hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

17-01-2025 00:09

250117-afkm7swnek 10

17-01-2025 00:03

250117-acf6lsvqbw 8

17-01-2025 00:00

250117-aae6javpes 10

Analysis

max time kernel
299s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
5576	MeltingScreen.exe
3164	MeltingScreen.exe
4348	MeltingScreen (1).exe
5452	NakedWife.exe
3748	WinNuke.98.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
75	raw.githubusercontent.com
76	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MeltingScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MeltingScreen (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NakedWife.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 566801.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 535868.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\NakedWife.exe\:SmartScreen:$DATA	NakedWife.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 409013.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 757619.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 202239.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 705918.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4352	msedge.exe
4352	msedge.exe
1044	msedge.exe
1044	msedge.exe
360	identity_helper.exe
360	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5516	msedge.exe
5516	msedge.exe
5516	msedge.exe
5516	msedge.exe
5716	msedge.exe
5716	msedge.exe
1268	msedge.exe
1268	msedge.exe
5492	msedge.exe
5492	msedge.exe
820	msedge.exe
820	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4028	OpenWith.exe
5564	OpenWith.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4028	OpenWith.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 3940	1044	msedge.exe	82
PID 1044 wrote to memory of 3940	1044	msedge.exe	82
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4888	1044	msedge.exe	83
PID 1044 wrote to memory of 4352	1044	msedge.exe	84
PID 1044 wrote to memory of 4352	1044	msedge.exe	84
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85
PID 1044 wrote to memory of 4016	1044	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911c046f8,0x7ff911c04708,0x7ff911c04718
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716
- C:\Users\Admin\Downloads\MeltingScreen.exe
  "C:\Users\Admin\Downloads\MeltingScreen.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5576
- C:\Users\Admin\Downloads\MeltingScreen.exe
  "C:\Users\Admin\Downloads\MeltingScreen.exe"
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Users\Admin\Downloads\MeltingScreen (1).exe
  "C:\Users\Admin\Downloads\MeltingScreen (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1272 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5492
- C:\Users\Admin\Downloads\NakedWife.exe
  "C:\Users\Admin\Downloads\NakedWife.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1030799877113684784,7366878736550367037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6"
  2⤵
  PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4692
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df4bfce5-829c-4e2b-bb5c-d998db431214} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" gpu
      4⤵
      PID:1384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c36e1c-5156-4376-8ab0-07ea6fa132bd} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" socket
      4⤵
      PID:2932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {649129c3-4a46-4ac6-a8bf-97027e645c9f} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
      4⤵
      PID:2092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3532 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {918b00f9-c99a-4620-b725-1914e2624b4c} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
      4⤵
      PID:2232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5040 -prefMapHandle 5032 -prefsLen 32730 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4c3eb2-6b61-46eb-9835-95896d070f88} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" utility
      4⤵
      Checks processor information in registry
      PID:5392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5284 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3f784c3-57e8-4cb5-ab87-58917561c146} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
      4⤵
      PID:5200
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d539e423-627b-4577-9bb6-85b5311b8182} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
      4⤵
      PID:5156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5652 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8016b6b-367d-4622-819f-8d365b256685} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
      4⤵
      PID:5384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5564
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6(1)"
  2⤵
  PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6(1)
    3⤵
    - Checks processor information in registry
    PID:6128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50510e3a-2a8f-45b2-9a17-cffc5ff4f6b5.tmp

Filesize
1KB

MD5
06747e5defa26c0e91461c9098e00029

SHA1
4ba3c682c136be4f0d1b2de634e2e33e228ef29c

SHA256
86d7547b19a251cf42e9ee138a0c1a225b411a064f61c5869227da15714e7576

SHA512
8b65f7b34dd9e1b2bbe0d6f101a67bf63d5c5ae84903b9af17420da9a54b3a7e31bfe33adea6b0cc10754a8e15199011d7bc18e3bc0a49c1576d3d05a74c8ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54dc850843b3cd16a5ee0c83496fb08f

