8d40a0cee13e973b9bbcd29fe2358412b37564dac297dc984c6656f388311bf610e61b3edd4404882f3360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc6d6682fb789bf4cf4fb333d5f2c6a4

SHA1
8464618b53de03d81dc7df0dd46b5cd7fef401cc

SHA256
1387df9aae15cf8c183d75abab67f65e6b63b9819b406492ac17d3afcda3597e

SHA512
846fddf92f4b0600a3ac0136e8eb5291aab9813e782a61536b5620f83f71fff6310d1d5ff9398cf1bc3d2403f529fcbd819dd03361323c19e1abe84681523127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2bd8e8a3eaa284fe8110e8a0695e97b

SHA1
896ee847835c1a165eeec671cd6d3aa51f7673d8

SHA256
08669e945f300f47d726fc672097bdf5450c893dbd2b3760ce439e247fb05b07

SHA512
e45dfb05d0b7397096e96cb2e5682e733943dddd106afbd977a7a65241c128d38c802e1c9ceacb0eee0e1c8fd6f22295968bc7c144a0d6d0418f6b72f32f30fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
ff62113a619eb656a8a6f79ad1290be3

SHA1
0eabf495f15b44fb6f11a1d66ace2e0e4aa41adc

SHA256
30038560181eac984e158f4a9144954f22d914a5c88db4f50668811c5c222ac5

SHA512
8d541d8d783e8d7649a2836941bcbc8e3689f7b7f42feb2c9fd9d798b940bce8f974b322c46b82333e955a5b9116e8f7d61e3a087b0f453c0858a8beb71857b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
9e90e17496c8c1fc44600792fe88aabd

SHA1
e039c5424ac9530ca718fceb834bd19ce560953b

SHA256
181042694db5ee09a15535d92285af6417869100ca197412c6d90ab7bdb730ef

SHA512
0ef017a30a3cfc59acc724ecc97f9d42b090dfa6c7bfc2e1245cec036567d0ec74721a21a64b00285a0fe7587db7a8b49fec41229262228632ed40609a74d7be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
0d19e2f8d9295f200ffcef8fcb6e896e

SHA1
bea32892d55250b9482bbf3e1dc972ee033404a3

SHA256
2bf7fe14c7d3ed7067737c06c3df2d05fa683a11ebb17a46323d15ff857b5684

SHA512
c0d48f1bf812aaae1ad40f45d0745ba8d753c26f412eb81d43be4088a5d55dd8e8ffe26d668097a04421f33cefd74f6b5a5292ce770430127320db97b78293a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
eb70fe64df0c9261d737ca51a36c7231

SHA1
b7f09484da81080adede2c40d19294f7e3cb9b4e

SHA256
ff463327058a0ff8e3511112fd8491b1eb6c25b2d6966ec5837a58499da2cac3

SHA512
c653fced860c5c3e18f751463baaad171bf48c63048fcfe79906c80916fb717d66023c2616f8eea8c509d3eac12077371dc3efcefef26eb5ae7bc1c553630a0c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\POYN4UQQS5K6LJVBB1KI.temp

Filesize
9KB

MD5
41fc5e7ff429a31f7f5ee6dde5139273

SHA1
47bec6110f38a604a79de86ecec3d4a262c008d8

SHA256
d3094b7abfb0163f3da0dd593f016f128989e1a901c47cac7c9707e8ef6b1789

SHA512
8011fbfd4154020ec12cffde716724a1420e2382be0159d39465e0ba0690e705d03ccc91c8811f0cfa946cf87cedf89172aecceadb16a15192f9d7b98c8ddc64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin

Filesize
6KB

MD5
6f529134842758967475ee75c13cc77d

SHA1
3ff332bd18c94eb81be0b5fe654f1a116e2fbcec

SHA256
c96dd3157f7bbe8738f9958080d68a10863aa357cc32237cd4c940b11fece86b

SHA512
aa418c40de03e8aa392318404fa7ee468ab3447ac898179b7a787937e1e8a36fe9003a9b82cd06cfc9c5467af1ccdf265cccf2d24ca79a5a88db72235ea3890d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin

Filesize
10KB

MD5
3287d12d59488f3c00b7fb9b350f8e39

SHA1
3bd3d3d394e3678bb596aa34ef035002f29eb526

SHA256
7ca626f039abd65ebb3852e88c57278cb1d2f3957020f49874180417dcd414aa

SHA512
ba53ef93192e3e792af8c76b02069f0d4a9d4d92185ceee2aed48de7e1b4a669ec23796eddd945bbe749ade6457f6beec1542d22a9b88b5637529a192ff967da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin

Filesize
8KB

MD5
957c55b1b2094d18a9cd176c6ec4ec42

SHA1
ca331fc208cde14bdae41c420068db9ca0d453f5

SHA256
ce9c19a10970fb3b7fc365758b252821f97d1f4fe804a8fb4754f108e896bcfe

SHA512
82ad55ac60638f207b318ef466cef72347e4af5c0f93f8bab70dcb30862c6dd9279dac1f997399f576f3917dd340d71fde8bd6dd47ee8ca8bd069c1b0268e01d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
29528d5570c929496a644df3ca284176

SHA1
95c7c53bee0f1fcfdaf564f5c34245c8255d3847

SHA256
898624b87e869bb3b039de3a14286f6a182e57e5e38ec5938cdbc273aedd6940

SHA512
c51f06ba3fde061f59b46a021daf028ee6b2d8e66ebb08dcadc57521aeb54f764240787ec3ad02305f84ad2508877a19f64e45c2e07bcc696c9695d3691f9919

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
295ed0789c734df87ca04c96862f610c

SHA1
0b3cdf599c2f384671a393c4a231472736cb19dc

SHA256
f58fcee14174320a0dde03d96d7deee7924d0397e5fa818ec1fdfc891c6d10c9

SHA512
2a1164013fa8ecb8c479599eaca938490b1f704b809a0e5c79aa936e068793052f3610245569597cae70bca02ca3926396434b4c12ae6b7033f31c38b2a0efdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
71a649fec01839cb3985179cf60e4752

SHA1
f2f69fab6b32fb56a26095a73419846f839b960c

SHA256
38269fd4dc9f9ac0540e54dd116a3df38668d6586236333bed6e4667b9189348

SHA512
fe66d7316451a05878477c879cd9b7d0bcd99a71213d6fa7ca5b9273eef8b4d1afc7872e3a3836a26d9b0cf373286f1ed3a30806720039306abba26213b844e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
b8bb62df59cd3560d8fa5e9ca939a81a

SHA1
d2d4da6e7c19f0af7dddb3475b11be7c138a3c31

SHA256
2c40a12f18b26893338e727bb57c3c3ecc3950e5356edf96ba74aacbd4e90670

SHA512
bc804c208b88ce36a02cbaa0a3b224dc0d15a9004db8c238a555714c2b811dd2747ba89fd2ede0d2d8ad34819d7f491cf476d700f3e9501b44ac672b371aa668

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
35KB

MD5
7dfb5d3327faaf30da01a39584a48fbb

SHA1
f05abb764073d3a6ebbc097a2aa0914b111a2b97

SHA256
6202d52293172d788ff9c9669d6c1ceff2d2cc2d1b96728c30f82cd570c50dd2

SHA512
8fe01f852e364b2b974bbe50d4e057cb40579438b3a6cde2b5469f57481a57dde95208277df3b00971ac4cd505f76746369256885bbf9d97c52270d9df6e6df3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
744e1f56476acf67a41312be5c1609f2

