hxxps://drive[.]google[.]com/drive/folders/1EOUcFDCFBT1j0-jnvWnHkHtFeGmEjMvx?usp=drive_link

Analysis

max time kernel
892s
max time network
894s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1EOUcFDCFBT1j0-jnvWnHkHtFeGmEjMvx?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
14	drive.google.com
139	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
2436	msedge.exe
2436	msedge.exe
1192	identity_helper.exe
1192	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
5732	msedge.exe
5732	msedge.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	5712	taskmgr.exe
Token: SeSystemProfilePrivilege	5712	taskmgr.exe
Token: SeCreateGlobalPrivilege	5712	taskmgr.exe
Token: 33	5712	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5712	taskmgr.exe
Token: SeBackupPrivilege	5896	vssvc.exe
Token: SeRestorePrivilege	5896	vssvc.exe
Token: SeAuditPrivilege	5896	vssvc.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe
5712	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3920	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 3204	2436	msedge.exe	84
PID 2436 wrote to memory of 3204	2436	msedge.exe	84
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 2300	2436	msedge.exe	85
PID 2436 wrote to memory of 3188	2436	msedge.exe	86
PID 2436 wrote to memory of 3188	2436	msedge.exe	86
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87
PID 2436 wrote to memory of 3688	2436	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1EOUcFDCFBT1j0-jnvWnHkHtFeGmEjMvx?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2674606043111184509,6414794358265282641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:5748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte3fb9737hd66bh4a77ha4b2h15fe03c30fd2
1⤵
PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x98,0x12c,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8556779526040685165,10208467472229284432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,8556779526040685165,10208467472229284432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6116

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5712

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1648 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2906f278-946d-4887-9460-473bf7d915ec} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" gpu
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02c84e8b-e65d-4a47-947e-b680fe37841d} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" socket
    3⤵
    PID:4788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3096 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60acc96-508c-43d4-8332-cfa8e453d13a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4304 -childID 2 -isForBrowser -prefsHandle 4112 -prefMapHandle 4296 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70ec69d0-2a66-43a9-a5ba-0f767c459e4a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4700 -prefsLen 33278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cdfc72f-f2bd-4558-a788-1bb99181bfc3} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" utility
    3⤵
    - Checks processor information in registry
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 4284 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e28068d2-1ec0-4640-9d7e-32994b6f0f40} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5264 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24563bae-95cc-4bba-afa7-a821110c796c} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 5 -isForBrowser -prefsHandle 4876 -prefMapHandle 5124 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {712b3df8-040d-427f-b8c9-5f357dde3ec2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
    3⤵
    PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
640843f36c7e0e57b229451aace48cf7

SHA1
970a64086d506096eb81236ce8a97a783d22c348

SHA256
f71b0a14050726d5d13387b262c78cf327a0f7b9deaf07b1ed5c09b9787dca8d

SHA512
610f7fab554bf7ff556e9fd72f4e84cda62d42f500d129bb8cc51627d4c97dd62f1ca38c155db1edd4821f75c25e76aa8348d08fd722c9c296a19126f2d7e89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
763073f7dea7d6cb247c3c08eb718856

SHA1
27dbbb6008c89ca95ed5f98732b7dfd99fbf2a9e

SHA256
b97f63ffb84ab0d037d362785c98092bfdd31f083b4609045fd8f3f39022a819

SHA512
0b89f85cd535d5e9ff5cce26059c61cf8db8aa591e549739aef78c738eb25a50dee5a74a90b325d09c88935e547cfd0a19b02f96fc9d187ca5fbe2c9f85a671f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
60f72533594b150a57297dcc38ec80cb

SHA1
3d30e3127142aa9528cb469ddb62ec2dee45eef6

SHA256
ea7016aeac6253bdeb5d7b20da09ba78ea3b3a0b99130cf766b709f6868bc03f

SHA512
d137c3f2adee0842b87f3a778ce4fbb9f8a84d9b447e3bc70e3a94b2f3de547ee1dbfc9acc4307bfb7928ffe914b5f27debdea99efc4486ff2aba9251c0c28d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb531fa2540cd777e2ba09ab39b3e260

SHA1
6f63d28b84a2704090bfe4df5e40a0aba204d65c

SHA256
71bf929901d04dbf64ebd561e69e8705d46a51474c7fbeeac454c3cdfae015cb

SHA512
5fc257a8a608190ac655d384b3106880c326f467670174c87f1954ddcfdb2cb0c0c7de5ea2cb422d860409b49ea75cda17daf5f70fc4f7eb9a1c787d9b396053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bb38aaf3f8561633f00f5d185bcd291c