SHA1
f2e3a1c05e07b55a8fad19518288de1959dfc887

SHA256
dce382b5aca9bfec38db59f58f074b7b28d529c1956f26d64bdc4d5179b75a5f

SHA512
0c46497e29e2070d56735a939d94756ca75a044877384dda75d1df0ae721cc1a400ea307544567716d5a816d9d73a0c80ee1de25bdff9c55ef4a85c361d1f032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b771382f966365ddc01edd43cd9e4c96

SHA1
fb7819f131297f6e130066eae79523ff0432a347

SHA256
da718a7dfc254c26b0697c37da17143479af255c9d25a156c347b3c363599d2d

SHA512
f181259902bd8f20712b9f358dbc897d5acd8a5741186c4ebfd39163c0dfe2c8523aece956414e9650bdfd1fe7f93c2b3005d1601458cab7a88ac8dcbc463304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
be85a012866f82533b134a3e7c03581c

SHA1
8f361377763dc0f643a3c2746149ca5850c5d8c0

SHA256
7c0534066657219aeecf9763515dbb8eeb5b0cc4509d25ed75d5347476f443a0

SHA512
38aa3dc3c36a5319162d52fb0bdb7588dfa9fada5247c49ee53d870b7d928ea5be1387e176e8caf3dd6cad9b6975d432eae587c0103f8dffc56f17ef887ae621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5507da24b65d62c34889143a0ff4cc72

SHA1
a7a1888419658111e52eb6eb2ea36f547e3a1afd

SHA256
eb7845e5f7b3547f48e580c30e0c4e0e1819a277129e7795687a0cea719efe67

SHA512
e1c29ecf1eca1b7e79e432f9f0812e94b3a7df94581eeca0adce92240f09aa46a16b0021527eec32e8e31df9212415e4895150cfd60ee829554bb0cde6ab4b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d6ec64d20b9f944b488587cb6be3b89

SHA1
91e10e96ac43777fe27ee1afbf641d04416159e9

SHA256
5e6af40c581230d0bcc775d42992064abda25814fee6b761818f29dc586b8b96

SHA512
ead6ca061eee60f9e5a4d9ba980f075964c6c13dc373fbc4244d52a2cb20eef648233b8d989e62a7870963364c36806a50a56324ffdf30d4ff66b69e48220532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec72cea85adbfd10e2c2e938e0945204

SHA1
de6a96945c3bacd3c73331548c478cdff2a86de2

SHA256
bc94df640fb9e41eb583bb3d5f74706a7879989934cf11d166eaf497b60f0e7f

SHA512
1522e1baed5480802952e54170a1397f05ccb2f8f01e2f1fef76e2048d0714abf9b5ce737fa5bb4c4b760d4361a86742e120528e9beea893f9cfd75a00a0924d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18d1ee9b61dc8f1a5e0160e710444193

SHA1
d24fc754b5f259a0ff002d2256c1083bf31ac01f

SHA256
c8a975af0bf13cb52e5aa54a9756c2e4620d0818df99d28526c987788cf38bf1

SHA512
bd45b0972e523e0621f957c3c28307e8ae0c1f2181cfb5e22db8feefb7482d2ddc677d82bed81786dc3c88f4d2889f328ecb70e6003ce68ca63f819f3e510861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
999802a546b326592f6c598bf04fc923

SHA1
6aada141317be630dd4e017a71020ead08e42700

SHA256
50285cd21ff3173402f06a4b7805c85f1621a7d3fc6341f9002129bd0cca597f

SHA512
d82b0353a179c0e22c87831988ac5b3777a2216ee7a783353bb39fed55126aa435ead8c03829131375baf22eebef2e249736104e59577ac557e60424b6051043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
049f1dced47278baf6414c6fac158fab

SHA1
f6bf37f323f307f0f2226fae453871c2a6fcabdb

SHA256
286a97730ba695b05c41fb81afeef1fad4356f1de8a5d2519eba7e5ad354e111

SHA512
cac050567f4ad9b909e8a92da3c4787b91bb98a43d48f1337fdc3bfae66fc2c05348143101f6f8911673354a3c8e741a4db089be5dce3c7e4dc058252bcf4a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98b91aeeed1a27b6b451a2f99be8f38e