SHA1
f61a21219a7d4ce79bfa3bdcb13755f36ebd425b

SHA256
0c8ac5d9550323a1b0e05f4d52024615ee7272bb8b75d15cff0721e7bf7b34c7

SHA512
507510f2f29389160ee6788debdcaeca692d4c6d4a87e1aef1eaedc2137bbc8ffd1c375fd5f881ac91989522489c8bfb115b531b77a62a86d3932485933012a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
aaea23d222a54185c5647412f8392c8e

SHA1
a0c61914ffad3b44c75f02ab2a6be0248dc2324f

SHA256
eb6339c0a40d58595d20f96f79bd8ceb5d90e989b78aa2e4c39a5ae30a71b0ed

SHA512
2b0aac3bd34816826d6eb391215a3aac6bcdccdc132f1260ddf87c5ac4d6568d65fd7c815366d5b65d0cc9304049b53a9c294019efc3e9b37dd7e471083bbf15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\23972e88-14ee-4021-a1f8-adccc63984f8

Filesize
25KB

MD5
f335d6d2f94d078896fbf772df91c536

SHA1
38227a2e13f5680f0eb808a704fa9f522eea3eb3

SHA256
2b61568ba1a674f7944f0a1ecfd88529d037e34b9f490ee68ebdd5979dd00cda

SHA512
f94a70b10bfbdf008b735d5a45c17c308928c3042ab8770bf7ab43ade37c4a71a4ce43585b7220c9541f1bd465b7c3a44ea22ae8e89454bee0b1a3325d395c8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\a31eb296-ace9-42ab-aa10-9c68575d77ff

Filesize
982B

MD5
23da4d08e816b329b766b0ba597df964

SHA1
393ce46915b412ae571f1a2fcc71cb295938f28c

SHA256
fc9f87159ee251a475407a1abd5d0adf0906508aba7f1c41bafa782cff130166

SHA512
f24617c42c24d6b62192e0d7a41baaebd5159d7a713ab76554d6e5702fd4c0a53912bac15c42707b48585b80bb745f3c29b3b2a4d8d2eff0614b5f12c16cb08a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\f8fa3a73-bf24-4de8-b545-37a8c60f5e02

Filesize
671B

MD5
3608594ee1d8fbae5fc1f37b7f79310c

SHA1
52d7a153914c2a401c63b498e8e690d387fa5848

SHA256
1c19139aa9b2bb318e5d8a83a342313797c7227d58bb8938ed2a589ca4059cf7

SHA512
b64b6cd8907a2e62d91501072cb5c70182b046b8a850f83fde56c1fa7a8076195a1d90aa9f5915b8791ff69029ac87fa977ffd3b49402736a16874a66e6f5605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js

Filesize
10KB

MD5
5768c9db1ddd33e847cddc684d447297

SHA1
c3e5467f6eea920007b9f017a87fe9e838af03f8

SHA256
a24eaf4894999ac1f24c57a7fddb0588f88b57dfb5d8fb33487cd99e7203d907

SHA512
124f7becd9e64194bec5aeb160105bfb4ebd3914849d4273d995e07fbe97896027f2d1a8d72b4c4a16f543398715f5e994369432458da4639c2a6f1944cdcfe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js

Filesize
16KB

MD5
9291753243ab2f55a558f26a292283d8

SHA1
6fd215ab5503fd1e025aadbb03bdb508132d1273

SHA256
284e375e763a8c208ab234ee8d733d14b921d8557966c037a93e57609fa43e61

SHA512
69713cb65563974eb17954d938d43586519ee37b47c4149602d3866ab8ce3305a798c555764044e6f85f75766759618bb13b3cc9eae872aaddec5280eaf99d11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js

Filesize
11KB

MD5
58cca6a2b92af1a5dc416b000120eabb

SHA1
e9067f770541553ba38edf5938e928ea0af48f50

SHA256
d6c4c50cb6f5084fec3881efbf5bcf0cb5352284257b523e68dd279496b298cd

SHA512
af83f96a214d279def8b51832cf8d5d9c14e721d797c12ab6e4a6ca65f1089bf42d31c5c254369a773845f3d882479eb89fa0e70d335260d75912fac9b1356c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js