SHA1
b1b17033410c83be0269d7b5103925e8a8f3110f

SHA256
91ad41d6115cd2623f40c2ea422125cc336217ca38b0dd17107a0e4f45b06387

SHA512
683689a31125a2823eadd4ade503a3d0e3129444f62e9624d8fe9e736d6328e37b7b5cd12b2461c131579bb1b6736e33b58b6beaec3efbab2affc2c5fb2d6ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
edb9b92bb619e8d8c74fbdbe465b896f

SHA1
87bac68748e065f429e9ee1bb2a4d9386e129ecf

SHA256
c9d99a67f81b5f9774e2bfccf497af004b8bcb8422b4c21e1dccf46a1cd1c38c

SHA512
fd01e0b296efffcebb4c3be2edfee845b4f5f4e73be9d096e0e464864807ada955f22baa503f6a53e4fe930c8ecda57a69b662205325e0f6ece8e47fc7a2d2fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a3f3d241037413beccad18d4ab7c2a7f

SHA1
c480b78d323f8d422f6971b7f85b4a5d09c13276

SHA256
e5153495b1b615362d3baa60946b08095a299c47d4819a427ea327647574ebea

SHA512
2679d70f32591fb4069812936411ee848588a7ac6e8ad40f5be278497e97da0cf36ef5831488ab32e6fe4f80a1565f06e97066a6e67a081d7e08a7777f62b94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
395e4ec6a22ae1f684dd69b64c29c170

SHA1
9e652633b6ce7ae702958ead1b84a801f79b39a2

SHA256
af20928fefb890050fc4e0286607ed2c14af9cae830f39216ee4603c7778fe45

SHA512
d5a09436daf230d1453506f78ab8c0600fc3f8153a4e45db75f61aa1a5e69e22e22573bdc31c2b8415d80fb0d0d0e6595f8b74b0382d1f21bbc9037a76e3749c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cd6b29ec241d86f0e2875790d6a82c4c

SHA1
4ed8a6e916cb1768f185e5d20c32ba6511f93789

SHA256
68575dc2b3fb56bc6a135b21a74b10bb8ea07df59fdedae295abd3bb4bdba70a

SHA512
808db3c8a03508ccbef60e7fbb3aa79d4c90ac5367d408c75ce13a55d54f855d7041d8e75633d31eafd3298285a143b06357c56105b7e759fda4438c1d185c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
863ae2f26fa354d83bdc39030c24b6a9

SHA1
41856b11e2f9f11479a8246e5d478e5b05fe85d1

SHA256
c09da9ad516316d84f43ec19db3cc092786eac5cb416af118b4491df8890430f

SHA512
09a5b0c27e0d71e2468ab0e2b33053cba23403ccc0aa1a8c85b586b69ec6b957fd766e087db16235ca9c80c4a18c3e7b9b4ceb78a8e459f7a60b9079b68f985f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
24c7d43bf0a6a40e30462c94b8b5db99

SHA1
dfbf65f4facf401b0496f3e99eb7075d8afd13bc

SHA256
865c055a211c6b12c4f893cc1e9e90e9f3efeaa330c88883a230c2cbcc12bd2d

SHA512
d4fc23e40a6d2dadec4c62fecfc7111d0a049be3ea1713d36947b68054dc13753677ccb6f698a8ed4c1462b8b56f17958199f018f75c23a98c1c0bb53cc753e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1647a646a592be82803a805c011ac4e9

SHA1
9e90a0bc0f3448c37c01f4fae5ac652b9adeb45d

SHA256
de3185af154329af591d96f54feaa47bdcc0cbc00397d90beb5f6609f7c40716

SHA512
70688a7592d5c2d3bfd781f4d1ebf1b371f2a158faca2c8bf08372d27ade39ff74c4c6441a650d07beba53b1fa0ba606de1ac02f995787066aaa8ab9bc7c7238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45fec14bff76e29feef070e961bf20b8

