exelastealer | eeb3de266f062f785e8ef53dbdb4a28cffd4d4a18deceac6d3db2a7fc17714f7

Resubmissions

12-01-2025 15:50

250112-s9zcka1mdq 1

12-01-2025 14:27

250112-rsp7wsylej 1

12-01-2025 11:29

250112-nlkgaazqft 10

Analysis

max time kernel
387s
max time network
395s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyNote.rar
Size

257.8MB
MD5

b1aee388ceab10825fb4e9d8076412e9
SHA1

e2324002fe325e59d43753a833168239945564ed
SHA256

eeb3de266f062f785e8ef53dbdb4a28cffd4d4a18deceac6d3db2a7fc17714f7
SHA512

9db2f68b3d530674e82408653316ac2af5967eda76da594d9513d69d77c262e88f37eb5f7d18dec0ae6c1af8be4ce9fc57280668c5e2c4733518dac02018da42
SSDEEP

6291456:7imgnCyOvqY+Q63RHmrwW+psbYUtPPB8HaLHI53/xbMm6:+mSpOy6wkc69LHYun

Score

10^/10

exelastealer collection defense_evasion discovery evasion persistence privilege_escalation pyinstaller spyware stealer upx

Malware Config

Signatures

Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
stealer exelastealer
Exelastealer family
exelastealer
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
812	netsh.exe
3936	netsh.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
3084	cmd.exe
4236	powershell.exe

Executes dropped EXE 16 IoCs

pid	Process
4984	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
2776	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
536	SpyNoteX_Unpacked.exe
3248	SpyNoteX_Unpacked.exe
4556	SpyNoteX_Unpacked.exe
2192	SpyNoteX_Unpacked.exe
2196	SpyNoteX_Unpacked.exe
1532	SpyNoteX_Unpacked.exe
2268	SpyNoteX_Unpacked.exe
4036	SpyNoteX_Unpacked.exe
1448	SpyNoteX_Unpacked.exe
3648	SpyNoteX_Unpacked.exe
800	SpyNoteX_Unpacked.exe
2164	SpyNoteX_Unpacked.exe

Loads dropped DLL 64 IoCs

pid	Process
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
4420	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3248	SpyNoteX_Unpacked.exe
3248	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe
3660	SpyNoteX_Unpacked.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
304	discord.com
298	discord.com
299	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
295	ip-api.com

Network Service Discovery 1 TTPs 2 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2976	cmd.exe
3548	ARP.EXE

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
2040	tasklist.exe
1156	tasklist.exe
692	tasklist.exe
1080	tasklist.exe
3180	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3068	cmd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000242e3-3206.dat	upx
behavioral1/memory/4420-3210-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp	upx
behavioral1/files/0x00070000000242db-3218.dat	upx
behavioral1/files/0x00070000000242e4-3223.dat	upx
behavioral1/files/0x00070000000242e5-3250.dat	upx
behavioral1/files/0x00070000000242bb-3254.dat	upx
behavioral1/files/0x00070000000242da-3258.dat	upx
behavioral1/memory/4420-3262-0x00007FFBF7370000-0x00007FFBF76E5000-memory.dmp	upx
behavioral1/memory/4420-3283-0x00007FFBF7180000-0x00007FFBF719B000-memory.dmp	upx
behavioral1/files/0x00070000000242e0-3282.dat	upx
behavioral1/files/0x00070000000242bc-3296.dat	upx
behavioral1/memory/4420-3304-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp	upx
behavioral1/memory/4420-3305-0x00007FFBF6920000-0x00007FFBF70AA000-memory.dmp	upx
behavioral1/memory/4420-3306-0x00007FFBF68E0000-0x00007FFBF6917000-memory.dmp	upx
behavioral1/memory/4420-3303-0x00007FFBF70B0000-0x00007FFBF70CE000-memory.dmp	upx
behavioral1/memory/4420-3302-0x00007FFC0B1F0000-0x00007FFC0B1FA000-memory.dmp	upx
behavioral1/memory/4420-3301-0x00007FFBF7370000-0x00007FFBF76E5000-memory.dmp	upx
behavioral1/files/0x00070000000242d9-3300.dat	upx
behavioral1/memory/4420-3299-0x00007FFBF70D0000-0x00007FFBF70E1000-memory.dmp	upx
behavioral1/memory/4420-3298-0x00007FFBF70F0000-0x00007FFBF713D000-memory.dmp	upx
behavioral1/memory/4420-3295-0x00007FFBF7140000-0x00007FFBF7159000-memory.dmp	upx
behavioral1/memory/4420-3294-0x00007FFBF7160000-0x00007FFBF7176000-memory.dmp	upx
behavioral1/files/0x00070000000242c1-3293.dat	upx
behavioral1/memory/4420-3292-0x00007FFBF76F0000-0x00007FFBF77A8000-memory.dmp	upx
behavioral1/files/0x00070000000242bf-3290.dat	upx
behavioral1/files/0x00070000000242c0-3288.dat	upx
behavioral1/memory/4420-3287-0x00007FFBF77B0000-0x00007FFBF77DE000-memory.dmp	upx
behavioral1/files/0x00070000000242be-3285.dat	upx
behavioral1/memory/4420-3280-0x00007FFBF71A0000-0x00007FFBF72BC000-memory.dmp	upx
behavioral1/memory/4420-3279-0x00007FFBF77E0000-0x00007FFBF7953000-memory.dmp	upx
behavioral1/memory/4420-3278-0x00007FFBF7960000-0x00007FFBF7983000-memory.dmp	upx
behavioral1/files/0x00070000000242e6-3277.dat	upx
behavioral1/memory/4420-3276-0x00007FFBF72C0000-0x00007FFBF72E2000-memory.dmp	upx
behavioral1/files/0x00070000000242e8-3275.dat	upx
behavioral1/memory/4420-3274-0x00007FFBF72F0000-0x00007FFBF7304000-memory.dmp	upx
behavioral1/files/0x00070000000242b4-3272.dat	upx
behavioral1/memory/4420-3271-0x00007FFC04FC0000-0x00007FFC04FD9000-memory.dmp	upx
behavioral1/memory/4420-3270-0x00007FFBF7310000-0x00007FFBF7324000-memory.dmp	upx
behavioral1/memory/4420-3269-0x00007FFBF7330000-0x00007FFBF7342000-memory.dmp	upx
behavioral1/files/0x00070000000242de-3268.dat	upx
behavioral1/files/0x00070000000242b7-3266.dat	upx
behavioral1/memory/4420-3265-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp	upx
behavioral1/memory/4420-3264-0x00007FFBFB3B0000-0x00007FFBFB3D4000-memory.dmp	upx
behavioral1/files/0x00070000000242af-3263.dat	upx
behavioral1/memory/4420-3261-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp	upx
behavioral1/memory/4420-3259-0x00007FFBF76F0000-0x00007FFBF77A8000-memory.dmp	upx
behavioral1/files/0x00070000000242dc-3256.dat	upx
behavioral1/memory/4420-3255-0x00007FFBF77B0000-0x00007FFBF77DE000-memory.dmp	upx
behavioral1/memory/4420-3253-0x00007FFBF77E0000-0x00007FFBF7953000-memory.dmp	upx
behavioral1/memory/4420-3252-0x00007FFBF7960000-0x00007FFBF7983000-memory.dmp	upx
behavioral1/memory/4420-3251-0x00007FFBF7990000-0x00007FFBF79BD000-memory.dmp	upx
behavioral1/files/0x00070000000242ba-3249.dat	upx
behavioral1/files/0x00070000000242b5-3248.dat	upx
behavioral1/memory/4420-3247-0x00007FFBFA140000-0x00007FFBFA159000-memory.dmp	upx
behavioral1/files/0x00070000000242b0-3246.dat	upx
behavioral1/memory/4420-3245-0x00007FFC10920000-0x00007FFC1092D000-memory.dmp	upx
behavioral1/memory/4420-3243-0x00007FFC04FC0000-0x00007FFC04FD9000-memory.dmp	upx
behavioral1/files/0x00070000000242b9-3242.dat	upx
behavioral1/files/0x00070000000242b8-3235.dat	upx
behavioral1/memory/4420-3234-0x00007FFC11F30000-0x00007FFC11F3F000-memory.dmp	upx
behavioral1/files/0x00070000000242b6-3232.dat	upx
behavioral1/files/0x00070000000242b3-3229.dat	upx
behavioral1/files/0x00070000000242b1-3228.dat	upx
behavioral1/files/0x00070000000242e1-3222.dat	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2236	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00070000000242aa-3157.dat	pyinstaller

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
1464	cmd.exe
3612	netsh.exe

System Network Connections Discovery 1 TTPs 1 IoCs

Attempt to get a listing of network connections.

discovery

System Network Connections Discovery

T1049

pid	Process
2892	NETSTAT.EXE

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
3148	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
696	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3152	ipconfig.exe
2892	NETSTAT.EXE