SHA1
886dcd923443daefc29d275c14d54e1f98e8e8bd

SHA256
8149315fac0e29301bdb53365c53db125f3d24316d5a2da2ab2c50d7ee55c861

SHA512
913791746cf68cd2327f68aee48977734b5d56c9b24763f46f1ebfc27af911e436fcacdfd3b861d76156b030b15d42f65e9b809ad010bfa11e3f17c1f996e601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
572f4709ac002d9d8b2bae42425892fd

SHA1
75c8e92a7e23c8f67813445a1864db36e003da3b

SHA256
6edcdf9cb1b7f957adbe0670c82787280ce4d46b5a6b43d0d4d24c3a2ccbc208

SHA512
2cc25199d498828cf72254615556864ae4b83c60bc1a7414ad73ddd41ca58d7c006adea3dc3dcc47993b1325b91c39392afae5a72f05577dd161d7a74888d2f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0ba5bf4e5f246940ec9e7abc1b7082d

SHA1
f8f0f2756c0b917d590aa328641a0e5faa543448

SHA256
b1e7fdf6914d7f9134818e27470c92b41e65656742b78683adc6680de942da03

SHA512
caeb02010420e42dc087232881e4adb6650e9e53e27fae418754c165131e3308d283f59ce7900d7cbc5de866eb129e4c3182e9edde0833c261d20a2950a7b8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
559384bf68b6ee5567165ea705a2da0b

SHA1
d7f0555e8e8ee075f1cd6d7d70a550ff700c1eb3

SHA256
3ad1fb841b992b26d6f1935cbe4aadac4bbb4f36ee5fbc1d1fcda2da599a49c5

SHA512
943065d13b55e4f7a126fd06f95907546253cc3eff9a56b8b5e6780fec0e09c62e6dd5fb2e1ba7f8d28531ed7392fb06bba86b5aac82feb81ea0108dafd41f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
800828af519fda3ccb63f904256cc5f6

SHA1
3d4b54dfe18c5f1aa75c101f8037776c29753bf1

SHA256
4c1887877abc35f0ae678a6bfe1344853a00333868ec7f2a86705cb432e3fd70

SHA512
449e8dacc69cc4b574e99285c4514697de426c7447ad615e1f7e690c3f4dde3c939ef8a2843c51fed7c1111a39d13d43e789c0ca1b0fe255d31011c83bfe4272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
554bf2d146da31fc562d89e7b68e35bc

SHA1
0d47faa1c170030ddf7554874ea687f4e45495f6

SHA256
3ca84e1a5ae6687c7e6a5943d953d69dcd63f2121d7204af4ae4716a9b8ea5bb

SHA512
98ed8267028c6a643a42e47bb0f6654f37503a86a2d8aac6ad73a4f7358a20ec3ace023e5e20c73518b9b696c5ea83fcf1b1b86399e05ecaa05cb2d8a4bdd4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
dcf6cbc9d69b937e4612e9b4e4594be5

SHA1
7012811c74a953f38fefd5befa96d22af7052751

SHA256
12fcb8273231cb802191ae541e89ef819cd89fdbf19bfd31e8a03bf76f34cdfd

SHA512
1df385206dfd32f69ca3aa3ec1dfeb5e965fcc42a9ed10bff788c12601e9a30f66a28f5439bb334c8256ba6839cbfcdec208f90fbe67b84aa7721a54685d4c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3703107b0cecfaa6071d0a36ef8a52bd

SHA1
3b5caff52c54d25d34f8768c8115f4ac59ed90ab

SHA256
d22bbabe5e63238d56cef6162ce755e0f51a45b4b0ce59b65b10243f4089b470

SHA512
5ca282ff14fd0f70e60f4581a4a3e5ac024b6de0cfeeb649ebef0c0163632cc77205373b880a050ebad23b6a0daa566b838c9128f180f0f88fe80ae9c3f8631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
079d446fcb3e24a149ff513eb398e20e