SHA1
04fc311ab0b6801b16d9d0afe46e0088c86aaad4

SHA256
cc1920f340b955d0db3c84a34161eaf5aaa155c2d9009905d5b50fcd19a88c04

SHA512
71797c9cb0a5df866039aafb347c8e4de759328664208a236b13490f0e3f958f6eef6a2fefd8d29471f390f707aac199541eb98c4eda63e2be59a1c33837a009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00960f2c9254545051f6ab2625d0fb4a

SHA1
665211838e226589f0ad2c52894a8e9c53f5d5da

SHA256
19519c2e11f876d2494d457399305d4280bde165c3dedf68025460c1ff8e4cbd

SHA512
b2170ccade28d2fe51f0c5494ee175acc39a4d35eb8ec930015ba5abe18b9fc73b5c7be467f6efc6b284c100c93c87daf64442f3eff606896a47e46236cd3efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e0ae8c907ebaa3dbdea294f470e0893

SHA1
37b7445c4ce088d40592bd8a5125d1160bd0c463

SHA256
83a5213f085bc4c4e011db50849d81ba84e38a3fcc33bc6f7c81a9744122bb19

SHA512
bbda104c3d7d738dc12f49c813cc06382204283cb586d6c873ac37dd7ee81e3f127e644f74c5297b812de6c9b905759c9ea193878dedbc8e8287eedca4d14693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4233ae7a0d08c875b145a4ed579bddae

SHA1
0873c85900a8be7f509f6958ade14b23444ce91f

SHA256
63eed7e4b5a6b653a306c45299a9d93fc15d3080030cd0be82d71005ba7ff803

SHA512
5e008a82911775815a54087a2c61336180647fbfa587f21adb52311890920cc097d1025b79ab1a31bb21e6d335cb13428ed198bb8a988dc485096b8a3254dc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6a2f9261ef9e58275789667aa17bff1

SHA1
fc45aeec95cd94dbfb42516c5c2e803661b85fc9

SHA256
37dd1122e7e539e19041a0003fa90bb429a1528ab19c255bfcd7bafc5a888806

SHA512
ec82825c2d23485c7633e6e6d472a7e6cb7c9943defbbb1fb33f649b157aecf55263980b0adc09becc0493788f4c00b4c369ae3ab893accbaf86762dcbbe61e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87323fffe9acab12d69f62e9a08b287f

SHA1
f4eda1ac039dc8b93b1652650f72734f25e5ab43

SHA256
4191814066df28865613363d94b21b70d31a3106930dee29d51da08b4d0b57de

SHA512
d4a3f47bcbc746865a05dd3c79c5871e746caac86e01ae1d8bf47bb057d470e540eaee2e9ea07932c1c65fab3abf755f747850e7f0c6805156c583b0f7f74fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
465363514bbf9a73d3d843e3fe8f4e85

SHA1
bee4b816fe79305bbbd8f3271b6bf1bf0564e8d5

SHA256
a67cf508f5e1ccb8e920faeccbebc38200dcc013e88ec1ee2a76ef2a7e834a34

SHA512
8c2afc0e9af1e98d9fb32270e10cf93dd887d2807c2ab6c3b686131d8f16ad22b82b066fe25557e4e70bf2e3d0da7973bf20e8258f824e8079a50ffaba905c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afc31417bf13e0402a5ed2f663493348

SHA1
c2a9833dd2210010a6dcea1341a058715ece25c3

SHA256
8038e41ad18fca5792f5bce3d9b6fdd3e7c4df7dea50c5a9f10d6a092e5d0294

SHA512
201f0d84b27c48de0e5468071ff1cf019f3998e92e7f32ffb083aeb28b108d8c268192fc8f6b001639e478705339b60388894082e72947f6230ca91594751e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d93d5d774609ca96690b44fcc479ab3

SHA1
ecf208da510f20872a08076ccb77e9e26e9ec2cd

SHA256
c3fb26ad1d8ff2013384de759dac46870db6e937c036e7696acb9e8cfd3e087e

SHA512
55209b0bae0cb2ba43d660c28e34508bca1f94bd772381cbcadc02d5db488aeb1f260444937bb0c8f072406f62601c4363ed8e8f853db53c433109a767a5e061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd4517a10ed98343a11bd03ab7133a0c

SHA1
8fab5f9bdd04da940ad4f6ae9b09bd34370d560a

SHA256
a1b2a4cd7a9f16e4152f632ee0246fe5189033203be7c31e486442f452ef1540

SHA512
0dd9b8a7dd7a972f05f067a45eb2b8a9d3bdd7879fa17cc4cb688e8f7eb834898a2e5793fb5e6e4a3935b0964550ab5aae2dea6aaea9b78c54afd5a887a0c2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe0499656cfa280a40eb09684eb50d5e