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4036	systeminfo.exe

Kills process with taskkill 10 IoCs

evasion

pid	Process
2144	taskkill.exe
4204	taskkill.exe
4876	taskkill.exe
512	taskkill.exe
208	taskkill.exe
2284	taskkill.exe
4684	taskkill.exe
3248	taskkill.exe
4980	taskkill.exe
3532	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4236	powershell.exe
4236	powershell.exe
1740	msedge.exe
1740	msedge.exe
1528	msedge.exe
1528	msedge.exe
816	identity_helper.exe
816	identity_helper.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
820	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	820	7zFM.exe
Token: 35	820	7zFM.exe
Token: SeSecurityPrivilege	820	7zFM.exe
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	1080	tasklist.exe
Token: SeIncreaseQuotaPrivilege	696	WMIC.exe
Token: SeSecurityPrivilege	696	WMIC.exe
Token: SeTakeOwnershipPrivilege	696	WMIC.exe
Token: SeLoadDriverPrivilege	696	WMIC.exe
Token: SeSystemProfilePrivilege	696	WMIC.exe
Token: SeSystemtimePrivilege	696	WMIC.exe
Token: SeProfSingleProcessPrivilege	696	WMIC.exe
Token: SeIncBasePriorityPrivilege	696	WMIC.exe
Token: SeCreatePagefilePrivilege	696	WMIC.exe
Token: SeBackupPrivilege	696	WMIC.exe
Token: SeRestorePrivilege	696	WMIC.exe
Token: SeShutdownPrivilege	696	WMIC.exe
Token: SeDebugPrivilege	696	WMIC.exe
Token: SeSystemEnvironmentPrivilege	696	WMIC.exe
Token: SeRemoteShutdownPrivilege	696	WMIC.exe
Token: SeUndockPrivilege	696	WMIC.exe
Token: SeManageVolumePrivilege	696	WMIC.exe
Token: 33	696	WMIC.exe
Token: 34	696	WMIC.exe
Token: 35	696	WMIC.exe
Token: 36	696	WMIC.exe
Token: SeIncreaseQuotaPrivilege	696	WMIC.exe
Token: SeSecurityPrivilege	696	WMIC.exe
Token: SeTakeOwnershipPrivilege	696	WMIC.exe
Token: SeLoadDriverPrivilege	696	WMIC.exe
Token: SeSystemProfilePrivilege	696	WMIC.exe
Token: SeSystemtimePrivilege	696	WMIC.exe
Token: SeProfSingleProcessPrivilege	696	WMIC.exe
Token: SeIncBasePriorityPrivilege	696	WMIC.exe
Token: SeCreatePagefilePrivilege	696	WMIC.exe
Token: SeBackupPrivilege	696	WMIC.exe
Token: SeRestorePrivilege	696	WMIC.exe
Token: SeShutdownPrivilege	696	WMIC.exe
Token: SeDebugPrivilege	696	WMIC.exe
Token: SeSystemEnvironmentPrivilege	696	WMIC.exe
Token: SeRemoteShutdownPrivilege	696	WMIC.exe
Token: SeUndockPrivilege	696	WMIC.exe
Token: SeManageVolumePrivilege	696	WMIC.exe
Token: 33	696	WMIC.exe
Token: 34	696	WMIC.exe
Token: 35	696	WMIC.exe
Token: 36	696	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3564	WMIC.exe
Token: SeSecurityPrivilege	3564	WMIC.exe
Token: SeTakeOwnershipPrivilege	3564	WMIC.exe
Token: SeLoadDriverPrivilege	3564	WMIC.exe
Token: SeSystemProfilePrivilege	3564	WMIC.exe
Token: SeSystemtimePrivilege	3564	WMIC.exe
Token: SeProfSingleProcessPrivilege	3564	WMIC.exe
Token: SeIncBasePriorityPrivilege	3564	WMIC.exe
Token: SeCreatePagefilePrivilege	3564	WMIC.exe
Token: SeBackupPrivilege	3564	WMIC.exe
Token: SeRestorePrivilege	3564	WMIC.exe
Token: SeShutdownPrivilege	3564	WMIC.exe
Token: SeDebugPrivilege	3564	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3564	WMIC.exe
Token: SeRemoteShutdownPrivilege	3564	WMIC.exe
Token: SeUndockPrivilege	3564	WMIC.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
820	7zFM.exe
820	7zFM.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 3300 wrote to memory of 2320	3300	firefox.exe	109
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 4608	2320	firefox.exe	110
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111
PID 2320 wrote to memory of 1348	2320	firefox.exe	111

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2416	attrib.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SpyNote.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0fec22-a7d1-499c-b176-f7611841afc4} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" gpu
    3⤵
    PID:4608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30372a3-94a0-47b9-bb85-537152a0da6f} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" socket
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3340 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cf49f8d-329a-495d-85fd-6cbc4dfa5d07} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4368 -childID 2 -isForBrowser -prefsHandle 4360 -prefMapHandle 4340 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a27cee8-37ed-4d6e-9a0c-8149d260c35d} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 32281 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02f2717a-55e2-41a0-9935-d3ce579aa871} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" utility
    3⤵
    - Checks processor information in registry
    PID:1988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2656 -childID 3 -isForBrowser -prefsHandle 5248 -prefMapHandle 5244 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13f14e2-ef42-4569-bc56-7b00e1fa46ab} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {151839f2-b2a0-4884-b15b-568c7f3c7d2c} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:4272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0756eff4-b750-4fe2-b6d9-d81cb9301d5f} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6076 -childID 6 -isForBrowser -prefsHandle 6036 -prefMapHandle 6068 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da299761-ef8d-4aa9-a134-1be74f86b6a3} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 7 -isForBrowser -prefsHandle 6056 -prefMapHandle 2776 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e40e629-39f1-4e08-9cce-0900764d444c} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 8 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c1aa782-bc38-4dce-b4d6-05cc3659c949} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 9 -isForBrowser -prefsHandle 6380 -prefMapHandle 6388 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3963a53-e218-488f-a836-97e714844432} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" tab
    3⤵
    PID:3020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5000

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:4984
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:4200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious use of AdjustPrivilegeToken
      PID:696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    PID:3052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:1540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:760
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    PID:3636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:2956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:3248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4784
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""
    3⤵
    - Hide Artifacts: Hidden Files and Directories
    PID:3068
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:696
  - - C:\Windows\system32\attrib.exe
      attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"
      4⤵
      Views/modifies file attributes
      PID:2416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:2348
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2320"
    3⤵
    PID:1280
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2320
      4⤵
      Kills process with taskkill
      PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4608"
    3⤵
    PID:4324
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4608
      4⤵
      Kills process with taskkill
      PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1348"
    3⤵
    PID:3092
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3636
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1348
      4⤵
      Kills process with taskkill
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4760"
    3⤵
    PID:2648
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4760
      4⤵
      Kills process with taskkill
      PID:3248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5064"
    3⤵
    PID:3816
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 5064
      4⤵
      Kills process with taskkill
      PID:2144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1988"
    3⤵
    PID:5004
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1988
      4⤵
      Kills process with taskkill
      PID:4204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4272"
    3⤵
    PID:2784
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4272
      4⤵
      Kills process with taskkill
      PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4832"
    3⤵
    PID:3728
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4832
      4⤵
      Kills process with taskkill
      PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4460"
    3⤵
    PID:812
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4460
      4⤵
      Kills process with taskkill
      PID:512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3020"
    3⤵
    PID:1968
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3020
      4⤵
      Kills process with taskkill
      PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:2360
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:2984
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:4520
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:2548
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:3912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:3132
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:1156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
    3⤵
    - Clipboard Data
    PID:3084
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:1464
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:3612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
    3⤵
    - Network Service Discovery
    PID:2976
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:4036
  - - C:\Windows\system32\HOSTNAME.EXE
      hostname
      4⤵
      PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get caption,description,providername
      4⤵
      Collects information from the system
      PID:3148
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:368
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:4888
  - - C:\Windows\system32\query.exe
      query user
      4⤵
      PID:4196
    - - C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        5⤵
        
        PID:3648
  - - C:\Windows\system32\net.exe
      net localgroup
      4⤵
      PID:3528
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        5⤵
        
        PID:1080
  - - C:\Windows\system32\net.exe
      net localgroup administrators
      4⤵
      PID:2832
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        5⤵
        
        PID:764
  - - C:\Windows\system32\net.exe
      net user guest
      4⤵
      PID:1660
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        5⤵
        
        PID:244
  - - C:\Windows\system32\net.exe
      net user administrator
      4⤵
      PID:3620
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        5⤵
        
        PID:1564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic startup get caption,command
      4⤵
      PID:1112
  - - C:\Windows\system32\tasklist.exe
      tasklist /svc
      4⤵
      Enumerates processes with tasklist
      PID:692
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:3152
  - - C:\Windows\system32\ROUTE.EXE
      route print
      4⤵
      PID:5076
  - - C:\Windows\system32\ARP.EXE
      arp -a
      4⤵
      Network Service Discovery
      PID:3548
  - - C:\Windows\system32\NETSTAT.EXE
      netstat -ano
      4⤵
      System Network Connections Discovery
      Gathers network information
      PID:2892
  - - C:\Windows\system32\sc.exe
      sc query type= service state= all
      4⤵
      Launches sc.exe
      PID:2236
  - - C:\Windows\system32\netsh.exe
      netsh firewall show state
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:812
  - - C:\Windows\system32\netsh.exe
      netsh firewall show config
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:1944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:1348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:3896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:1232