SHA1
e96d6f504af464ec66c6a22afb9a20c2466dcdd4

SHA256
ac1f4088365492b21da4f0cbca411e056ef2a8a9884fe369046252b0f1d7d153

SHA512
48c6ba7b67e07826354aff7bf8eb3e5f0e18c93b713e975c0c200f2df0e1a9bdf85f3253da330a6c8db86603f7819da8d65d88441f09b1d4c9cf7026ec2d505d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585416.TMP

Filesize
874B

MD5
3acf219a0792ec88f862bb270fabf7fe

SHA1
8e728d73d32552ae4fb0ae17457f6da1503e4397

SHA256
b12d1b41d1db9846036fb58595c5abc7b1cf398520ef5dcd89deb93a041b4cfd

SHA512
4049b12ed79c9552daf9b04ed9ea73a0e8d76156ef549f43a541c8f7cd361688e614f44ea79d646b6791256dbd041b9f73c4eed518885424bacef9e2a79d4dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eff7b550527dba323d52d1d3c59febe6

SHA1
bc4390fbb829de303a31138b8293d8d2e0aec512

SHA256
e280e3192b14bf9952b2218f6443cda2cd89f52c0f90621cb8015d38a2117f6c

SHA512
a5974bb6be6ae647764a94a4c14176be17144de5000073a60adf8db1cb60393056c17c17486c59e0612122c5ab22b9fdb774aa4928df2733c26ff59c0a336d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70fa18bb0c00b8a51f78bbf565d5105b

SHA1
a749af53eb91fa26c2caa48b0ae81ad63e3b4e64

SHA256
95274ef4845670d26c248968d0e4f2c54e2a82af913b735c82b3a938151b7c7e

SHA512
3ec7e32211b2e02797ce3cf5c8793111af2d7c6702b45fa4b14f7f5aa9fd959368ada9d28aaf6f444aba466427fa805f682d149f39ca7c8cdbba0e74b96a895d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f5fd8556803e310d417258dad5a0f9e

SHA1
ce26142f0473a9217320a4a78698a003a9425fa0

SHA256
081223c9f536d56e4b1000fe9d8f4be2fe5151f035d3a330be26c19ea46d6a8d

SHA512
3dc0d23d14a024968317b8eb219b6924ca93465298c283d51726d888c7a4c495e2f1db204a8b82c97329b32e21843d1ffba1d5a3a304e8bb1efeb3cf898899f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db428848cf5ad4a6a090baf0985adb70

SHA1
b649605d21dcf1c928a2520ef35588f560738966

SHA256
997e08e7b124521bc057bb05fc1525132bde0e020b4443cb03e604f971a07449

SHA512
ba1b1c5de0452e6095a46390162eb189bfc7054e77a56b32f6aba41801883bdef35bd985062de073ce3ff596efeb31fc2657dfb2cf391780e25d29e34b42ad3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7063cbd64cf4c2b3964b050ee65ba18

SHA1
abac136bf6b5fe04569cabf63e89ff575ef0a1b7

SHA256
66382ee8a2734e87aebe2d32e4d29dee5d61c1033b593f80d654deb35944bf50

SHA512
10670b4c9935a54615cbac4201e645c8820345e91af3c968658c6339d46cd22055628b2cf60528a0f4cbd0edeb253dca515ceee1a4a8ea761133bb234e69c52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cae89e5c3ffb9c1172cf9287f3d4b915

SHA1
9cb5134aca18d420ee40a28a6facaaed9b0b35a0

SHA256
ba833394581669e08ecf415f4142a0c293bd875c004da127a6efa1c11504cfbd

SHA512
77dccdd00c8d26d92e4bd741131b6f76878511153abeebe3bf83ddc7d5f41b0100df4f712ecc439a3cadb4a5316f2ec11352c991cfd673dab590c092c2e1726a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
99c4e5efb3bcc1dfdd1244be455a4aa2