SHA1
ac4c66e2fd7a552387e24ee817012203726f6af8

SHA256
00ba1ed3385ee7664209583db3e0cce794b66b33742f320c9a56151f44e83b18

SHA512
a8136e1253bd6279029f3a25e754b83ddc218f40eb75cda448efbb311cbe29b427d3640fa36cbdfcd9d28b244d40d802b0147b8b74f36731dd50b4a16a11bf55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b92e.TMP

Filesize
1KB

MD5
69743ba59cb561790268a63eeceb5cad

SHA1
2c93245cd0b63a4cd1d6568202a62fd5f71d75ce

SHA256
b39bd6c35f0a3dc31735ab4384d49a0bd93de1d10c7418905aef90e43e3eb8b3

SHA512
267cccc6734e3e5490f5d1d56d2e3c4203083c0c2f79558b76814b2825ffce6cf3306f2786069d4782d0111879e6205281c9083175d2d87bffacfccfff7f3082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c2160249724beaecd1a936a9bf291c7

SHA1
b23450128e4a4a19b0f9b11ef2769cdb13d67fae

SHA256
73419f8935166f3774e8f58d5fa67282cd4023630f5c373cfad1d7bd5ba2e7fa

SHA512
37925b5f15b4094776bfe114929e3e8a6b263ed4d7773517f851b3872856c35c680b68d817adc64be89f278c8509596cad2796ba7b3d46df65dc0b933f6a96ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f39beb458dc65a193a60237ac62c13e0

SHA1
d748bca2639349866a77af49a7f95c4b3f930500

SHA256
4c35d2571869467bdf6c3731f0f6802310eaa16b9c277ca031b38eff53574637

SHA512
c6bd7f4ada2407b87c14d364f0d7794d58f4a677def018e53e537b70a77ae3017216a5df55e2ed1dc4bea7640908e5b3a162a6ee61b56eb55ff8b726201422ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
edd5187a23a5671cc47e116db9da2370

SHA1
3608af6bff44cff4d41e588beedb816f618cf444

SHA256
0bfd009d49f5558f3b45e26602337e5ab7d4c074c40b43d20997162b9b79007a

SHA512
06865bfcc22e5ea6a502f174e29baf6b962e270875b5f3950ff8d8e93607e93a87a30bca00fe7d314c376d82c39f0a7d75512e34c308de5d62cf2ae19c3b4141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47ab18a07f6eb52b9487238c26e15715

SHA1
bc9cddc03dea2fc83a93a34ab851ae8e587a8961

SHA256
75c74410677a7a2022ad64ec3bfff37e1f914dc486a822c8968d7975d8a68aa4

SHA512
d60dc1af3c2438794484f0adf70dc6a4b1c24f8120e5ffb06a8435bc0a49fa32cc8dfa905fa960fbcf1e5ccec64f2d2372965abd4f10fa00ebbaa87927fc7e19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
f7c50712505ee670ae68dbd200884bac

SHA1
b9f3216a851815715030ef54c915d36628d528de

SHA256
d05396bea35f9628ea2295f59da04812347f2bf8cc832b684bc6ce9c0ce7475a

SHA512
98ece53916241a92eed064670d241c51cc1b9f0e1cc23f72345895ab8f74433c2b37ce9e4498c0d6f3b6afc9b342335da7686f1a8e071b2b9d30aa55407262e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
e1cf7ca4c53a82c878b987939c49f95c

SHA1
f637a5446a914a98a0a1b4cecd832e7996048f3a

SHA256
949d9da2d26b2bbb9af249547ab1c33a6b26364000c7ce6bd0c24adb8d51dbce

SHA512
23965dfca787e80ce8e35e931961bf076f9425cbf9d2911574b1e6bef0a1069f8eec2a9b8b95a07de11d94b8a29aefb447f7fbe119ba5262a143bb4c5a595b9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
4b73d94ec78d0997d1f9f6e6877e22e2

SHA1
bd18d495f983e3032fd39aaf8051cef61594c70f

SHA256
40bc9956b4a45d60aed19705329fb924f89b117b9dbbbbd61329113d9c482e8d

SHA512
47b70ad3a23d533bf11558ca6f67629eff1e20dffdb70258aeb6d655db27aa51fd5011629070f51c6fa971392e22fbcf6d1845920f8417236e16e422fd5e592c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
8KB