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:2776
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1916

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:536
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:208

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:4556
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  PID:2192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\SpyNote\Documents\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbfb1a46f8,0x7ffbfb1a4708,0x7ffbfb1a4718
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10498420288705349633,11470464561764659169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:2196
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  PID:1532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4716

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:2268
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2292

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:1448
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4568

C:\SpyNote\SpyNoteX_Unpacked.exe
"C:\SpyNote\SpyNoteX_Unpacked.exe"
1⤵
- Executes dropped EXE
PID:800
- C:\SpyNote\SpyNoteX_Unpacked.exe
  "C:\SpyNote\SpyNoteX_Unpacked.exe"
  2⤵
  - Executes dropped EXE
  PID:2164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Permission Groups Discovery

T1069

Local Groups

T1069.001

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

System Network Connections Discovery

T1049

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\SpyNote\Documents\assets\vendor\font-awesome2\js\regular.js

Filesize
149KB

MD5
510a59103373da2eda56a2aa38a31721

SHA1
9778c6b80a159c2b3c7e9f7f851d58f0e8da599b

SHA256
60654b3e028f9b9b181a1810a28fef7e9fee7f947e98bb2d080ec5a91f38c4c6

SHA512
ed4783e58377935703dc3e39a1bc9e1d41937eb6442f58be23d9b5fa79057a3f3686cc6b5d37a9f696e166ce7e07cd8cb45b6fb79e6df2fd011395343592a1e6

Download Submit
C:\SpyNote\Documents\assets\vendor\font-awesome\css\fontawesome.min.css

Filesize
78KB

MD5
0a11dbec7b970d7b2fe35077191821ce

SHA1
4e689cf6288b4ff5859b9e5b96ca1a24a316e896

SHA256
6edf0ce72cd550405ffe98775156748c8ff50af0bf0b77c81f5ec67feb672883

SHA512
47ec4f4b654f08016f2d1cbe2383e06f09168f0d73e41e6034362024de4b7f357880635e450c95ad8ed4939f6b5fe73cb73cfade3f037993cbaa65ef0718fca4

Download Submit
C:\SpyNote\Documents\assets\vendor\font-awesome\js\regular.js

Filesize
147KB

MD5
46e034370673e789de958d8bde51a52f

SHA1
ce4e92c14746cadc0a973c11767a1b2f7c7af18a

SHA256
4db7f552d5a273b376edba38859dc8e6a0ea05fbd4e58e26161e3d51698685f2

SHA512
e3fd0a6c2389d030e5cfc38c6ea84ec9f7b812e178d6b66a2ecb77346935e0536977d909002a623e574b0ae411468150c82a6d4ab0c221abcedd4676a142ea4c

Download Submit
C:\SpyNote\SpyNoteX_Unpacked.exe

Filesize
10.9MB

MD5
829f3ae891b5fff962220d1d54ff44c3

SHA1
822d0aa1c05a518c7f4623fd1fb57f6689777b91

SHA256
4c12c7c4868624d82943a6458cd09fc99fd982639fcb4ed85bf4f932415163fd

SHA512
956120c8ba467989ac34b0edfc5972d264e95b17a365530dcae305749b1e16f4632ca37cd1e1b38d1c98b2440920a6b2896e416c200ed7c6f439129cd6abd22b

Download Submit
C:\SpyNote\platformBinary32\bin\java-rmi.exe

Filesize
761KB

MD5
cba4d8bf021f75d5e5ab9c07cb21422a

SHA1
71db149fa3b928a651c1e10e47baed579d8a9a5e

SHA256
a59a7fa0639158aefb35ee37773016bf8a386c814f1b93af1e80660617980fdb

SHA512
8c56201e1042831d70e3517e60e5f5739ed7433b3299b1e6f2d685a2ead8ebdd75e0efb5f0709e0a7334e21e4230c4a542dd6c0c9ae2cfe32b8c5f278dc5d590

Download Submit
C:\SpyNote\platformBinary32\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\SpyNote\platformBinary64\bin\server\Xusage.txt

Filesize
1KB

MD5
b3174769a9e9e654812315468ae9c5fa

SHA1
238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8

SHA256
37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08

SHA512
0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3f24317a260621732db8f9a3370fc1f8

SHA1
3eb2326f1d65c434366313102a507224a47700c2

SHA256
45d5edd15ff69d005813eb80b4f6083ee4dbd7573f963cb6091fe5f293c9cae8

SHA512
b2438367de8dd416509467a90b6319d0dc9029e847a7aa5daf301d63c6a308fc303e2160061822f52dd946898b2ee22697b40676f1b7e2ffae7342ef2b28f0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
09a2d9e5e91ae5afc3159c27310ed46c

SHA1
185ad706a2c29d05fcb713bf589b11a728c6cea6

SHA256
035ac3be0fbd59536c29fd980c8f91e6556254afc14e12cb208b21717fa03007

SHA512
bf084d1b0293a1f010f8acc55b3fd2ab4d9d3549dcea12b848a6d632737f53f438c6f6068334cc727218b67d30b2d4d04de5964aac6f6dddb4ed18739e36b97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
9e60751db3c2c5b6a54f6cb18f9a387e

SHA1
c3815742501bd3eb5456958d253c57fa48f14451

SHA256
376006f8fffee91ede6e6367fc46a81ad97568e59ede6bfdc1aba6420294d6d1

SHA512
e25d565bc4a56dcdb10bb2eb9daf4b031746652cfa55658f35331bc72b0dce59861fbb0a3923857a0382e1b0ef6f38022b13f34e84133567f37872738b12aa96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f7ce6560cdb5f783b2b7b06f2ed207b

SHA1
1d9114f82061eeee7e5bc0744ce4d25dbbaeed05

SHA256
e6e8113f5ebc288ec36a307ce0a5590e2de3f64a8ee40935d296a66c8cbfc098

SHA512
f2abd215235bf941ecf5adac1a66c7b249b144e05a82c6c14c85b41fa14fb35affbbbc409314aac38b43604e3e158c995940eddda6906e016e1737a5767c8790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
244afdb1b364410094db95bbc0a6c88c

SHA1
219fdf91f82ba1ec2be1661da9035e09e5d70874

SHA256
46475c722aa71e8b126cf0490055754dfcf18a101ed048d03243271531996be1

SHA512
16437cffffbfc83402d8b66d2b4efff5f8f66ece974dfda7e2c72cb614958cf82375ffcfeda868e00df1c85aa6b45ef968b2f6b28a22095035322d158389e447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88050dea0df87052dee20e4ca1422bcb

SHA1
ce391b2ee81423b0e445e6e740f224cc3df008fa

SHA256
ab565125c2b163c636c2689f5145bbdd97ad0a71fa224ac9903346fad520b4f0

SHA512
1cd6f0c61de3468723880414398de6e504970374a078a91407dcbc28002a6e737ab22928d2460ec53b06a839a6cab3c26da96b5e39c3cacccf6b7112bf0d44a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
763d50f72035e135f91bc9073220d5db

SHA1
76d780e5dcb213a38f691120ef923bc17c3f932a

SHA256
e6ead8c3966037ad363f6e0cbace3272d1872c091463aa301f8eb1b5fce23639

SHA512
cced6d2c2f8e7f72dc5618c9d182242e0432ca05f850a70b39f489bbc79862dd9dcbcbae3aa46a21c082fd803ee4c70868030ac3434ef8abe9dc9234044d736b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c56e2.TMP

Filesize
204B

MD5
b0c5bbde6f74f92085dad9537c00bcfa

SHA1
2054e11f8af6e7e86727bca0062c0c0c0fefa764

SHA256
5fc7e02eaa39cd5572809b1bcef0ec7bd8cb3f8ded089d86a5cecc6ed4e5d78b

SHA512
233302a8d01742610414f0b6e03cff4c7bd981976115fcc37da2d76d69912e9ad1a1dd0ae4d9aebb6ffb7ae463ea9ffe52e718d332325a8183caa9f8210d1456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3174c6b8752de9bb2e93dd30abfa679d

SHA1
8aaa9b601406ac9c0bbbe055a8a2b541366ca096

SHA256
ee1eef8f855cf62eea56d03e5df62e961ce04a6ab877a6ed21183caf724f4c06

SHA512
9253c75993a0a81138f7dc60ca298015b3c26a2e408cb10473570778f59797e30222795aae0583df1132f9b5764aa5b7226c4119fbaf8e5500b8d5f61c320cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6bcd85608164bcb7ca2b0026f0ab86cc

SHA1
4ee49e787c3db579f566374c02089fd9bc986d92

SHA256
150836bbba4dda713c46dfeace54f56e040b8a7052145c9c729838d51cf92e71

SHA512
ba819ace4fd1e89a9a2f2914a2b93c596f7cde07bed67b78a4baf9db9774f894b9fa3c9bef92af170ba42bb92b6659929fcf19a1673d8cf1c259609ff37dedde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
99e1ed6b47522115d296dc0722c81839