Filesize
15KB

MD5
b0b202911bacc3e8e01b073b5d399d94

SHA1
6b97c4729e349fbcbc2cfd8febd86ccb2ee285a2

SHA256
4eff925bba93fa89138574e0ffea60821840adb4eeadaec5da423e821dbe858d

SHA512
0b315faebfcbaac3843603174d95da13e92d40bf66850ab08048c54287b60b1307acc71ff35ebdcd594b4f2b947bd50b4fbe6573488408c0f1076f37e8952804

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs.js

Filesize
10KB

MD5
eeba08205e37c96d0cd827c4c52fa1ee

SHA1
e613d220aa3ee59f244eeb3c3168712ce2d03ad2

SHA256
c6c7eb15ef41404fbd3db5ca99cbeb52da54cb6d0c8d05e4abbb31afe103693a

SHA512
796951952ad013868cbcc160e51e05888fb1c61a9a8781849733db058ac251a09eb892d163aedb3b8c897b19d56d4257ddaab0608493b4d5257f16d3e1e1e71a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
2cd814a4032d87e224b4187ab5a1e47f

SHA1
6e819710e35e3bfe7ae91fbdcffef15b1d46e300

SHA256
da41d06dfea25b4db8f076cf9334b75024cbd0509e020ed9645bba1627a19602

SHA512
33369ec75472c636b2b03fc85b9489b2f543837530d95d171e3eadb73648f4cd5ea1ff5d2395f148520b2c4c36706e60fbcb29750eb3f4b80a81942be7399a95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
75ca1d63c0c6c3deb23f84791ae42b03

SHA1
84a286f575e8ced32d411c1c9977a1a9191bef09

SHA256
11d15f8d2b298396debf3d87196719a218cb3f0a83538ea65dc70c4d62d928a8

SHA512
63ca68e847c0778e30158538f99bad0f30f42c7d451bb418469b4ea43e7854288556f6910fb81af50aba8631266ebe8a0dff1bc419aa06bf24adac6911d2754f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
abf23b337bb3fb890ce1cd1e53ad60cd

SHA1
3bfdf9564446c7069250a3bad8ee3c0579e28d1e

SHA256
f4d772cb4372867e3e7aaadc70a7aef95dd62ec086f81b4d32da483c36b97aaf

SHA512
1876f4e250666e5b1857c63333c7cc727cd7d2f2e9e00b09f415aba2b20486f6f6bcd1182b41dfe7f8ec01dc8dc5a53c8a3a028c8a17bfc12304eacf873fe98d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
740f4a48c8f6ebe9a1429ef00a77f8e6

SHA1
0e28cc6124a9e758efd7d2fc18815718b722773e

SHA256
2db7c6c2604637405f6875664191b70c99981cf27c3d16c204d3240f19eff912

SHA512
7636a00d4abbf5eff3b982df6d95db1ba15d276170fee4472a434dbd12d1a527ac39b2fd66b0e37a0b5ccb94cf5bc61beaa8fd212765228b5a951b64cdca9465

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f049a40a18bab0154f10b7b95c06eded

SHA1
530cf32e1566829c5f6f45af6a19c444187043aa

SHA256
24d287f03ee308931b3555383fba98c462d75ca424a0abf224b0933f0de93377

SHA512
8a12acb5cd64dd67fd84ff223f6c3b8a8283eba133a1665ff09fd9df8120abb62a51a77c2eb37573a074662606bc802f7663a2b1febfe8c118c0cafc12c7c09d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c15e4cd179e456da1ca0092bcf089c55

SHA1
c702fe3858bfcbdf3de8b57166f45d1ff7a30ca7

SHA256
a4a9c84b5bccc5ba806ded74cc2571b8417f358b6c6c9ef9a7229b5a6cc87dea

SHA512
b83d1ed34ba6a080d3dae7d4cbd574bb2a8f3130071016f39db0735517b526819c34849ced417457220d9490e533bfcda0e0e6c63d8805e4b4740a68e10d8ff6