MD5
59cf222148a8d5306fec8dd55dd43c57

SHA1
0c52685395e87ef21101e1714b7703d19d7540af

SHA256
72c53a18c55aaf9a8e02aa927389764f00d2fc3cc108a9697729c311363f4a2a

SHA512
a469f5151d9d6a8af72f947f46d22a86b1ef7c285e9e54b9164a4e607993e0f0d9fa71a653238fc18a3b81adde0f05ea9214e5bd4e7df1250d46c130afe468db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\bookmarkbackups\bookmarks-2024-12-24_11_ZrdYzC-eJDxPzl9eWEGoog==.jsonlz4

Filesize
996B

MD5
faec8a82c35d6bddd9b1d7f4a7c68dbb

SHA1
518f8d9856574fc11d61576a2980fec26cbd7327

SHA256
c173a9013f78ec791bc1617ce873f96299c46c83df700dfdd02986b08de89e84

SHA512
20f8627622f835c46f59f44e6a5f6cdd6f20d775f3a6ab817b0489de7cef6e5be0e9825fa56787e19fca912a5ca7c1ec3332e0a7f5008c8c2c8970468082d2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
967629869612aca46eb0b78e67cbd6bc

SHA1
42a419169a82312876d89460759b442d045f58bc

SHA256
e8fc49bceb8cabe078b959b72a3564c44bcee544ebd5ffbe01555acabee9d35a

SHA512
8d918d1c55ea171a5a94a63a61afe5181c41259e9ac98c4769292aa1c5f2ca6b8ea13c0eb210a7617438cf388291514cb1a3e6e69ff5003ea23b7bfbcddab2eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a2650e76379c00014c0477cef752e0b1

SHA1
d4bedec493888bed20597b3df1d6b0c8da7bb7f1

SHA256
fa2b4d997a73b300bc9b32149899f3a9ddbc2b90845075f0c8146858e36a4254

SHA512
9e9e6b75481530c8e72e532c1d50c41647d60650fcb5c4f03803110efe979add5babe02469796b60f2e325eabca2500fe23abbcdf74dcfbfcbb95c0bb5eabefa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
872e823caa5f2fdb402da9bf28cb3eab

SHA1
afc4dcb0fb1f65749fc2a300027f713374310a37

SHA256
bf4bc2076717b043070ecf2bafaaaafaee7ae7c4a71096f00847e784448ee840

SHA512
0f64fce4fd5ca65ae8400233c29b9e3c26283b6574671b344d05ff5d4085b4d1fa6dfe2ad878f3084cf372747f87b85cd356411c7d78751ddd7e6171025159c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
e87d20e67ca8501284833143c8f92b54

SHA1
0db8aa52195daf5cd91ad32ac429ba754b60ccde

SHA256
041b7083c36292bf9cea13574b01c15c0ac05c8259f0189e6918e4a20476d14e

SHA512
d8df0c3b4ce74401d25d0950b54ae5932f666b9e347feec2ebe65a1dec7e899a6233179f2d143e7e463817495e1c1564972b9e300e8d79aed5e36dc56aa4b8d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
944922af778091cd703c80bf9a099617

SHA1
2b22de2f18aab0abfe3870c412da37b6b48b38be

SHA256
bb18a3e013b96906fa6ad02446c7cb13c28537286e1fcf339b95d795d62888d4

SHA512
b3d29131ac75b326d712b0cb28a45f66b0e66a14754d3b2c905192289133bd361250fe7059caab391e2aa0bf5e99252d0f8207e53266e9ca2dc72714a9022cc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
66b4ee185e28d537bcc034285a448ab5

SHA1
74a5352fa90e5272ea5bc32462cfedfa822a9332

SHA256
e4c9999de47d5c03c89ec649f3ba2420288e0dbb6fb4e18c16e8a16dd16e3c39

SHA512
a5c15803a8d4f597d5aaac97683fde2d6dc079376c108aa7ee58e0f6a6a2ecde9c039e834e1cdf28cff42b687fded9d605433d482f9ad6d30e1986cd10f7e9ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\3ffa45f0-70dc-43ef-838e-7bcc21c7c396