SHA1
4bfc9b81ea181aafaf49a2d6963e78a24ae35186

SHA256
72dc775d05c82a1fd9ed7914196871027bbe73acc7733fe1853a24659b187875

SHA512
8ff213a37b376916f60ac12d62c6f904cceacb47f6e7a4d76ad820586f6a0de4e4eb6de1a661fb56954d281c10a05880993790a0023a26792ca11d9173df75dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6751EAF940B45945962F07B498AEF7F97B121D34

Filesize
17KB

MD5
945557494df7638fbcfc78542c276ffc

SHA1
39952bc7f18b552b93f04db517017f00a104f502

SHA256
7caf3457442fc248e30d953806b968d82a55a6808d512173d160d5e4a25cb7e2

SHA512
3bc2eac87737681b69f18a640d1caa60116d08db23c4b158b8d95c7a00f4ab8f065db47542ee5f30d573283fc871da0d413aba0b61392332c426a52374b99516

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD

Filesize
1.1MB

MD5
9ed60744680f27426f4409dc9285b8b8

SHA1
52667df499d0b2dc9b7bbf28fbb422dda1a065b2

SHA256
b2a9026ae5162a502f09b6fd5369624eb61df5abfe5d17b93aa789f219f3e395

SHA512
8cc2397099b4e382b77629159d258165385a4dec0b0de609da633dfc163b072ecccb0bee012e6997f358239a57ac8d5bc6d7100b1292d7ef781af5f663b6ce9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\E47F6185E9AB287A92322D97719E3C4ED03B8D89

Filesize
98KB

MD5
e81f16bdfd5e52ea260f910eab857965

SHA1
2a0a955f522049a8f3d3e0680bcbe1b8293a3181

SHA256
12e67288974e61b322dd665c8c1a3638bb969bbe881dd3bc29e12cb25d016edc

SHA512
31b5043e32f8cb7ff26ecc6e47f61bcb543be54f0c6c05be061fc06601eeb667b36aa96ce9f953e79a7f56f0e221659e97e5fd41fca2bf002eb9eda364b7d140

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\E677F5D7DDE1BC0BBE7FF2E1DEFA77573D023F57

Filesize
234KB

MD5
f7945971c800d724d847e0182b65862a

SHA1
383d8757c6b57c5ce224c2ad8931b96b3ed614fd

SHA256
93b9892b865283cbf6ddc0d0241715c18477f108eded38a6d962b9d9dcc89881

SHA512
5d2860a76c668b5c3f0c5e013a57188897dc3c89553535c461046ed77d86ca2ff7af2eb728afd1eb6df3a8d5fb30aacf0bffe1a7222bcaf1afe1c3d0e584d502

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38

Filesize
70KB

MD5
18eaa7e972b7c91cb03516964f7d102f

SHA1
98f15a6803da1a61660b1d91151c42969d2e56ee

SHA256
406b07d5c06a819a4fd221ab7f372fb21ce07b14e59895ceaed3927677efea50

SHA512
a28f8c2fe5d7e0631638312c38b41bd3590aaf7d58d2f858678fe9cd923ce542f5f9fdb8502e077a6e168d6a57a311a521a1e87a8f26155c1184638df5ee106c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\attrs-24.2.0.dist-info\METADATA

Filesize
11KB

MD5
49cabcb5f8da14c72c8c3d00adb3c115

SHA1
f575becf993ecdf9c6e43190c1cb74d3556cf912

SHA256
dc9824e25afd635480a8073038b3cdfe6a56d3073a54e1a6fb21edd4bb0f207c

SHA512
923daeee0861611d230df263577b3c382ae26400ca5f1830ee309bd6737eed2ad934010d61cdd4796618bedb3436cd772d9429a5bed0a106ef7de60e114e505c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\attrs-24.2.0.dist-info\RECORD

Filesize
3KB

MD5
8037e693eafed6c3d0cce916babb50c4

SHA1
2321392aab7ae3a6a78248e5d5f454124d368ec1

SHA256
688073f6556808d9139fea52bec3802d8c0d7ce07978b98aae8db5c98facc0df

SHA512
95b9e6b8f946d2617098c338441afc5a555ff208947d5731e09ee17b959655161c397f57e14827a95a8fd4554de8c6e426dc316f858510ae4aa7ca8723c4cf51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\attrs-24.2.0.dist-info\WHEEL

Filesize
87B

MD5
52adfa0c417902ee8f0c3d1ca2372ac3

SHA1
b67635615eef7e869d74f4813b5dc576104825dd

SHA256
d7215d7625cc9af60aed0613aad44db57eba589d0ccfc3d8122114a0e514c516

SHA512
bfa87e7b0e76e544c2108ef40b9fac8c5ff4327ab8ede9feb2891bd5d38fea117bd9eebaf62f6c357b4deaddad5a5220e0b4a54078c8c2de34cb1dd5e00f2d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\attrs-24.2.0.dist-info\licenses\LICENSE

Filesize
1KB

MD5
5e55731824cf9205cfabeab9a0600887

SHA1
243e9dd038d3d68c67d42c0c4ba80622c2a56246

SHA256
882115c95dfc2af1eeb6714f8ec6d5cbcabf667caff8729f42420da63f714e9f

SHA512
21b242bf6dcbafa16336d77a40e69685d7e64a43cc30e13e484c72a93cd4496a7276e18137dc601b6a8c3c193cb775db89853ecc6d6eb2956deee36826d5ebfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\METADATA

Filesize
5KB

MD5
c891cd93024af027647e6de89d0ffce2

SHA1
01d8d6f93f1b922a91c82d4711bcefb885ad47b0

SHA256
eb36e0e4251e8479ef36964440755ef22bedd411ba87a93f726fa8e5bb0e64b0

SHA512
3386fbb3dcf7383b2d427093624c531c50be34e3e0aa0984547b953e04776d0d431d5267827f4194a9b0ad1ab897869115623e802a6a1c5d2ae1ad82c96cce71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\RECORD

Filesize
15KB

MD5
01123b16f8b6a298539243e0b73ce434

SHA1
dbf71311e9540325b8d60fae25576fd1cca912ff

SHA256
887833e03f8f5805ca3f7c25223f6740e9e924369b30750424c7487977815933

SHA512
e70f1c8a129ee7184445410223ae132f313f7e47aabda5b5deeacfb29a0bea38a324d7e0fcfe071f00a945ab143af876a405de01b3796d3f337e735e100e5e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\WHEEL

Filesize
94B

MD5
c869d30012a100adeb75860f3810c8c9

SHA1
42fd5cfa75566e8a9525e087a2018e8666ed22cb

SHA256
f3fe049eb2ef6e1cc7db6e181fc5b2a6807b1c59febe96f0affcc796bdd75012

SHA512
b29feaf6587601bbe0edad3df9a87bfc82bb2c13e91103699babd7e039f05558c0ac1ef7d904bcfaf85d791b96bc26fa9e39988dd83a1ce8ecca85029c5109f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\license_files\LICENSE

Filesize
197B

MD5
8c3617db4fb6fae01f1d253ab91511e4

SHA1
e442040c26cd76d1b946822caf29011a51f75d6d

SHA256
3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb

SHA512
77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

Filesize
11KB

MD5
4e168cce331e5c827d4c2b68a6200e1b

SHA1
de33ead2bee64352544ce0aa9e410c0c44fdf7d9

SHA256
aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe

SHA512
f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

Filesize
1KB

MD5
5ae30ba4123bc4f2fa49aa0b0dce887b

SHA1
ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8

SHA256
602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb

SHA512
ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\cryptography\hazmat\bindings\_rust.pyd

Filesize
2.1MB

MD5
b3aded1526439f1938d4d976493ef600

SHA1
0138ae2ec0fae83f8644a06c0ead66d437be714d

SHA256
8cbf7c62f13d73236fdce5be0ef642f197d41b1c3a0f96094109e56b3a09099b

SHA512
5e146dc71578c97a95d3e25eabb5add6b84903d0a40035162f9b48f454c4648aa3ac531baffda36f5bd0ecf52903c6f7cec8b7fe503b21bf29c7bdf821a6dde3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_asyncio.pyd

Filesize
34KB

MD5
936e44a303a5957709434a0c6bf4532e

SHA1
e35f0b78f61797d9277741a1ee577b5fe7af3d62

SHA256
11f1062fafb4fbca92e3b2cef97ab66ec011142f5b0312e74815decd93be458b

SHA512
cebe905b718825c1841e9c0e83dfdac95d0ff50b116ab3b91b05ca21f86f1482f5b1e13988c969244c644d17bd378792ac4967caa721f0b0e858cd92859af154

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_bz2.pyd

Filesize
46KB

MD5
af3d45698d379c97a90cca9625bc5926

SHA1
0783866af330c1029253859574c369901969208e

SHA256
47af0730824f96865b5e20f8bba34b0d5f3a330087411adba71269312bf7ccec

SHA512
117e95d2ba0432f5ece882ad67a3fbf2e2cd251b4327a0d66b3fffd444e2d1813ddb568321bde1636b4180d19607db6103df145153e4ff84e9be601fd2dd5691

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
f5a0e3f73ad4002839a85ec9b5285cc0