Download Submit
C:\Users\Admin\Downloads\0wlIdWOA.txt.part

Filesize
143B

MD5
510b3ce5ffc56c6b2201b1cd96f0e224

SHA1
f726989e326d3c0c735f36783f31f7cbcca560d1

SHA256
d8d652579039b4175a95ec1c01418284bd25c3ce1508a4bacb17ba633f2162cf

SHA512
db86b1dc354fba869a6360c764bc4fe113470ac21b7ab09a7d1ba95779a4e43ef6d7b578e9315122322915121f890f5d3b3e6381f3607ab58ebfb668216fd61f

Download Submit
C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4.rar

Filesize
48.5MB

MD5
21cd99c9f51957e18190888bb85f3f81

SHA1
a41811b63c5d76a8bcf6d845e7971aafcc64e861

SHA256
8faca650a58dc888e1572003077a4bfaf95a955619c9ebd6ebf901461d7c1878

SHA512
a0d28d4fe28bbbb10bdb889398af160bedf4aeb796358647ee5016b4e74773833f833316d39623dc8eae6832230257cabeea987ddd939659d68382ccc7ecbbf2

Download Submit
C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Readme.txt

Filesize
102B

MD5
90e9e812643f6c6dedcd874a77feb0b0

SHA1
1af3e739819f25943e2d6725f3c91310dd2ee025

SHA256
ba4b635d2804fbdf4f6b2e5d19461389b83ccb91510971f827bf0c8d06bc8aa4

SHA512
b71500b34f84d2fdbbdf79a9fdfcf9532378ea21503edddad1c9a7f072bb405635098dfbe718a1d5de0c148334ef874db3b1429be9328fb41a767ec5f0186cb5

Download Submit
C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\Unlock_App_v1.4.exe

Filesize
368KB

MD5
210db5e5a7134750116ac59759272548

SHA1
843f55b07a3431e2e7da1fb6c2d50dd274e7c63d

SHA256
e5394a5a176beb88c9b567a407df944218889ed97bc52ecd20c20a92231afb4c

SHA512
51c05e3f31224e74b9e46bac0bb378be08fdece22a41867f2e18babb40d9805b57284249430f17f78ece4a29bf21293810135d3b245d0508fba21f92dbd6c5ba

Download Submit
C:\Users\Admin\Downloads\Unlock_App_v1.4\Unlock_App_v1.4\locales\resources\Data\level4.resS

Filesize
128KB

MD5
64d183ad524dfcd10a7c816fbca3333d

SHA1
5a180d5c1f42a0deaf475b7390755b3c0ecc951c

SHA256
5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a

SHA512
3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

Download Submit
C:\Users\Admin\Downloads\Unlock_App_v1.GNdHBFBJ.4.zip.part

Filesize
48.5MB

MD5
fbafc6ace60af2a1bc56d98d90d114bb

SHA1
754bf3f3654db1810aef40d34de0dad69c9ea4d4

SHA256
7a4d4a2b583416636a2fef65c73f86df94a56039e5c80dd18d96d4130cd07e0d

SHA512
ce0643de7721aa53ae65eb8d381dff25238e06ef2845e461e2a720db5cf85ae63224b64ea8d11c5b1181d02cd04ba24088a48199285477dded8b5af44126ff05

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.e0NqcIWW.exe.part

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/2912-4122-0x0000000000400000-0x0000000000639000-memory.dmp

Filesize
2.2MB

Download
memory/2912-4129-0x0000000000400000-0x0000000000639000-memory.dmp

Filesize
2.2MB

Download
memory/2912-4130-0x0000000000400000-0x0000000000639000-memory.dmp

Filesize
2.2MB

Download
memory/2912-4120-0x0000000000400000-0x0000000000639000-memory.dmp

Filesize
2.2MB

Download