Filesize
671B

MD5
39374aa87a76b550069d5624e138bd14

SHA1
69b704a57aa5a244107fb8ddc52fea058c0a9f7f

SHA256
90aab85bc2384565a772e72bd4edd2da94d3655299c94c5c721b38e37f925c1c

SHA512
b92d392642f798d76974440d7a02de77e2e0836b8c6a6f7e68fa5f829ed8a0c1487abcea80f6bbbb777c67f346abc9ba5adf918777a1700cf89e54809ca3832f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8c8dec81-5a32-427f-9605-df11559b10d5

Filesize
26KB

MD5
fa2fdf04e7d017d56cdb03b94602df7b

SHA1
ae73e2b679e8e09947787f5b78ddaeebf241108a

SHA256
751892ef961b61d3d754c3b0583d9ca8c803551b9ae15f5953ae643ea4b9ed72

SHA512
2071e778f926ea92a1b9569d5e094a2e8183da05b61aac7cbad7c0618b5685c81b972778ec9114d22978f3fa87850c2a6d293b428eafdf42ad61016c737162f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\b0b848fe-f39b-4983-9c8d-cef9373a1cc6

Filesize
982B

MD5
8ae7b00e2087a9e0843f09f407b95464

SHA1
5eda7c351f6d1c8fb98156f22b061daf552f7d75

SHA256
44cbdc8504d428a377a8581e942901b67fe84091f993dbcf31b7b6e405807aa9

SHA512
cd7c5681d977f4843554f20007cb82814b3876b7c186d34e84d229f4150208b4d1b787c42ce1bf03ee0a4a0ba42c534a1bfebfa99999625560f4640c58e30e58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
4b8a2e2ba3af4c5716841f582fefb9b1

SHA1
5400b8e9b8784c67770899d5adae4da911016bf3

SHA256
85ab0926f5c0054ddde839cf65d45eb2dd08ef29fd0862fe7cfeb67768f71478

SHA512
80e93bcb15330eac6601688d345de91606ce6dc71ad5c9cfbae09a92e345284bb08d2a65ed9557f7c3c01b1a58ed7a07bb754176212922722f4a7581caa19b15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
0c2de04c79a4b1dc61a7e635e116260f

SHA1
f5e0b2da7a75d081dfefbbaad5ef1120073d1d7d

SHA256
44eb45960c0b9d7c4b9313454ebc5f506088be58c70ce470fd41291a528b9b3a

SHA512
433cd42faa00ac11930697f5a9eef5abb3edc7bc83dfd0f8724769164877a28cb02ea4820bee4e4eee3d2a1f111c2f1c9251ef7b78a78459c97c68549ebcd70f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
82c047926039f7d1f21d0f308cf73a4e

SHA1
719dd922fa84c9053338d0cd4443cd22fdb11d6f

SHA256
b20e918a84ca5811a13db10122347d84f7fc8e3609463a75eb0d935830b0ca0e

SHA512
b423ab3e0403a6271b7b554c07bf77e40140238c3521916b05d8215671e69c8660326c19e3824a092fb79307a53dc7042e7c64121465a7751dfa7327c9b52aa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
9906afd057aabcddefcfe7ca16aa6415

SHA1
f72235d127737c70419ddac7c070985d25a5202d

SHA256
791a2b05fe4ee97ddcf88adb055fd810728befeea4a7803dd9d60fd97c8bc3bc

SHA512
d804ade329d6d5ed982d8fd37b204756532b33839e08838eaabd5be5727a3647394540d52dbfd8cd77e66bfff7597a3644799b3ea3b1870cbd65f3b0112b54c4

Download Submit
C:\Users\Admin\Downloads\Ny mapp (9)-20241224T223059Z-001.zip

Filesize
1.3MB

MD5
a4e5c7932d08449ba801fe05fde06d7a

SHA1
21f11a4f1a184d66a820759905389bdb5da6b6b7

SHA256
e611c1525f6f6f06e7d442e47e09077bc5099579d283b30c7f6b86831f746221

SHA512
d802b0aeef67603feb83c55888b0569db3defb14d485fe53fdc0f77f4a6439f5e1fe8031f2a0a60785e0fe40ecdf748dd859e8de33f5a91fefd816b451156d51

Download Submit
memory/5712-231-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-226-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-232-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-236-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-235-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-224-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-234-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-225-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-233-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download
memory/5712-230-0x00000214F1170000-0x00000214F1171000-memory.dmp

Filesize
4KB

Download