SHA1
2657e49964491d8b0784ab6ae157c767cf809673

SHA256
34dff4546abf4cd9d1e605f215339e6816c3aa4ef3c6028afcf00cb6241dbccf

SHA512
81d683f45b6ea1b48d0e377779c9b87ddff5b8549f00ae375ebe617fbd00d0149639a2b5c1b42ea536bde786aea50025646311b3de243c48ed192014dcc9974b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_ctypes.pyd

Filesize
57KB

MD5
2346cf6a1ad336f3ee23c4ec3ff7871c

SHA1
e36b759c0b78d2def431aa11bcbb7d7cf02f1eea

SHA256
490a11d03dd3aeb05a410eb0d285e3da788e73b643ea9914fffd5a2c102dc1df

SHA512
7a92de4937b23952e2a31bb09a58b2ad81c06da23704e4b4f964eb42948adad1a1e57920c021283da1b7154e7ac19e46031ffee6b69a73acbc85d95ef45bf8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_decimal.pyd

Filesize
104KB

MD5
9b801838394e97e30c99dcf5f9fcc8fa

SHA1
33fb049b2f98bcb2f2cb9508be2408a6698243be

SHA256
15668e03f9c55f07184ec9c048a8569f7d7ebd9ea6dbef145f1f3b581f8623f3

SHA512
5f074c82f344ca43a07a59132fab59e3504e314a2f7673bfec906782b947daf8fe45a1b956f72502eae72f01369a3bb1fbb73b10dc605d43b889a6700bd98a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_hashlib.pyd

Filesize
33KB

MD5
7fd141630dfa2500f5bf4c61e2c2d034

SHA1
0f8d1dfae2cbce1ad714c93216f01bf7001aabda

SHA256
689f0ac1d44481688cd4ae90b6f801176a52ff4bb4170c62575ea58f44452e15

SHA512
c6b7b1aefb7280f38d63f4ab84a349ebb696ca7300b7a451e7a994baff7e0a83fb4488c43ed3160b94dec74e0d27417d68913056b3006c8c6da11e39681f512e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_lzma.pyd

Filesize
84KB

MD5
ab6a735ad62592c7c8ea0b06cb57317a

SHA1
e27a0506800b5bbc2b350e39899d260164af2cd1

SHA256
0ebdf15c1c6d59e49716dfb4601f0abe6383449c70db1a349c6ad486742144a8

SHA512
9a285593cd8cc29844688723d8907e55a9f8a3109f9538cc4140912cc973f495de32779a4cd4a48dc62d680fdf81a5797e4e9c33f236a803082dfc3c00d02060

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_multiprocessing.pyd

Filesize
25KB

MD5
241a977372d63b46b6ae4f7227579cc3

SHA1
21c8fa02217ec69c5cc9a1cc9edaa5de6f8d9f91

SHA256
04e56f1c6919f2987f205e9e3afa16d945eeaffa415c746104ccb7763c067f9c

SHA512
7aeaa94a5cd46d604370e430c72724b683e149af7e032c85708e33bfb94fb6a9ccc52c70bc701dfb94b4ae55d4e8acd8e394efb6cd81466fd9fa1a6addaa4ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_overlapped.pyd

Filesize
30KB

MD5
ef52dc3e7d12795745e23487026a5b5e

SHA1
6c9f488a9eaabdc6db11ed2c32231d518a8b8f42

SHA256
b1b56328df4b19cf04586303f693979536253078fc7017b4ac4ae6d730296b1f

SHA512
8b3c311bf4a54eaa21fa1db058037b274bd3b9e838e844537269f8e0102ad47ca7181e73bbb4f5269100cfe82499bb0787bc04943b02e36ea0ab26bfa8e65326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_queue.pyd

Filesize
24KB

MD5
71955beaf83aca364ed64285021781ca

SHA1
cac93d08f9085079fb32e6fc6d8e4fc8cd9115e6

SHA256
3df280391d7275e73aef70af228bb21c03434147ae9fe31e8c620ea151e08b30

SHA512
9b055a0273ace0f9b673e015a20c8867689090608fffaf85c54636f061cf595de1e6c9bfc2d8ea75fa4dd247b4af0493022f24d6a931b53e7f60009a85b45601

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_socket.pyd

Filesize
41KB

MD5
53dc1aa457a1e3b4f6c8baed19a6ca0a

SHA1
290a572e981cc5ce896dc52a53f112d9eaaefc39

SHA256
26200892f616f859e82c167701ab866b8291eabbe808dd18c434cc80ebeedf19

SHA512
460de92115288e0e95fd03837df775e5f34425784c18ab7e9ad0885511166371647a6f06d95ffa6c3437de69895d46cd4cddcda2841ccdb5ef268b1a857837e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_sqlite3.pyd

Filesize
54KB

MD5
1c5e0718dce15682d32185f1e1f8df7d

SHA1
f59662db717663ed1589328c5749bb8b44a0d053

SHA256
56f74ec6490b916c513b618635edaa22cb2374a92e5f79549c1e2b7c5c37f31d

SHA512
702f8348d2fe08ec10e0120129e64c12368c971ea52852cd0c7d26fd159f5b34bc808b9b318168aaa81366ed4944909e305d4e9727f0374d921eddb54ea22cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_ssl.pyd

Filesize
60KB

MD5
df5a6f6c547300a7c87005eb0fafcfa0

SHA1
c792342e964a1c8a776e5203f3eee7908e6cad09

SHA256
dea09b9750c26813130ca32db0b4455796e12a3d61bb52066d5a53302bcce0ce

SHA512
018a79871faa2cf6a1644e96f10750ddccccd56436720faf760808b1997940f9bcd2866a4533b903058ab608629ff8ed46fadb788e4a6714b19775d557dd69b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\_uuid.pyd

Filesize
21KB

MD5
cf378e1866edaa02db65a838f0e0ad8e

SHA1
cc66b98b3289a126fa4cf960d89cbbecff0f5aa8

SHA256
caabfac7123e70906fafe3a34d11c0c87c62695b2716a5f95b032bb54982744e

SHA512
cdb6fb5861fee4eeee49dd79ba164ef8538235b0b41e505dd59f1b5a79256390a4bb920ade9ff58abdc41c738ec6f316d387df4f588b673d8f324e5c1c32a9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
25KB

MD5
776def3706c3e369074a530471493fd6

SHA1
cb8198adbe64cf3d426a6a981761197f459216e8

SHA256
4597dfe94febac9702ed96817618974c062d96821501559d14e481a5280f4e60

SHA512
645ce66e53c9831bbc5f12bbe42af4d0449ec3094d4cbc369910bceccca2e3c97246d0df08e18c8719f3746dfcea92feb973531c21ff2933fdd00164f558e5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\aiohttp\_http_parser.cp311-win_amd64.pyd

Filesize
81KB

MD5
536aea60dfeff6367b66f57edfdc70a7

SHA1
646d8ab55da2834ebdd8fe43bcbf67948f4c3ff8

SHA256
f69b5228f191ea89c40665a741dca0b6af4d6206373009e01ac1c4be5f88ca06

SHA512
e687d79be3d3d0e2da0e89ac0b68bc7eede8be7b37c207154cb158e65189806d3d067eff620ce71ab829f76b0bef51a9027aa69bd8bf51cdc8aacb3ac6f2ae91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
24KB

MD5
65f3c0466e5a345963c5a7b8a52667b9

SHA1
4b26dd2464a4c141d209a328c19e1176859027b5

SHA256
bf30f10977d74084916df041d31c481e85e3614b05eab4b91f1304eb281ed822

SHA512
f6ab79c68425abff38c228bd5797cb7706cfd6670f61e316477926be4f40e815622c90932bee70de416a07907abe588ac603187ee17498a51c63614a69466907

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\aiohttp\_websocket.cp311-win_amd64.pyd

Filesize
20KB

MD5
fdd9f9a26bce67bc2c9dae16695ecd4e

SHA1
2ae4591a61d6843010e2039a235d2ee2ac34f691

SHA256
a2a748c70bd2567df51885c53a2785bede8c6850d3a913f5cd3fda9f67b59deb

SHA512
f82c26b9c07f3bf02e0bd954fa9fd64a5672efde6617f71eea7c6b7f83506f8fc8b040a00525b7ccdeb940f5975cdfbf8d2cf66bd1ccc71fdb17c5dbf3f77456

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\base_library.zip

Filesize
1.4MB

MD5
2a138e2ee499d3ba2fc4afaef93b7caa

SHA1
508c733341845e94fce7c24b901fc683108df2a8

SHA256
130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c

SHA512
1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\frozenlist\_frozenlist.cp311-win_amd64.pyd

Filesize
36KB

MD5
c72aa0bc5047969106347bf999d7a1b5

SHA1
73e0bd61147858073ec77b463127078f84b0f529

SHA256
4b87ae4885e6d9e6cac4cb79ade5dadae1b52a0a6e3b8ca47749d74826b5ef4e

SHA512
74df686dcdc82460f4ea14971939762b99356fa90edebeb0343a15574a78de90f90eec62eeb0dee4ca8762ffceaaff3511d5ac13140953920396b95279ff55ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\libcrypto-1_1.dll

Filesize
1.1MB

MD5
571796599d616a0d12aa34be09242c22

SHA1
0e0004ab828966f0c8a67b2f10311bb89b6b74ac

SHA256
6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b

SHA512
7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\libffi-8.dll

Filesize
24KB

MD5
24ea21ebcc3bef497d2bd208e7986f88

SHA1
d936f79431517b9687ee54d837e9e4be7afc082d

SHA256
18c097ef19f3e502a025c1d63cfec73a4fa30c5482286f4000d40d4784a0070a

SHA512
1bdbeddd812ecc2cdfbbf3498b0a8ef551cc18ce73fc30eb40b415fab0cdd20b80057a25a33ca2f9247b08978838df3587a3caf6e1a8e108c5a9a4f67dd75a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\libssl-1_1.dll

Filesize
203KB

MD5
aabafc5d0e409123ae5e4523d9b3dee2

SHA1
4d0a1834ed4e4ceecb04206e203d916eb22e981b

SHA256
84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831

SHA512
163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\multidict\_multidict.cp311-win_amd64.pyd

Filesize
20KB

MD5
9b2ec333ca4e6e06d5022bc06a7eaf73

SHA1
3de52a96781fedac21157d7096238f7ea132ccae

SHA256
2f14174dcd64887e8d9dbad4b0f5e015a7b526854a78ddb5897c981168dabec2

SHA512
31bf85ccf1e7ca8cf59de1eda8548438264e8dafc09bbbce607b9e6418469074e536c628abfddbe50377c1658e1fb70b6961aabd01afa9b85cb409949e0ba17e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\propcache\_helpers_c.cp311-win_amd64.pyd

Filesize
32KB

MD5
267a6106a6960220d2a6cf9ed0c71838

SHA1
f026f6701b9d5236279d28d855c9bcbc26d13f87

SHA256
b985a31be3ac914447b77bbbddf2a770482d0cc5c00176f9b66a0dcceeb3d448

SHA512
ad97b207bd85b4844234fcb17314f4fe5a6c552b3d32efabd6dcb7d72df62bfbebb70a9dd45b54859d2173bf605ee0dcc50bb4cbeb4233c63e1d173b258187be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\pyexpat.pyd

Filesize
86KB

MD5
c498ed10d7245560412f9df527508b5c

SHA1
b84b57a54a1a9c5631f4d0b8ac31694786cc822b

SHA256
297ec9e654500400ba5731101b65d29c14d0305ae9f6c05b9763f57ab150b07d

SHA512
ab8bcf6e4a395944316e19aa7aa598e8bfeaa038f4ae086fcede6d01747b670896d640dbf4992630fcbd737d2be3ab627b7be8ad36437629671387f4aaf85957

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\select.pyd

Filesize
24KB

MD5
0dc8f694b3e6a3682b3ff098bd2468f6

SHA1
737252620116c6ac5c527f99d3914e608a0e5a74

SHA256
818120c08358b6b4d1234b7456c7b5c777af8473e26314a6a6c0f37237d53208

SHA512
d0e704d52b0c5e24c07447a60d71ccec490ec15ecb6b4532b2e93ac07036bda7f27051f80dac1ef3705b0186f35f9d6dfc05415412e483b68fd79f1098411123

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\sqlite3.dll

Filesize
608KB

MD5
605b722497acc50ffb33ebdb6afaf1f0

SHA1
e24c55472c827d4b519e5b6f0a3cfc49e10d1fa9

SHA256
a61016520a3f228285e32e40d878fe449450136c55aa9d4d7b54006a8dc7f339

SHA512
9611afc66cd1236cea1fce94e8ecf8e4d2168db3b51d8d9a799b574e8523ca0aea48da6b6c15fc863dd737b9c394ac6e56d2f3fa45e29792b630da389cb21dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\unicodedata.pyd

Filesize
293KB

MD5
2b1809546e4bc9d67ea69d24f75edce0

SHA1
9d076445dfa2f58964a6a1fd1844f6fe82645952

SHA256
89cbb2814a75a5bd53acbfb1fe090ca8395c4a7f559acd4fe0187758c172623a

SHA512
5ae015add4697e8290eb881fa770bca2fa22ba8376b86b26f7880d4f92ad362e741042926a4c47cc3413c83f445e372ffda915bcf8567673d807bd2dac28fbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49842\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
41KB

MD5
ebe0ba985f1eaac2d6d25a8b20118ced

SHA1
46153526e4b354290263d430fa4b9ec0d761e39d

SHA256
3bb04a8baab1db7a76c66ced44d6b2dd7ba54ce4a2c48997429a4406fdc69451

SHA512
6b8a497102f27f30af27751405cf0216c1bc7969f42b8cb2a8fe6bc9f9a033a01a28b2a1df52916633b737028d35d16d4ce3bbd3c9bebb79d7722988bda547e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\attrs-24.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qwijpi1n.qak.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
8KB

MD5
69d6b86930a781c6f12b40c042a1dbc9

SHA1
8b5b70f7b1c90ba703650e4906fed526a2da3fd4

SHA256
571baa064b6e568af4a78fedb3fafdf7105106f7d252815d17fc5b86d2563063

SHA512
37667fa8064a9bae92ca65e788098d3d3b42789582dbc50086132cc6a307f8cd486cf60194e0f331fb2c0c27c989cc1ddae85e7e67b1b775c0670080eebcff3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
21a79cdc89c041bb01c0cc86e13189c1

SHA1
3f3782c49c2dda626aa151066eeec738fc80c92e

SHA256
c31f491317ad0e8aeb88649fd42f529493f4a9028246ffb370dbce35c3bb683b

SHA512
19d9673140100e9b3b251713fbd07acaaadf7eb33292c10505cd57f678d58f12934cc3a8fd464a1c17ba355bd9195bc0df55e64a1b9af3edbef61f1cf3a89e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
b8e398053b70895c18ecf1e2d963c6a4

SHA1
335ce96852e967f24d6f18d1adfff7d3974c2a58

SHA256
8d70e367104aec247b5b770301f6b567e53e7eabbdb9008670f148852f184317

SHA512
0e2f9d17bc050be2a05aede89ef3f16b468aff193bb9501e152e7b98d87fada03767191bbb01f6086217db4cc83f7de35c9888003d183d12050509292ebfa0f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3ff356ee8b31369a1f7749e6ff36d460

SHA1
1d8a2d06f26d8d4bd8d59c8f86bc65da013b9397

SHA256
5dd7a8cd63bd9a423311e4ef444aea1836a514c13624ba0cb606951c5aca1dcf

SHA512
c8e920e0dd930906067640bb14ad5041c4f21872f7cf1895e82005f16794fc24d2e4600d81061be5b51acde19f1a5d77e720a7b7050f82487222e1a316aa927e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
964bdf9ffd0194c14c57adb7458329c1

SHA1
849cfbe176cc3c63cdd2a579188a06b38a9e605f

SHA256
5843922a1e3d32c1f08235e63dc21c49f1f9677a4eb7972b70c6f80c573a1b9b

SHA512
d40b69f2eb907f687fa0c4b069f0f3ef8dac9dc5d4907420224b47e2f37e4d396c4cd7028858d7c1cfc46716bee4d596416e1f0a8aec4489dcc8e28334beea5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
ca2f1bed5efa9fe7069adff09ca7b333

SHA1
141618530f4f8973fa3e3701d9bfabf1c5ae5485

SHA256
d90774124fe8dcbe514f57afd569669e54ec499a125cd18ed48724dd25570ae7

SHA512
1b69200a7607a846a4161de244a5c1b6e2a625d90a767181f49708116e8e1c6ae762698b17c9c4414a81bfbaef7eea07bc4b78e564780c9076fc1e6992e64f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\05146957-052c-40e4-8e6d-ba3de7b0b458

Filesize
982B

MD5
ea01ab57c0cf8a35fffa2992c04908f9

SHA1
6ed91a37b2eecccef9ba01fddee17776fa791f36

SHA256
78179a59bc5271aa1814f813b362e6ea2ab6a9eab0327abf06d3383cdf828148

SHA512
7590e04aa15c829f362c9a0be30591329d3667064ef74e40c486f18e2c74a8fbf144bf5db83b8980fcfdb51153febae93fe042ec803e20dc48ba33d376815b0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\635b9798-e2f8-424c-a4a6-8d1fc33f4f0d

Filesize
25KB

MD5
20c03b25e383ee19b3521c8de329d672

SHA1
026f8382b46cdb64d211a7d6cac14aa1df44675d

SHA256
c224409213e96de4bc4b16483c6ea97dfe8f261f0322eb96290787fc69470c91

SHA512
631c61b5b5048b45859e642857a9aa6cc074df7baa6b45fa2bc8dca2482a47def047ea626ffe5a9dcb6bbc618dcc4df3d5e1b24806764d238f84f357960d24ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\e5229f7f-95c7-41a0-bb0c-ef31a6dca861