SHA1
72b6520a6c8ac53b2805371e5d80e58db96bd811

SHA256
38060b1b393ecaf73172c580dfd18b870562bbbc5829c069627a1177b1399f54

SHA512
40b3c26fbf459c2946fc44391e0a1502a67d756f1791d15e3e8835575699adeb97371204bece52dc2feeba2fd72a88993f32284b8a67518c7be0a13e5d6fa6e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
8b75a8fa5754f33cb519333505874457

SHA1
798099960203c43c3445def4e1d12cf1451b6645

SHA256
57106318606baa39385f4f36a5cde8ee47a99742a9284da41e932467bade97b2

SHA512
73676a98e8caf820e273f2910b93053f77acefa1cd9ea5a693627e2313504a10ab9ea54c1201ca8e5c2f23f330b2e8d916c83865740eafa706e46a8832ea5178

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
032e24bd1f8711d9a0775b7a46684fa2

SHA1
0fa02dbdbbe3e13c54bec7f597802b1676cc6282

SHA256
85d5f1ed47a1720125505d5733282229e13b96e8515a1e80131eacdc1d766ba3

SHA512
fc50263d30c48f4c9bc8997b40dbe6c5655095a7b273b6286b77d60534031ea2e890ce5d933d4d3ed37d14ec2695140330b9829ce69b23f3776a46db7ea1e466

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
8KB

MD5
6614eac06f54d020c5815e314fc4b476

SHA1
13899d472ff9f3865fa93fc6b5ecfd10a83e598d

SHA256
105de32848d3c822f1e298b88581ff4653a0ca157c1c393e776a38655c4ebe89

SHA512
95981b3e657266f98f85a7c27f8b1e9a0ecaf062f06d1246b3b6a80a872e74d79cbd83164d5bffc6f4a371833f1d81306d2dee60ab4fb0b62cca0fd5afe23ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
d7d8602a277dd5e24f52afd36ea1f398

SHA1
90c1ebe9680b004fb591ddbfca4facf482757d38

SHA256
24dd8e361cc2adb2c09f726d6a3b28d4a7bcee56bfbfc1543b584e4a963eae28

SHA512
44cb02d12733edadf25466d4559928e43f734ca06c3835d58e5527e967bae7543694672ac93a8cdd6116c90fb6c2e24a46d50234daaf55ae28e573a04cd4aa71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
02b36327a373cd5d169e0e43746afb36

SHA1
8cddc3c3c01d1b72c60d176fde2238b5dcf1a385

SHA256
66adb806d7f4087a392be1a8a120fd4b73ce7c53203ebb7165ee3a51c5c66988

SHA512
c9ea15a95c8b2082f8497b327dffe281a868f357e28f8fcc9252f500be83d67240a3a93800837a9a17e3da1c700e1dcedf1f2e75915186f75e691127acb0778c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
88a298d9fd2e670bbedefa5187951c56

SHA1
a84f1af344f1d02e55e4a1fbfd27a2c8848d33ce

SHA256
c0cecfcb26c7c866fe6d78efbf31a9c8365071a2592a5cba6c590a21ab2990e8

SHA512
5ec97aedb6f69fafb5cf55ec22202fe3c91b8cd4d9a76f6756045f8cb42d32c01677e33bf1cbe21bada56b0fdde96a88c690976fa9c508816c56bcb5a7841cad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
fe138ff9f025ec7d069d8f0460a3c9f7

SHA1
0793b9ff0923f91cb24e5a9678d1f4fb9c9486f0

SHA256
a3012e9f7a0e6b7d56847e9ff0673d2dfa99973e31f3e6df824df7ecf39f7f64

SHA512
1ef1b68ab4fcaa1b05f155796ba4ffef407dafcac9a9c9bf7826653e2fd76ed4050985f1fface2f472f243e7010c59063fba45324d1f3a2d4cdfe2f40df1b16f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\43c2074d-3ee0-4cc9-8579-8081ffd71a3d