Filesize
671B

MD5
c08c0e2df17b744381030a08556838ec

SHA1
9539344190c9c3766cc2e83baf819ffad27a8b98

SHA256
0262c9716a494d265cd32508755afd2c6b117e9a9d71649c6904c7002161fa0a

SHA512
c2767ec21fca4b7162f61c5268150da6d1d81b8bf95803a52b8290eecec9a2c89164fc864618fe173afd89ffc0ebc0479ca57ddff0155223709c32df90558011

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
48f8242aee1a9bad13ec13043910ce0c

SHA1
9759cf985e0e10ebf03e1a1cb772230014f922f3

SHA256
e5e124a2d32bb2f75256c8ed1bec6fea938044e4a0d72df0674fb1bcb36e5598

SHA512
c56bbebbfe6a096646a7224854bfc18279de16c0b77a9fc7e855d6ed359c7a795c0f9e13dbc925b8f637cbe9c45b1809c5c7f25c6d6dc23625ac3991486a3041

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
c3b0ada99a0aaaa4f3b1f80f6e6f549b

SHA1
be0d6792efd2ee0ad01f7f2d673b803577497cf9

SHA256
f5044dfce12650cf2e4eb85ad65c0d9fe7eb8c5464fe775fcc85362713ffcdeb

SHA512
99fc5d1023cd994f7dd6c77858f9eb1acd4c911e094ce849861727a8a186d83453bcbbd3a775b9476cb47c26f7f7e7fe9a4b0f78707afede44cc04a7c843de0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2a2d1ded09fe620845cf7560b52105d6

SHA1
85e5db297025265b242db307094ed1045716b877

SHA256
bf7d21c7c35cecd048df34d74c2d3d4b8ce033e551e02f26134015242b5f0ae0

SHA512
df8bbe508325f4c78f3ed8e8bf8eaec747b19d4bf8d30061e868d9b53bab477d14d164a2f82ef806fed08ba3accbc25d1d22c200f97957618f6bbfbbaf574063

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
fe953b350ba5fe14603872a842b6859c

SHA1
d32366e7f1ad25fbf340577406d8e7a34aca2810

SHA256
dba19225f245550e5282ddbcdcff23ad4416e7fe447fe3ad86c25fd58e850173

SHA512
c66eaecbd485a8d596dba2173a9bb4612708950ad139d28053f4b810e017c81042d96734726d934485d3e40f1717b779b8a91355e9cf15ee5074e14a40287333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
38d94052d33c7499bf3dfc9613863edd

SHA1
0a22bb1435d8c55c5d781ddfd4540946b46686fe

SHA256
a0d43668984945f8fc2082f1e9c6462b6c7cbac5cf8e69ba6061dd7611a7b3ef

SHA512
340385c2eccc7130744be1949fc5deeda84c17cc56b6f453f154b397953998678edce4a93801816c8eb475daec17bd23ece03183cb499aad0f84a0f26388dd86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
d545a217818e78603d10a0a422649021

SHA1
834cafc804e3666168d2adf199c4824c0b87c505

SHA256
71d02d9b2a26a09d40588c12cfc914105651b5c4adad6db57c83632a2b147763

SHA512
fb86aa19992cb60213c16194a835f0e579eab72de658a75023e12774f4ea410fea655c629655679533c8f361b89a82dbfac73f0b0490b0c2eb229519ac20a56c

Download Submit
memory/3248-3596-0x00007FFBF81C0000-0x00007FFBF8333000-memory.dmp

Filesize
1.4MB

Download
memory/3248-3580-0x00007FFBF8B90000-0x00007FFBF9178000-memory.dmp

Filesize
5.9MB

Download
memory/3248-3587-0x00007FFC0A9E0000-0x00007FFC0A9EF000-memory.dmp

Filesize
60KB

Download
memory/3248-3589-0x00007FFBFAB70000-0x00007FFBFAB94000-memory.dmp

Filesize
144KB

Download
memory/3248-3590-0x00007FFBFAB50000-0x00007FFBFAB69000-memory.dmp

Filesize
100KB

Download
memory/3248-3592-0x00007FFC0A8F0000-0x00007FFC0A8FD000-memory.dmp

Filesize
52KB

Download
memory/3248-3595-0x00007FFBF8340000-0x00007FFBF8363000-memory.dmp

Filesize
140KB

Download
memory/3248-3594-0x00007FFBF8370000-0x00007FFBF839D000-memory.dmp

Filesize
180KB

Download
memory/3248-3593-0x00007FFBF83A0000-0x00007FFBF83B9000-memory.dmp

Filesize
100KB

Download
memory/3660-3515-0x00007FFC10930000-0x00007FFC1093F000-memory.dmp

Filesize
60KB

Download
memory/3660-3585-0x00007FFBFAC40000-0x00007FFBFAC51000-memory.dmp

Filesize
68KB

Download
memory/3660-3582-0x00007FFBF8400000-0x00007FFBF8B8A000-memory.dmp

Filesize
7.5MB

Download
memory/3660-3584-0x00007FFBFAE40000-0x00007FFBFAE8D000-memory.dmp

Filesize
308KB

Download
memory/3660-3588-0x00007FFBFB3E0000-0x00007FFBFB3F5000-memory.dmp

Filesize
84KB

Download
memory/3660-3591-0x00007FFBF83C0000-0x00007FFBF83F7000-memory.dmp

Filesize
220KB

Download
memory/3660-3597-0x00007FFBF9500000-0x00007FFBF9AE8000-memory.dmp

Filesize
5.9MB

Download
memory/3660-3598-0x00007FFC0A010000-0x00007FFC0A034000-memory.dmp

Filesize
144KB

Download
memory/3660-3599-0x00007FFC10930000-0x00007FFC1093F000-memory.dmp

Filesize
60KB

Download
memory/3660-3600-0x00007FFC07A30000-0x00007FFC07A49000-memory.dmp

Filesize
100KB

Download
memory/3660-3601-0x00007FFC0E410000-0x00007FFC0E41D000-memory.dmp

Filesize
52KB

Download
memory/3660-3602-0x00007FFC07A10000-0x00007FFC07A29000-memory.dmp

Filesize
100KB

Download
memory/3660-3603-0x00007FFC05A30000-0x00007FFC05A5D000-memory.dmp

Filesize
180KB

Download
memory/3660-3604-0x00007FFC04EE0000-0x00007FFC04F03000-memory.dmp

Filesize
140KB

Download
memory/3660-3586-0x00007FFC0AB40000-0x00007FFC0AB4A000-memory.dmp

Filesize
40KB

Download
memory/3660-3583-0x00007FFBF9180000-0x00007FFBF94F5000-memory.dmp

Filesize
3.5MB

Download
memory/3660-3581-0x00007FFBFAC00000-0x00007FFBFAC1E000-memory.dmp

Filesize
120KB

Download
memory/3660-3578-0x000002B52FAD0000-0x000002B52FE45000-memory.dmp

Filesize
3.5MB

Download
memory/3660-3579-0x00007FFBFAE90000-0x00007FFBFAEA9000-memory.dmp

Filesize
100KB

Download
memory/3660-3577-0x00007FFBFAF80000-0x00007FFBFB038000-memory.dmp

Filesize
736KB

Download
memory/3660-3576-0x00007FFBFAEB0000-0x00007FFBFAEC6000-memory.dmp

Filesize
88KB

Download
memory/3660-3575-0x00007FFC04EB0000-0x00007FFC04EDE000-memory.dmp

Filesize
184KB

Download
memory/3660-3517-0x00007FFC07A30000-0x00007FFC07A49000-memory.dmp

Filesize
100KB

Download
memory/3660-3519-0x00007FFC0E410000-0x00007FFC0E41D000-memory.dmp

Filesize
52KB

Download
memory/3660-3500-0x00007FFBF9500000-0x00007FFBF9AE8000-memory.dmp

Filesize
5.9MB

Download
memory/3660-3501-0x00007FFC0A010000-0x00007FFC0A034000-memory.dmp

Filesize
144KB

Download
memory/3660-3502-0x00007FFC10930000-0x00007FFC1093F000-memory.dmp

Filesize
60KB

Download
memory/3660-3503-0x00007FFC07A30000-0x00007FFC07A49000-memory.dmp

Filesize
100KB

Download
memory/3660-3504-0x00007FFC0E410000-0x00007FFC0E41D000-memory.dmp

Filesize
52KB

Download
memory/3660-3505-0x00007FFC07A10000-0x00007FFC07A29000-memory.dmp

Filesize
100KB

Download
memory/3660-3506-0x00007FFC05A30000-0x00007FFC05A5D000-memory.dmp

Filesize
180KB

Download
memory/3660-3507-0x00007FFC04EE0000-0x00007FFC04F03000-memory.dmp

Filesize
140KB

Download
memory/3660-3508-0x00007FFBFB040000-0x00007FFBFB1B3000-memory.dmp

Filesize
1.4MB

Download
memory/3660-3509-0x00007FFC04EB0000-0x00007FFC04EDE000-memory.dmp

Filesize
184KB

Download
memory/3660-3510-0x00007FFBF9500000-0x00007FFBF9AE8000-memory.dmp

Filesize
5.9MB

Download
memory/3660-3512-0x000002B52FAD0000-0x000002B52FE45000-memory.dmp

Filesize
3.5MB

Download
memory/3660-3513-0x00007FFBF9180000-0x00007FFBF94F5000-memory.dmp

Filesize
3.5MB

Download
memory/3660-3514-0x00007FFC0A010000-0x00007FFC0A034000-memory.dmp

Filesize
144KB

Download
memory/3660-3511-0x00007FFBFAF80000-0x00007FFBFB038000-memory.dmp

Filesize
736KB

Download
memory/3660-3516-0x00007FFBFB3E0000-0x00007FFBFB3F5000-memory.dmp

Filesize
84KB

Download
memory/3660-3518-0x00007FFBFAF60000-0x00007FFBFAF72000-memory.dmp

Filesize
72KB

Download
memory/3660-3524-0x00007FFBFAEF0000-0x00007FFBFAF12000-memory.dmp

Filesize
136KB

Download
memory/3660-3528-0x00007FFBFAED0000-0x00007FFBFAEEB000-memory.dmp

Filesize
108KB

Download
memory/3660-3527-0x00007FFBFB040000-0x00007FFBFB1B3000-memory.dmp

Filesize
1.4MB

Download
memory/3660-3526-0x00007FFBFAC60000-0x00007FFBFAD7C000-memory.dmp

Filesize
1.1MB

Download
memory/3660-3525-0x00007FFC04EE0000-0x00007FFC04F03000-memory.dmp

Filesize
140KB

Download
memory/3660-3523-0x00007FFC05A30000-0x00007FFC05A5D000-memory.dmp

Filesize
180KB

Download
memory/3660-3522-0x00007FFC07A10000-0x00007FFC07A29000-memory.dmp

Filesize
100KB

Download
memory/3660-3521-0x00007FFBFAF20000-0x00007FFBFAF34000-memory.dmp

Filesize
80KB

Download
memory/3660-3520-0x00007FFBFAF40000-0x00007FFBFAF54000-memory.dmp

Filesize
80KB

Download
memory/4236-3379-0x000001FCF7340000-0x000001FCF7362000-memory.dmp

Filesize
136KB

Download
memory/4420-3322-0x00007FFBF71A0000-0x00007FFBF72BC000-memory.dmp

Filesize
1.1MB

Download
memory/4420-3396-0x00007FFBF77B0000-0x00007FFBF77DE000-memory.dmp

Filesize
184KB

Download
memory/4420-3247-0x00007FFBFA140000-0x00007FFBFA159000-memory.dmp

Filesize
100KB

Download
memory/4420-3415-0x00007FFBF6920000-0x00007FFBF70AA000-memory.dmp

Filesize
7.5MB

Download
memory/4420-3388-0x00007FFBFB3B0000-0x00007FFBFB3D4000-memory.dmp

Filesize
144KB

Download
memory/4420-3395-0x00007FFBF77E0000-0x00007FFBF7953000-memory.dmp

Filesize
1.4MB

Download
memory/4420-3217-0x00007FFBFB3B0000-0x00007FFBFB3D4000-memory.dmp

Filesize
144KB

Download
memory/4420-3397-0x00007FFBF76F0000-0x00007FFBF77A8000-memory.dmp

Filesize
736KB

Download
memory/4420-3398-0x00007FFBF7370000-0x00007FFBF76E5000-memory.dmp

Filesize
3.5MB

Download
memory/4420-3399-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp

Filesize
84KB

Download
memory/4420-3400-0x00007FFBF7330000-0x00007FFBF7342000-memory.dmp

Filesize
72KB

Download
memory/4420-3251-0x00007FFBF7990000-0x00007FFBF79BD000-memory.dmp

Filesize
180KB

Download
memory/4420-3252-0x00007FFBF7960000-0x00007FFBF7983000-memory.dmp

Filesize
140KB

Download
memory/4420-3407-0x00007FFBF7140000-0x00007FFBF7159000-memory.dmp

Filesize
100KB

Download
memory/4420-3408-0x00007FFBF70F0000-0x00007FFBF713D000-memory.dmp

Filesize
308KB

Download
memory/4420-3387-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp

Filesize
5.9MB

Download
memory/4420-3413-0x00007FFBF68E0000-0x00007FFBF6917000-memory.dmp

Filesize
220KB

Download
memory/4420-3436-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp

Filesize
84KB

Download
memory/4420-3243-0x00007FFC04FC0000-0x00007FFC04FD9000-memory.dmp

Filesize
100KB

Download
memory/4420-3319-0x00007FFBF72C0000-0x00007FFBF72E2000-memory.dmp

Filesize
136KB

Download
memory/4420-3367-0x00007FFBF70F0000-0x00007FFBF713D000-memory.dmp

Filesize
308KB

Download
memory/4420-3253-0x00007FFBF77E0000-0x00007FFBF7953000-memory.dmp

Filesize
1.4MB

Download
memory/4420-3255-0x00007FFBF77B0000-0x00007FFBF77DE000-memory.dmp

Filesize
184KB

Download
memory/4420-3259-0x00007FFBF76F0000-0x00007FFBF77A8000-memory.dmp

Filesize
736KB

Download
memory/4420-3324-0x00007FFBF7160000-0x00007FFBF7176000-memory.dmp

Filesize
88KB

Download
memory/4420-3260-0x000002A609AD0000-0x000002A609E45000-memory.dmp

Filesize
3.5MB

Download
memory/4420-3261-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp

Filesize
5.9MB

Download
memory/4420-3424-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp

Filesize
5.9MB

Download
memory/4420-3264-0x00007FFBFB3B0000-0x00007FFBFB3D4000-memory.dmp

Filesize
144KB

Download
memory/4420-3245-0x00007FFC10920000-0x00007FFC1092D000-memory.dmp

Filesize
52KB

Download
memory/4420-3368-0x00007FFC13FD0000-0x00007FFC13FDD000-memory.dmp

Filesize
52KB

Download
memory/4420-3234-0x00007FFC11F30000-0x00007FFC11F3F000-memory.dmp

Filesize
60KB

Download
memory/4420-3265-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp

Filesize
84KB

Download
memory/4420-3269-0x00007FFBF7330000-0x00007FFBF7342000-memory.dmp

Filesize
72KB

Download
memory/4420-3270-0x00007FFBF7310000-0x00007FFBF7324000-memory.dmp

Filesize
80KB

Download
memory/4420-3271-0x00007FFC04FC0000-0x00007FFC04FD9000-memory.dmp

Filesize
100KB

Download
memory/4420-3274-0x00007FFBF72F0000-0x00007FFBF7304000-memory.dmp

Filesize
80KB

Download
memory/4420-3276-0x00007FFBF72C0000-0x00007FFBF72E2000-memory.dmp

Filesize
136KB

Download
memory/4420-3278-0x00007FFBF7960000-0x00007FFBF7983000-memory.dmp

Filesize
140KB

Download
memory/4420-3279-0x00007FFBF77E0000-0x00007FFBF7953000-memory.dmp

Filesize
1.4MB

Download
memory/4420-3280-0x00007FFBF71A0000-0x00007FFBF72BC000-memory.dmp

Filesize
1.1MB

Download
memory/4420-3287-0x00007FFBF77B0000-0x00007FFBF77DE000-memory.dmp

Filesize
184KB

Download
memory/4420-3292-0x00007FFBF76F0000-0x00007FFBF77A8000-memory.dmp

Filesize
736KB

Download
memory/4420-3294-0x00007FFBF7160000-0x00007FFBF7176000-memory.dmp

Filesize
88KB

Download
memory/4420-3295-0x00007FFBF7140000-0x00007FFBF7159000-memory.dmp

Filesize
100KB

Download
memory/4420-3297-0x000002A609AD0000-0x000002A609E45000-memory.dmp

Filesize
3.5MB

Download
memory/4420-3298-0x00007FFBF70F0000-0x00007FFBF713D000-memory.dmp

Filesize
308KB

Download
memory/4420-3299-0x00007FFBF70D0000-0x00007FFBF70E1000-memory.dmp

Filesize
68KB

Download
memory/4420-3301-0x00007FFBF7370000-0x00007FFBF76E5000-memory.dmp

Filesize
3.5MB

Download
memory/4420-3302-0x00007FFC0B1F0000-0x00007FFC0B1FA000-memory.dmp

Filesize
40KB

Download
memory/4420-3303-0x00007FFBF70B0000-0x00007FFBF70CE000-memory.dmp

Filesize
120KB

Download
memory/4420-3306-0x00007FFBF68E0000-0x00007FFBF6917000-memory.dmp

Filesize
220KB

Download
memory/4420-3305-0x00007FFBF6920000-0x00007FFBF70AA000-memory.dmp

Filesize
7.5MB

Download
memory/4420-3304-0x00007FFBF7350000-0x00007FFBF7365000-memory.dmp

Filesize
84KB

Download
memory/4420-3283-0x00007FFBF7180000-0x00007FFBF719B000-memory.dmp

Filesize
108KB

Download
memory/4420-3262-0x00007FFBF7370000-0x00007FFBF76E5000-memory.dmp

Filesize
3.5MB

Download
memory/4420-3210-0x00007FFBF79C0000-0x00007FFBF7FA8000-memory.dmp

Filesize
5.9MB

Download