Filesize
659B

MD5
50331c67a3cc0029a1bcdf3cf88bf1a8

SHA1
84226ede72bafd88cadb8417f38ae453a01c074a

SHA256
092b7d2809d354e695458af27b91f53346f2ab642b9a5e9b793d4c3cf54defbf

SHA512
8582aacdab8bdf5bc98b5b351933015c96e047960f1db664d557d914740f6352a3b05910be4a4c2b8592b70b2f63fa664e5b2a0767fe6e3592f80e6f06d4c070

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\c6ef5d91-414b-4080-807f-6426c8010f90

Filesize
982B

MD5
d4243f81da7722e8cc4f685e9561628d

SHA1
59bb5084117c9866a757aa027db0d3fb080b024b

SHA256
64cdea270c6bfb68487083e26dbb54adec9b3e7deda25c249cfffb6834e9d12a

SHA512
cbe22cc859808429aecf9478365c3f658445dc459d676565b850d40c3126cc285a9127ea7c97bd7df54d84c5aa8f189cf83401d996de743b2f2631dbfa26dc80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
10KB

MD5
55006c9b6731b47c7c5067b942dbbb6e

SHA1
c83cbe59e017ca214b06bddf13a2c00319dfecb2

SHA256
2904332330000d2a6eaeaaaef2d833ea0e2b70530585b86e66c3381921609506

SHA512
006f9bb25c20de8954c66bd600061dd7402e42ae70e456c49f38cdbc0a45e33604921901625410eb3aa3736783e781b0f584d8e558e129293a1b548d2d759681

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
e19be5391ef9dce57f3aca1e2558c8df

SHA1
d02089b3615eed00f89ed4981fce97ee424aad48

SHA256
571a549abf17c06f67eefd936bbeae1c2774d3fb3b681bce48b1f0f53d64b088

SHA512
d9e1e56201ddc1cd5e3144eae0304d96807836184f32f316d402c34766027e097bfe84e9e7cf69df927e3a9243750a1972f49b6010eb45cc9f0946441a739628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
cd63de24de86455727702dac63c60b11

SHA1
0100a158402f887589fbe078a024c509a8dd716f

SHA256
e4ba5e1b1a2530bbbf66d2340c7352226f49ab99f7554176ddab5a6457ca6b08

SHA512
bfbe173236382ce6fecf493ee4a88223c6a14c1003120bb405d798988fe480ec85e38deddacfb1d73d53dfc3874ce322c36d2f8a8a8640aa70f32a16fd510877

Download Submit
C:\Users\Admin\Downloads\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6

Filesize
8.7MB

MD5
d4e533f9c11b5cc9e755d94c1315553a

SHA1
9e15020cd2688b537bae18e5f291ee8cbe9a85e7

SHA256
7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6

SHA512
149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 202239.crdownload

Filesize
6KB

MD5
b4978d1e7542eafdc7b3908a5f45b8a6

SHA1
b68ed71afa32b7ba4de42feb7e0c4da2f6ff5a57

SHA256
1a8083787b336b322510f93d930f52aedeb90d2052501e864bfa5b1906e74d58

SHA512
def529cdd9216219e1ba55dca52a119de87556db0ee1c1e2f8d6257ac99b59c6015e5db23f2dfa94bdc4ba3712f5ab2caad061e5ff77c56acd4a3a8be54cdd1a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 409013.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 409013.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 535868.crdownload

Filesize
72KB

MD5
da9dba70de70dc43d6535f2975cec68d

SHA1
f8deb4673dff2a825932d24451cc0a385328b7a4

SHA256
29ceeb3d763d307a0dd7068fa1b2009f2b0d85ca6d2aa5867b12c595ba96762a

SHA512
48bbacb953f0ffbe498767593599285ea27205a21f6ec810437952b0e8d4007a71693d34c8fc803950a5454738bea3b0bafa9ff08cd752bf57e14fedf4efb518

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 705918.crdownload

Filesize
17KB

MD5
4784e42c3b15d1a141a5e0c8abc1205c

SHA1
48c958deba25a4763ef244ac87e87983c6534179

SHA256
9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c

SHA512
d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 757619.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit