discordrat | hxxp://f

Analysis

max time kernel
1798s
max time network
1789s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25/01/2025, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://f

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMjcxOTY0MzA1OTY4NzU0Nw.GRp5C3.1IQZKZy2MbSnSwYaKfezmz3309HRsXz7cT4OEY
server_id
1332719292151763025

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Downloads MZ/PE file 2 IoCs

flow	pid	Process
504	5196	firefox.exe
504	5196	firefox.exe

Executes dropped EXE 3 IoCs

pid	Process
5272	Client-built.exe
1332	Client-built.exe
2128	errorfix.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
672	discord.com
678	discord.com
141	discord.com
161	discord.com
164	discord.com
428	discord.com
431	discord.com
673	discord.com
140	discord.com
148	discord.com
160	discord.com
429	discord.com
430	discord.com

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	390	https://chatgpt.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=9079105b8deb9405	17

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f76c20b1-fdbf-4749-b3c5-3829e0e9aefc.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250125143535.pma	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Client-built(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Client-built(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1688	msedge.exe
1688	msedge.exe
2932	msedge.exe
2932	msedge.exe
1968	identity_helper.exe
1968	identity_helper.exe
6000	msedge.exe
6000	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5196	firefox.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5272	Client-built.exe
Token: SeDebugPrivilege	5472	Discord rat.exe
Token: SeDebugPrivilege	5212	Discord rat.exe
Token: SeDebugPrivilege	1332	Client-built.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe
Token: SeDebugPrivilege	5196	firefox.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 5020	2932	msedge.exe	81
PID 2932 wrote to memory of 5020	2932	msedge.exe	81
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 4436	2932	msedge.exe	83
PID 2932 wrote to memory of 1688	2932	msedge.exe	84
PID 2932 wrote to memory of 1688	2932	msedge.exe	84
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85
PID 2932 wrote to memory of 5004	2932	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://f
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xdc,0x130,0x7ff8668446f8,0x7ff866844708,0x7ff866844718
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c9525460,0x7ff7c9525470,0x7ff7c9525480
    3⤵
    PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9486120953992568892,7315247752858261230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1700

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1988

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5272

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5472

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5212

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5400
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05c04421-6f28-412c-9ac5-b5bc26dc3fe8} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" gpu
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e2b063f-0f40-42b2-a5e0-95c0c90ce1be} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" socket
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 3100 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3cbbb5-1372-4f9b-aba8-806080b77d80} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3768 -childID 2 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77442ee0-6054-4be2-936b-ea1c7802db96} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4572 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4568 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {431aac25-df2d-43de-a96d-551fed528d29} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" utility
    3⤵
    - Checks processor information in registry
    PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 3 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81191933-fa49-43e9-b9ea-e12d7c63cc5a} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8dfd736-fffd-4c9e-8b45-7edd28e5c1e6} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 5 -isForBrowser -prefsHandle 5792 -prefMapHandle 5796 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced1eb69-bab1-4118-8849-3fb9cf0390c1} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:4868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -childID 6 -isForBrowser -prefsHandle 6372 -prefMapHandle 6368 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74c4221e-7a11-4eff-aa34-a5e8497992db} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 7 -isForBrowser -prefsHandle 5204 -prefMapHandle 6196 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2860f30-2f61-490b-8ddd-2efc037f8db4} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6804 -childID 8 -isForBrowser -prefsHandle 6796 -prefMapHandle 6792 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52f60dfc-5fc0-4779-ab32-03a4c784f64b} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 9 -isForBrowser -prefsHandle 1264 -prefMapHandle 5496 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fe0d68f-9768-44ce-aa58-986212bd1ec2} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 10 -isForBrowser -prefsHandle 4088 -prefMapHandle 3880 -prefsLen 33883 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b51aa1f8-8709-4827-96ca-168ac33c13f7} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 11 -isForBrowser -prefsHandle 7132 -prefMapHandle 6764 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8945b748-e339-4d61-b7d0-72dc537d719e} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6692 -childID 12 -isForBrowser -prefsHandle 6836 -prefMapHandle 6820 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {233fd32d-0072-4518-83c2-142ff5b47ec2} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8272 -childID 13 -isForBrowser -prefsHandle 8280 -prefMapHandle 8284 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38498098-4950-4bd1-b45b-117a64212792} 5196 "\\.\pipe\gecko-crash-server-pipe.5196" tab
    3⤵
    PID:5104

C:\Users\Admin\Downloads\release\errorfix.exe
"C:\Users\Admin\Downloads\release\errorfix.exe"
1⤵
- Executes dropped EXE
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78789c91e16d10f550331b6172ea4751

SHA1
aee25d6d200d75e8a0f753f888d19545278999c6

SHA256
b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24

SHA512
ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
20ce33649b0aa2e62230849d9203743c

SHA1
0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561

SHA256
482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c

SHA512
332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7aef4886cca74d1cce1293c3755c509b

SHA1
1795c2a455c6d98c2dd8eb4b070280e1c7bf983c

SHA256
c4692efcbb99a94a06aa2a439b5b21cbbb430c1db2c380e0180b04fb3f89661e

SHA512
69391302ed91eadc6b991a8a9b7c76810806172f6d3f1336d0a8edc6ac78ae8c96b6aa8c0bc8f31087f80b02f24c6db6569e4088b60461210c965a1bfbb72881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e0c561312d8a7506fb7ebf01e0fdcf54

SHA1
9d29e691ea1e4798fa5274142f70bc6c20865744

SHA256
a757e11b12f82d4bf8443db18d6677c01f6b2c97ca916470a466ad12a570d50b

SHA512
5826d006ef846412e557c40afa0e731e3ffbf8d69fae84e740bebe134ea49305525edf39ca80c48001beb30ab3d9ead58251139c6f93d7ecad1a5ea4c8dd400e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7bd56402b1be51d90dded4f2d301b67c

SHA1
49e777788a606364dfe8d82237915f9d1cef731a

SHA256
894cb14201e1728f67ef9f2cbaa15b4ef981b4e9386a4406b700b4415697e61d

SHA512
4bdabde7438f9cb6639e2f8f2d6b2ddbcbd65a72c29e32677a8c067debeb23de24b066a64a2375c00028940d899d0942046bf10be79b94bc1bee7be76ff77c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6ecc2795f50afd95c62d101a1574b4ab

SHA1
c339ffa2d4030be99f3c367d248ff8443f335a5f

SHA256
88ade527fda92c22ba15fc2404a31d61393e7656a445bf63ddfe06055e3af4b7

SHA512
3e74dbc9e3c70dd580e2a7b75bd4bc69a1fe302f61c5f2b48c547931aed481a59ee57277e5cbe21726c49612d99c4b5352b34b691e62cc0a8a140141d5752af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c8c33b87b5da1304b30d43da77203941

SHA1
9a057fdb0e7b4e7ed3478843ae6850af4e6b66cc

SHA256
0999e2ddd7d18481f8f064a60cba89a5b9a3cb7a90403dabc6fa0d9dab15aec2

SHA512
5e7aa273e4699b3f38edd072a2f27927655765ace9fc8791511521f001e58913736f846b7c97d0568a18fa02cc64ef0cf6b0a884d7a1701c3be16032c2bc07fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
26032e013f38a6d860cb9832cac3211b

SHA1
4cbfe33e065aa6b5fe15f098ba7e8c424efe19df

SHA256
961dd59032816b22ec363051e502b9fcbfec408e693aa0c5e889f0eee5dbdf26

SHA512
8ed7afb41410840beb1a61f2379bbc98f7e169fe551a1c35d6e9bb77676fd7f286ea8298c956f7b741e5680e805dd153583c0c20f8e382efe843e4d07661e4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
71be65ee8a410d6537d6beac7f01862e

SHA1
c84af7dc385e8dc3c3a207b947f7fff21700549b

SHA256
35fa86fae900ad698a8a975edb6e9ecabcfd73fb655273929119aa105645e44b

SHA512
7f0160b7c4035c3b888572d23cbb79e39d04dc674a539f12f74855cf02b569e0cd104bfc344dfee46637a435e65afdd61a7da10ecca1156fcd9de535ffbdc9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d68ef43b4a7a8a19e2488409378f56c8

SHA1
e13c586ee5c2b948918d05941cc10959ff4bf636

SHA256
b9858071315b7595bc67df594ed73e249ab70ae36e2243f08e31868764c82224

SHA512
8af98a649d82283314eb0c349dd7334ac0bec5abdbced57e335d06ba8523f9c0851b41cd5ac482318ef58d5e391d505c2742b441e1aef3ed286b667f5bfa7193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dded21652010c5e82476e127be3be034

SHA1
6b4fcc607f8eceae1cc4cae047dd03efa89d91be

SHA256
33882cba4027f1809841bfedb966e5e22b75c49f9a346914b2a5171e2d5bce08

SHA512
74c1798e72fa301e919d61ea529d1c5308ebb01b6df518a111d1212b8b39980070216f77b9899e770eb2f59d0ce02f097a06d6a17703660f8bc4d8d16342b243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
995B

MD5
d4586532558d35756d6da44f9f34ec98

SHA1
d344997fb1793ed37fee47ee1f4abc8ec5299267

SHA256
a30eef4d7377a6a9b0174d185994cc43cbff3c23b97164f699102feef68645af

SHA512
cb9804f55d4405a4e8b599cc297dff83ef29c8f2fd6d64da5aa7aa4215544ef5c9de1fbdeaf42a6522c58d5c5a5047baa8d42eb02aaab3939291b12dd47a84fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b9e0c5fa250cd88935235fce5436eaea

SHA1
2d3e09e3917ddda1bee69cedc425cc0c7c562649

SHA256
c7fc0b2cfbd44369656175653aa1b0854a6288aa5cb1d267743aecc7a66cb4f4

SHA512
aaf0808dd8caa2a136729d7cd127664649d376de22b6851c325506a5b9180813bb6f47e4b8dab91338dcfcd3a6fc4a53e3dcd94e9c1cd7e9ebd4cc22082a3e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
89766b408a3b054cbb8a2f137e063902

SHA1
db8bff2784e8e3254df60e1e53d337ac09f4bb60

SHA256
480dde2109088f6c9fa6f79f9823469d85a137457e3da38bd634afeb7a162166

SHA512
a4672048a8b4c07597f94f55be8c4da4c4c244e19a0e2caf58ab6488430f060bf38810c55010472b3e22654d3cd97e5f70f628ed925263f275466d3bf3dc822f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58ca50.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2f8e6309600fc344e90904cccd839f9

SHA1
ddd81967f224ba247cbf70c0d4b584c076cf2ba1

SHA256
31e9d00f22d9435dfeaebd5d38912c83f70103e90506199ad7b650f7b8203546

SHA512
c66f4674061992ca6f502f4831d78fd3686eae82b449966c2e954e0248c081bca9461f97c05fba0af822fdd20b9ff547bcdcfbe90a24bc4a3ff4e86dab9769bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3e81d78d7d31811caa9933ee1f5a8e5

SHA1
9e36fc86addfd4b0c122eb7148dbdee2d0413f03

SHA256
d9809a02576cfd98310f5e50d87724e1de5c945ef9f8ee2bd0a086990d97ff21

SHA512
479bec80704be5642fb60d04ad4a6da8ff51b3d88b2c721dd0d4d1dff7418a7fc0dec67fe464bf8b9c9bfe8add8452d2f87c943c3ab162c49c46d2fc930c28ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff48cfd86952c47775f8f774a316ec86

SHA1
3ef5758d59830253dfdf8fddf38862240fc2578e

SHA256
ce1feb4b97a7817811195dcc8946f1abac4c2b011b00873d8c0d66e636092bbb

SHA512
6edb78e70e7f019a52d329dcc52a07c326acdc8b7d3f0abb4ce34dca23ad4828c8e7230c38cde5e7cfd9a6be1b827c9590f5e45ed7b602556cfdfa19122d9e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7e4d15867f828beadd9ecb9baf4139c1

SHA1
6f88a4e469ae6d3f97db2059e6e207088a91a292

SHA256
7fd0061b69f4265b5477c22aa76846bd14cb3ba7efc72837a3eaa48e04141695

SHA512
c0e6c5dac6482fb1cf9a0ccf97a4e77c1514f4b8905ceac827eb2e11de0d2c5843493effacc0c642e6a541e6bbcd03972389a9d8d1b602281d7631d236166012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b385c0036e2bd0608f422ed6faecb6f

SHA1
f8ca4b60d372f790b546c7c798bf9bfa8fd340aa

SHA256
c20d1007fcff5b8e6099a651aa34efdb24176a3a5bce1da9bdaeee7bbad0ebb4

SHA512
a57239473509af19e4e1c00fd60fa81c86815f09a73872dcbdacacf7269c80f88d5b518f4c54c8b1453c96c574d637e57c5cb6c9328cecace26805f5c0fd92c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
86475263d4ef1d846d8e6b33063d530a

SHA1
af7956790c01c0b8324347c1fb35ff8244add8fd

SHA256
bcffa6f97d997c1f3d6ab049c9d88c235119908d937479f96bdc9fb15cb87489

SHA512
6249dd7b98fbfbdff89cac2c217bf43f38327aea2ffb713e853275ccc6eacad727bf00cec8b9ff002c7de37593b6dc6330e5334d53c4f663a3ee5ed89e687a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
33a9fe43f6eb33d72b1b44a9c32b5365

SHA1
7393c38b4ca8b5b418c05e555a6cda1622c317d7

SHA256
8063a5133c8bc06a7e702fd48ecb5327f2b889d88813e914ec939e0591680363

SHA512
3e9544799dd39f87ca8f8255f8051ecd44e799a936b997cbb8e169e699751501c8a07ebdff5598e006e6835ede4d054dda088a2d446d239db7517ed26604d074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42a60bcceed64530f0476e257909b007

SHA1
1ea9823fb95f22f4c83ab1a421011acad316bf05

SHA256
ff445163d7d5a1b48bd995cf5e01b1a2a66229d6d161b700b7c3f95fe44a343d

SHA512
ec8dac3b57562ccd19ef64c98444a9289daa68230fce766c59827f78cfdeb3b5fdf76ab230cf42a399db8bb58dfdff9ad7c9e317157d8548e763559108da0e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
812277e01b5a22e5ba0e25ee7e9c18ea

SHA1
32bd84c8c9f58b63c12e85318fea395c06367c96

SHA256
e6067b1c856d7ca6e96412cec4f84e4b8dbe352e808f0378fd354ee7c95cb046

SHA512
ca4043a395cf0f5ba308eeaaf86eda6998f6a95da869143785431fffeda6d591bce16adb77eae0aafaf20329745488e9138e36ba2a5aec856046d1bc56eacb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6052181af65f20d16b216de1191f801c

SHA1
94bcd927d264d5bfe856ffadf5251aa523dc6bf1

SHA256
90f128a91e2467feab4cb54d4a39179eca3f4fa1d15850db3d0fa2e81a948183

SHA512
85debbd4b26d09f2064b718bc2c19a390adf4bcd65836dfc57948390a9c23ddaf725fc84ffd89937fc8f2bf3040beefd9df4e00b57a872ea4a894fb6bdfd0e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6680fb871afaeb3cf87cbdf00b5b4fe

SHA1
8de4aed9816fa295fbda44e43cd377aa9bd2c52d

SHA256
93d731cc10d0897c9fba3cb236e70dd3ea0479b45b5a25452c1dd36456deeb6d

SHA512
527becf2773d1695af85e738c95b1d3359cb96e37871bf4da7d1aa6a0b3e5d60812cb961f2a3f4c263c40f48fc1906365edfb740ab7b6cd00a5bc4488352fef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b5fd2e4ba4785f76b3be9e0a883307b7

SHA1
ce1738c8f5614659c9222fd5b7d1224b1f542cf2

SHA256
8104cd7afe921aaada4f3e744ebd094d9c74ed9c2a2ec69558e5686498bce830

SHA512
32bcb3080b56d5b540d58382ed18a5457d4bcf7365d6b0b0306dc2383b927e6d61b2f38ddc9ecd4a259ca9d6bfd4b053831977b46bd3da48c3b5e59902c35ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
185080eb3d5b0a66db58e0095f8c331f

SHA1
bff8dcc035b163b0c9ec6e4407733b86affef965

SHA256
113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331

SHA512
75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed5208c1f808bc3060ee268b37756402

SHA1
034686621c966a7ffbd112d425fa6fd600d0c664

SHA256
f1101bcaf7c09312f161e9ee88255a6869fef1a8ff3dc11a8a46b425d444e710

SHA512
beb4d264aed90cdd73646f674b9a9d7c659b0c11994401a96ade73e807ebf04b8166471d35aedb0e41acec52576c3ca7baf2c0b20782f1e7fbee57ba701804f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22e1b0494151a2b3c1f2d4adff3ad6b2

SHA1
8318a793af7b700cbbdf8e1f3565819458eb015b

SHA256
ab2014a366de5ef2a7d65617e02de85da4681745ff7942134476ce108f3755e8

SHA512
7da9e31d410b4905580521ec0494cf037224431a6819c1c5a365f5781e0e678766daa2eefc1b6de7345a93bf307f6b784aa6c917d3fec116477c2797dcdbd48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9696b06d3e10acb4b4714e348a2b0906

SHA1
12f79aaa35039ee6d9140c678fdf100eff66b1e0

SHA256
7a1d8fb5a2fc912a524ffc9e02f3d93d8fb15b652d976bd1171fb22ea54eac60

SHA512
3d8d3df14ee404cda5c4ef68d77d48b0e6cc90937d943147e781bfb2319b6ce17c1bde089abe02d42321663583279415acb619de822d5ac9185264d4c52c8e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33ad3306a5f9ed5fdbef695094abd0a4

SHA1
00b910b12d0970c61a593b1eaa1c595062e6a503

SHA256
d14028d8c0c33ba846ffe3a92a7d61528eefb25e07f423cd233e42716b5f447e

SHA512
d297fd35f7b13420f617d33ba3bcba50792ab3c03c3f2bcfadec7a86e5f0537d51819115797fac4d0b2847f59f031248bbc120245c8ccd3f384def43f6bfb126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb8be7019b7f82a916a2b737c2797392

SHA1
a842e7882e98c7648e6d82b7263d446bb55b028e

SHA256
0df220009928f2e66e9261098a5cd6bf8f1a17a64750f020ce211ca510996a65

SHA512
eaac7d36968e4b4423293938e6d155d38124c7ba056c48fe7efd42e29ebcc60ac1ffd885dd35c37f5274400a6175e8b5bdf9059100e48d65b1f81073eed95efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ced4b3615b95873cd0a13502c2343416

SHA1
bc14053c5445d54e75c3fef4a420b13980474f4b

SHA256
8ba89fddc4bdd05b4352f3e128299785df083937878203bca83a54b358c136cc

SHA512
b5f571fe982afe98e225ef3975060084d39796dd6dd0a2f11ca242d235a3fcaa6c57f2e7ffb3dda6ea0828c331427b36bbd26b1b5471674e5f8b10c05dcabd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58198e.TMP

Filesize
1KB

MD5
d3cdab56778744aadeddf7a407f854d8

SHA1
54203d4270aa61cdb20a5aca3bda1c72d2a1238c

SHA256
a0307714de0b363bbfcf1cb2e0fb3d95313a17b95c5cc55ce068496ca3f94dda

SHA512
82a3bd6edce7093e4f4bfe9c5ea9264ea9a3ab8f73cdbf459a94d4182204dc63d9cfa5810f9a233952cc1b580321e0d2114ae82159a56c35e9678b40e3eedaa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
529cb9c998b043853c93ef877b039b82

SHA1
50cb93749a061b7b3d660cf2923d2abdb40147da

SHA256
90646bfd558f11c36534ee281dc31b42b1c661fc17f30711aa5d92f59b1111a3

SHA512
2ec201bcb855091deb4d0e49cf0b719262aebd6c1ebc4b44c1001d97672947f3bac0e4f50605b283e8b99970c6c70ee60988c1ef2d63309c30bb7deec917bea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c3cb3e30029b8d4e577cb4341adb6cf

SHA1
d123811e08a6184545252d357fa3b4059221a32f

SHA256
70f99b573a92ed4473c25132868cbe90d997835efbd333f77c598ead849f3305

SHA512
93c8924bac2be6e8b5a312ff24f3969f240d0284327210d3a70d07c55f67fcc2a0051701bcb6e13cfc1b3ffd23379840288ce7cfc78d70e92202ad04dff00da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
246f8f02af3333bd62ad207f85e38f4c

SHA1
e5d0f899eb5abac86db73416f05b85b2b98e68bf

SHA256
312bc45d7c8ca97171338e1ba1371ae0fb5b8f819d41911146df1df458d15efa

SHA512
caa6f232b9feb2d7ec17135e33d1a7e735f5428de2a15e8f6c7f903e7c68a03e2ec19f27a85199698e285ba8a57ab78fde6af097b5582a37e7a260ab23387310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90ac874ea90b082e806aed89d2d5a681

SHA1
0f3bad7c25a0450c02a031ff5aab67c5ed5956c0

SHA256
e09b79274811d7020c7bf9292207fbeaab6ea495b20b042a7147f3a07f834fcc

SHA512
bec6d8fb491bfc20cee49946df346e96f6c6825be2927425d44c18dbf9472a2ec6c85c98753c558fa94f527f09bd4db76b620b4326aea69a8634e16a96412f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e5fd07222bf33eb429dfee1f0e299817

SHA1
a232f40e9f1f871baa413f9556ceb65b934d79c2

SHA256
cb7ab302c930526a9095a7c2be300944b4ad0b5d6073654fa40200e5cad171db

SHA512
2c8598f97eebc9faccac3d88ff3332ff4f6c0473989f42cffb9bf144603b4e129540543852216f7f5e035b7b40e9639cb440b17c154f97dac586a29300b6718d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab5d9139b9ac08af83b627e8721b8e23

SHA1
505872561ac3558beed601e626170f354caf55d4

SHA256
50bb8ae447d4c7e20c058b10bdbe26d1c6edd02440b443ccb624f476fe9e9c71

SHA512
0ba3ed9d2e35107fdbc327179812735740692278329def3ff92d08f203978249680ad558dd670ae1a89f044fd68938dba85f7a57a473b423dc4fa7cae18372a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e71d9daf860932ea1c899666c993968

SHA1
013e7f1bf77022de101ee01c9df0b3db0b699505

SHA256
df2c712fc8ec69721c1c838431bce6b822e52b7596af4f482047bcba69cf5966

SHA512
ee79e9b1ec93fa5b4b327f485edb2e8fa11190fedfcfa9ab0a250756d65714ce52ac9c3e9c25b8ce9f16c10848f424263bebb5380079675e84fb5361eebcb30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75459a06b9cc12616fc7d4ca8fbe5370

SHA1
c0c4714e8b26ab11e186d984ca020761b09c1700

SHA256
5f3129657ffd24ab4bddcbf4efc3883271f33530fd4cc144d990727d9778774c

SHA512
0826c2b2b7a0786897dc52b6ed7c6dcf2ccc81dc1bda56295ba0c2dfef3f993709a63c66c6161a63ef38792a1b8b49a8544ae3e0e090667324ab3de4718ce3a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
3ca6b4fa27db5fe05216f557ebda3d02

SHA1
9cb385a119604a72b5c8607121c41a04678a3a7e

SHA256
0755bc7a6ac2e178f0df7ae96a9c8961045051a7a14f40bd35a57d8e8eaa10e8

SHA512
f0f9c736cbbfa841509f0d853fdcac7071f8c007e01ec5025db79b931fd7b2ddc700fb6d5eb3aa4e58ce77473c7032d8354f2cf9ede8a742abe692df7be47b4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\013631E4BC27A3AEE0D9BF881905754A9B020ABA

Filesize
81KB

MD5
4fdab0f4844cfb11b49293c4f602807c

SHA1
15ed5f88ccf05cd3205dd0bfa423f1841d732120

SHA256
79bc2e4b36cf8705fe0466864d0c76af64501a6b90004096eca0491f9a165553

SHA512
8f85ca9e8069e5125b403d1af5e2ba1f0b97844495bca7c690aba70e07fdc201234c724798531932cf8c411736dd5615ff61fb16315b5834794f7c172a57c036

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\108D0692F3EBFC75DBE9C2C9CBC6D0AA65C19947

Filesize
81KB

MD5
7484df662c25dda3035399e5a13bc7c1

SHA1
a8ef75b7517360b0eff3f763cff40c25a2a17ee0

SHA256
cb3b0c0dacdeb00733f07e6a1165446de5039ff1206726d9f65ea62050cedfe7

SHA512
09de2cacf733b74d19ce10a1fed9477ca835bd8637452b7145e0f23bda37908c925d820a1cc5721579495bb38700db32d07a84549f9069ae818e81af2c466fc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\2EC53699C48AD649C756CB158AE49D6BDBE45350

Filesize
125KB

MD5
247d6bb8c3c002d08977b6260aea848f

SHA1
ba07f15d3f559d7cd123dc7ed05491547dae563a

SHA256
4385b5da5654c528027ad2e2d66a64ed18edfaa9aa39fd9e528e87c3b61682e4

SHA512
fd2ff006c9ab346171a92e12148326ddcf2dd79c0b3a74ef72bb51d6b0a2fdeca26662def481d2b819e5cf63bf9c86f1560a79daa2c0f18d45c872e1eca287a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\397DF00453D47458B46CE8B583FA23B5D3C83591

Filesize
141KB

MD5
dcce80acf7affcb5ffeb17f96a21eb00

SHA1
b7aee89a154e02deef84b224147afb97bde59a44

SHA256
3bd29372259ff8e610ca4f6dccb6391719578725cf955bb1bc85727de518928b

SHA512
afd47561441e8298728f75026bfa4464b96f8fcd98aa59d33470ff8e0cbf8fc4668cd533ce57676dfb2bd246bc727be8e294025f347ead0e041ef75cb6697ec7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\51B577CF94B61510CE6B32C34BC4CB935759EF1F

Filesize
35KB

MD5
4c38e9a418209fbd8527929b612f2b71

SHA1
6d193d87075a037edf2da57772c7086ce6f28ec3

SHA256
82d45591be20827a9faf116dad2194b3b8133df179f8888a1e0e69d80cc3e984

SHA512
e43f9fd7c3ccd74d7f3cb59c51f3b67619b2eb6afcf391a9b25679e71a060a13e7bde24d9d52a41fe27fb87c715cfc422632c63f14edb78bb17ba06ac7d0f8d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
218c8ec83bfb43385e348bbb7dfe9a84

SHA1
625636fd7b64c330999fa8b163a0df8d77b24c47

SHA256
33d78b61789aa6942d8d978a99c63e6c16a6c10440dcecfe70979e777de2f4c4

SHA512
a0928e75cd232a39bcf99dcd3f4ad293158bcd4895ea30abf85640036370f4034f940849bdbb406bc2c9d50cba99ff662e8708a5d168ac49944837c07be66a77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\8CF29F22529CE983B276A0EAB0AA0762BF196BD5

Filesize
162KB

MD5
0d7f8f42e043b3e7f1310e330ffa45b5

SHA1
15ff2db5e9023e25a8e749323a89ca3b0c28808d

SHA256
147923756a954d8b5899d5db42ef9254389a3e8255e833e0b650af3e8e89decc

SHA512
a425247a9f54f5169fb19c192c5c3d5cb7e41dc109dfdce6ca626c687772ef95b225ca0ffeba766811e4bc9f60e3d459a364f70b19390c9557a929be7b117391

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\D28E6F5847C0A0854E22D70EC0F0082359D97D01

Filesize
224KB

MD5
4d6dd5482963180a8ce24310b4f33dd0

SHA1
280330497c4bb17b0f7507d462aa780cdc02ac07

SHA256
b2bee0e4dc997d94914e9fa6b0d7d8a835ec63f08e807a3ddb27f3d3ff325086

SHA512
45def7061f3cc9684dd94062dfb0504814cba8cb3791078653206e3ae6e357cb6ee8ff5447f17298ad4fd4364ab68df9130e8a62ca6b47130a3a0a536536ef9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\jumpListCache\8niHhf76aSQAFdLFQzcGCWjDJWx3Xhb+CcqqgI7WYhs=.ico

Filesize
472B

MD5
5253e01a0c1007226a73081c283db0d4

SHA1
e3172da89ac4f125681373aecf71497dac518cc9

SHA256
67050ae618368f39f6556fe1c956a555662e3aa1b4138f8ef6b04f9e621883c9

SHA512
e70c7fcd2bd1af1ee695e13a66c52705acefd9628c08acc1f8fda363af89433a3c45e61604d190b5263f5ddd2550239f0b98a95bb5905efb7fc89c5165d99765

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
9b07143dfab387e8fd1e514b4e59c5c3

SHA1
5d1e08ed70ba444109a26394182d9d6e9ad254ee

SHA256
ee03081783302bbbe1bc79afd2a8d09aa47efa206687c7ad0053081cbcc1d14f

SHA512
23737e6ba75347330dc0b62e8a27d68ee420ad5e6fc51a49e6b131f58588e5781214a04b7d4ab09ee981ba20dfc9fd7cd1febfafd4f4d8a7f5a05638f38fbfe1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
15a441838dbfafce1d64c17a6f39d2c0

SHA1
75eec8c1d13c89f7aa108ba7e7671eca38d9ed78

SHA256
19af44d7b94300cbcd1dec9e45e0186fbc4a51d87b4afe1821d534881759f4a2

SHA512
667196cda7e9614fad02b7546485781d4e681d05fc3a0e3b64bafc7317ca41e225c237374fdebb15ee7649c60d94336580c366d25714deda29c233018cd9a3f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
c11de1a0454ad23efad9a5f6988b3075

SHA1
815dddeb32db82a485850952c16c6dd3dd7d8a52

SHA256
dc568de2d63369009e4ca7bd774999832273815f079892280426e64dc51e7d38

SHA512
9e2f758da716080adb561693c89cb4fdad496ea4db468c046d80d2801f12d80c841f7d47f1e2ed02493d75abb947dcb1de40e4f919cb16dff6f3294ec410d6a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7db54e00ff7fa3a071d91a7bb1edd03b

SHA1
9b766a4777ee5c36dfaf1e6491f640ff3cb77c67

SHA256
18024925c42f769726cbb95931a6b400e3c29a8f6e01f2210cf7723c14948551

SHA512
fe724d143b1b80dd92952fb1479249872d4c617426e314d2e358dad71787e81e29eef8096594e2aca781675a1b32500032137bd878b41365e02299e3e1fc30a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ed2f6d5f3076b75b55072cceb2d6dda3

SHA1
0e9f85111928caddff70f263e3749e3592a3ee80

SHA256
58fb1be826ccee56aa60e01d947442d26645d595efd78a5408673d15fb2a58c4

SHA512
75ad2f80226fb3ef13a7dca21f7092468fcc7dfe666f3cc076d574188c770aabd2121ee625d4e45624345131ab6f6d84e7efa3756f4d9e82d973d1c439948a9d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
1f7b00bf5acc9350cea75cd4379c0ac2

SHA1
fb4011114f2f807864c198cb4d3c002702a87d22

SHA256
a89f5dd23d9ad93065168e03807ec9ca5d1a1117e622e14afa117f7a39c26ae2

SHA512
812a44f0fdd116519771c28f868c556ff6395b350e0655d45d3ac26f601878a15b01e04739efcd8351303fa089c93e107fa307822d1bfa91fb2bf218d6599de4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\AlternateServices.bin

Filesize
8KB

MD5
9ce006b4897e7f9087857609c7245210

SHA1
14c699390791da2b398d2cf83803309362c53528

SHA256
a4b210569f071130895a5edb3f029865e45f60a87ec664df8e6c821cd8bee1cf

SHA512
e070d5d004a5ff7a38a228efa0dd578d727a1303371abd9f9eb9a6899e7f4ca67fc2511273c5827aa3e116e55ee796a322f5810d58511e797881ba52a7eca1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\AlternateServices.bin

Filesize
12KB

MD5
21ccabea6787bf678c1279ef27177594

SHA1
138d535bad002cf675576c0e9f87c0f917f79044

SHA256
d329f82cfb13fc26a228461e872302bd397589671c6a7eb42b08c0b4991a883e

SHA512
bd61a3b63c02afcab66d3cecbc70052ffb8faaa849a841f96d2fb21c535a6e8d3e75ab2698c1e30f6e596100113f554f86c085938c7a12992304b5e059364898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\bookmarkbackups\bookmarks-2025-01-25_11_ePmY4iiViBhuU7xD9I3icg==.jsonlz4

Filesize
1001B

MD5
03808003ef53c7e4c78848244a88db6a

SHA1
a7b2b051ac960d4c2744b5b9dc6677b97429520b

SHA256
f94670e7b252c728ff0d1ccfa3a9f0263d142637edc4ee00b587352006204248

SHA512
49e40299aa787af9f36e23c3d80618c1fc84e68eda5a413e5e26f48e705584d818af95cb38f85d927f4cccbab7866abd477b6fdd0c53c39554edbebd92be9da4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0ccd70be9c9499f4a4b800e6f8175797

SHA1
3cbd1fd1cc924b693298bd63fc60780668e69f7f

SHA256
528c4b8ef5c6968dc60d50f9fe08be6dc6c5b3339b2b0668ba2c74bf1da6f3a5

SHA512
a53ebc4cf886eca27344f72298257632beb6c4da67313f8e39c6dcd7b0204bf71b0256c55c76a8c33b45a2de2149e32030a29598254a7f632bfb9e6c2abca0e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d4cb3456e2250d9e3d6a2eb91071f5cf

SHA1
ce88da879159dbe35e0f39c7aab119de67f32ea2

SHA256
c5cd98b36ea00886f9c283dcf6ac039f437672d28128e24a2de1c29086fbde2d

SHA512
903e3e46d90e8a445c6261e78f1a63921fc2ae9699a01b05b368576315b443e6daab03987a9941c66817e2a127c459e98d4b2f337bd1ee08ce9f3976070f2e17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
1330ab7388a261b82d500915b3a6e5f4

SHA1
20229a7d3d0d7ba4dc1383ef763c944d3de91b8e

SHA256
5eb96619feee2f95400ffe86413157248513ef39b9e509108eacef804ae60019

SHA512
73293aab6a166de61778f618673a0c2750ddac472a543b9c692c1ae34c4bfeabd9d69fcdc873b5f616623d5b3c00f7d63bcf1282b949d9cfdf44ab8b377d2d3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
105KB

MD5
c1dd3f06ba56997bc3eb316786b9ccec

SHA1
2a74b153418259ff2c538f5101c2b7d23fc7387d

SHA256
a416cea29b88b28b1dc34b5941ace5afa7b0db42751cfdb7bb874bc7b580dacd

SHA512
ea97bd1c17367f5e7b72f503363f63c0a69aa416c69819570ee56d2ac367946f7802ed252eeb379465da703751c4f685f0009a582c33002caa55cd106fbab02f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\09f92f92-9970-4c13-be64-0601d20565a1

Filesize
25KB

MD5
fd931f2a58541c6c26555f0ddff79fdd

SHA1
756e3410b677afc58e3241d21351e0ba0993b02b

SHA256
d66545d56934edc54fed19f3900191ef31ec7a88068a21287e9050fe18e3cda7

SHA512
3a3959ce44060d8655369bbbead9d0092ef4f1a3b3e6bc43e92fc014271be9999c70e5191238cc46fe5dfb323a010f92e083001338042aca3845bd28ff3020b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\23e94895-b5b5-45e6-bd66-50d00d4019af

Filesize
847B

MD5
37f035944b48b2ac356bd79745705010

SHA1
bcb115f32293eaf758be8dcb9cff21f836b5af2d

SHA256
175a1d4881e6631ddd83152a30a78b212e4267ba44cbf89681f36885640b662b

SHA512
ef424ae12dbde2c4358b354d70ce135e7accff8bdb73c491ddf8c83a9c3a811c1a316a728968f611729563fe4e7e9c68843d3ef76b3f31bcd9641caf3cbd3126

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\651a39d3-2f15-4bcf-8b8d-528ca43ffac9

Filesize
3KB

MD5
730b2aea61a086b5cacf62a8839e9d5a

SHA1
e85db2a7d06af6e181fb00c9ce475e5c33fc2184

SHA256
ba5b00d2c9038472aab1d9979894dce873a746bca8597fe7be464c1b24e6b993

SHA512
541155f37aac7e7761edae9d1def001451f5e29604800b449e5266d2ccb26ef79be87915bf2b5058648397cf8e60e56517aded4706a7dede9bdac591ff769b19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\bd232f72-2cb1-4d3d-91ca-64c575b143a9

Filesize
671B

MD5
47189cf9ddbcbc2980a6ada2b6948ae9

SHA1
6d23a455cc6e726d6cad92e00d9939f3a22c39cb

SHA256
0f186334bb093b6a27d9c921fa164d0d8a74d8c108d30dc3d5e778f799cae628

SHA512
42be645f007d00a6365b6df38e6b1008df2419ff0e3074c93d5f7cad98292e825904e0c286dbd244d5cadf6c4e28a4f0205279cd666405ddbac3fada7a81f2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\ec7ceb76-0468-4fce-8b39-a506043443ec

Filesize
982B

MD5
576750f8993c6acb401bcc901a366d71

SHA1
83236fdf3257a9469550ebb76344bdf44096a84d

SHA256
0771f8e8e152678dcd8810de4daaeead02ae57e55b3a98530cdc11d1e7d87b33

SHA512
70a334fc7ce066647e9a05d9c6368ab6dc4c603683c774651b9fb54e52f3dc31d761ca066e4c05ae9a685e7653f52cad5622c28651b753f11372bb64ddf1cb14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\prefs-1.js

Filesize
9KB

MD5
6fa50550df3094dd1a9337ee98ef8345

SHA1
b7f73c60b00d2a1f584b3d16b2c9fe5f8a1f4afb

SHA256
40b6657abc0b300c424a7f0e9558d74e4ce57831ddd5aaef08a692458384b8fe

SHA512
76434ec75c7be7b914b72e8f3a2def1cab2748974142f7c29a4bcc38d2b314e93526812ca9c8304580a4c2ef3d81267fac3eba72c2b6ff5b48ebfe2d9a829103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\prefs-1.js

Filesize
11KB

MD5
66a168585e64be3ab79279a1950fb756

SHA1
be81d8fadacb586b0f542403d8c7a5a74e233da7

SHA256
07e959aec7e2d48fc8a98d8bd1d4c5bbc1a84986d23412460cb8f448bdaaf4bd

SHA512
3396dbab0b1db7fa045bc51f6be5e20c08cac8b1d37b1618f21fc5bdd5c0314ea372cc97f7b4ba92d67be934e52640017643c31562ee3ffad8625261e10dd284

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\prefs-1.js

Filesize
10KB

MD5
3743f089398265d65f7c3336e44e7bac

SHA1
52a25710b5dff65a7287dd736ed3122f13b18a91

SHA256
d9c6ecca5579cd99f6f600aa5be5401004f91d7f0377a2633e1de789b79ebdd8

SHA512
015abb7eb0ed58233cea230b8fc96fdc121a6c61bf750709c6fe0d6d21432ae5f3b7c41840528d83d542aa3af43646848b710d6a06f48b71c0275ac0d560b0f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\prefs.js

Filesize
9KB

MD5
128e5049d71726822c570aaa3f8e74e9

SHA1
8dfac63d82e14093784d9f9aea0b8433a1952766

SHA256
b88c073cdde7273076c74e02c76b1fe9983878dcafe9722bde5638da70cd5a43

SHA512
cda69e2db50c8087fd5a314ce709c614f0e8ede6bb01b9fec9dbd4476f9afe57f45ac3cbe21bc48fad9f9d47689a5e188218ca58cd9ee0794946b48dde868a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d1e5c7ce419f31c216759944107a0307

SHA1
64c21fb2523e4947aa68b8276f97ec45587222c7

SHA256
17b7e148d00be702d74a2c81070c4c30c2fb01145683de62ee2eeaea13b0ee0b

SHA512
95c5c0614832702a6bc5ac3745de81206a39eac6d469c7a787def7836336c88f9d034d7d5dc900a3336d3b08a322a1d1f434677784177aef766033f21c698156

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
e2aa3ff9a0475ac7333a9b5da8272522

SHA1
599505c633622009e9d3407d51b0e12245150f20

SHA256
6e2e05f3bb027bb9190d363efe53b7ff4f7feb351b5f62ee24d8efe7af2105ee

SHA512
212d78bbe8d6e0f3fc2843c94ea019c0c5bf04f782b0fdfad58dd023f79806bbf0de8c7563116fe24c378f0043a773d719b0ad7cfb3282866af9142c4ea741f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
690d0de704ed840a8928fbffb48a09ed

SHA1
8d68033ea1f78a5ab6d6ee403249bc188dbb010a

SHA256
124b1d31babaf6391aa859e6bd318adb6c4c1fdeeee4b36828bb227322fbb5db

SHA512
75b4fcfdfe664b145476e896f0a3e6a4f716cf7632c776414bf9d65494b6d11889dd135f4d21a86c1205850847653bae7f949842c810c45918cc7037d77fc10b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
473020d841df9a2601efc7fb23565221

SHA1
9f30f3214472b762cdcdb3a55f074ea1b9ee008e

SHA256
8add2e89ed45c0473e88a2db367d38fde3608ae1d571957ca23b16fe8a12a846

SHA512
c3be1243bafe2a0218009b840aadf778dfeb1c5e4ea0772ae08e2d99e7dbb4ef1f6cbb5b6a53f117ea5dd2148b27b17290e343a5895bcdec570ebbc4ca95c66c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
736fa190fd95e679aabbc9e130c777ac

SHA1
dbb0dd01a014ec6dfd771702a32bd234cd922b81

SHA256
66789a539d4226392211c6778412e18a6140f2df730a9708e5493f40b051dc90

SHA512
f7edc05585dba6b6a8269694f00c0838fb4a6154386d2eb1cb296ad9d416316c963ab7b56ad1cf2d8e7165ff740a6ca4de1242679067d94df08395f1ec2d6320

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
bbcab2764825ddd250fab9ea3e266237

SHA1
bb8c54fc14f3db011f3c846b385d385a943777ba

SHA256
44c214767c6372e5349ace5a78917be41a02e4d2b4c73fac0f24351e4586c044

SHA512
fb650817d7ae97eb6e82a3dcf2fdb1b516e7be60825254b8c78def02bf2e637387a8f62580dbe9af5aecbeb4a0b259fdd1fa4c122666ded2b49c4159f84d5d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
57c647ee14b16c11670f457559746ac0

SHA1
57e889c990afcd4602d329d2a76f7c092e9a4f17

SHA256
14373fb477b08161d8ea1e9c186e6ff1a73e18d41a4f219e891cf072d9f24ae0

SHA512
65a3b52c5a3ea861c3ed90d0a15f8c6fd9f3e0c1407fd46fcec8015d25442bba12efe93957e88fcf14f52072fe86009f179a99f1a2dd4261893482190ef81a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
5b9f947f83723e34d65514dc37cf7112

SHA1
47ad316a868d2938a7200f70b36bd79b1611c341

SHA256
c1340e1fa1ac5d77f4cf7c33b82e7f0aa26204d2581117e07b69e2022716b24e

SHA512
d0ce7ce019b4e291e687bf3c9a8ce68eeb7579a6bf93699c7d17c39dfb95545d281385c112de4a4830ae0c27255a733ce18ac62c63ffa61b9b7a890c2c39d782

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
309bcda56902845090334ecb05e0274a

SHA1
87e159da81639b98170542b0de434a11a396b0e7

SHA256
cdb23caa8634f4d9a0914ef4ac94afcaca4a9857982f52f6099f8a3b5309fb84

SHA512
1104b6271fbb5cce09df525aa2cd8ce66e6883d099ac9af04d4380ea3cb9ad71a817c673f8c3bd7299644002cd8411a57d14a291c0fd7852ca9183b2ab8cdd25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
71d6800a89feaa25125c9e83ec8d4d59

SHA1
c987b3b1f83d3ec72aeec3b698149c11ef00f2c2

SHA256
80d2ec309adc193a8eb3a24ff7e068d76366c14e52a2b60b808bfbb006eadc66

SHA512
6e6e0991a8acbc0e0837a57f022a765dd1a9a1edba78a9221e0d2add4c29b127c2a9a6b94794ca35649e2fffd258825e2f241d040b26c2980c7d950d055f8ea3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
8b143ad16bafb6f2aeb8bee2cbfc07a1

SHA1
08712f0b7c487d0bc41183f1ee1f0ddce07a07f6

SHA256
b2ecac8341f1c5f6c3b1cb13d451e106726eda7730c2e8348f477d3054158c72

SHA512
758fe5ac4633e3d847ce956ba24916b93eee5194c9897c3c5d0ae329e1efd8e5a110162103fd6c3c09bdf82e004f13b23f2a643ec751bed4d635a7a253891b73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
671f936fa2d10a57d0f1fe24a6fc480c

SHA1
fe3e0464540cd8d86bf2e37d93a9422fd2c6c8ee

SHA256
cb095966b40ffc4bc7428ff5465946215b80d2aa688ffa696cd424adc6224f3a

SHA512
d1d75e72e02c7bda653d48e77ec0080a4c37ddc9e4e14fe68d13ff872f3fd9e9a6a94efb7b42bd9b84940ff2b2bdf427e721ea6a23db04777d4cc038a947c641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
848ed5fe5298c8085313508050bc2592

SHA1
224ab583b482dca3d81bb2d2e95679a53603e481

SHA256
77c84bb3b219e18091bfec5dbb61aba9d3afdfb24bd5b51535f97a40efbdc324

SHA512
eb83603890bf2e0498ad7738f83e8b39bcfd3310ab5bb6af987d646da744ad619ff099d8a0b23f269caafbe40737c1274cb2f7ce03cc3509e5fb7897d450b525

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
796d030f09930ac6acfa2a1f81ad38f4

SHA1
af7c2611c865dbf222987d481f75b03ca6fc7a2c

SHA256
d731377a9cbe53c68f301289012d92598474b35a57ffae6a0357a9c61f5dcc1c

SHA512
c1cae3f364ce1d91a7e2c5f55bf0dc247903da531448781e7e02ef822af9dba6ff08e7a36ff0376aa353e18b51418cda87a2ef4e8f32993844bfb50a76bc9fa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
82a9fbaf9a3738ab763881face4e6457

SHA1
4a2385491a9ed287352d0c232573f5d888c79ea2

SHA256
d5a3f52d3c6467763980c65b3bbc0517881a08ecf9d61ba02796a272ba96135a

SHA512
9c44f72d6519fa69a29438b820ccfae6ccaa1304b436604e37fa42b6d600fcda4607f694bcd85b7f809d6efc5d6a1963a2c67c75a3e4dea8e3368ba8af6863aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
bda9f0dfbc2e9dcaaa6249a93a0ff83e

SHA1
2bffcac9c9a4686e558903071be1691b2f5dc468

SHA256
a8d75ed36e44a28f17d9424f498cba36217a8c8a5500ca49b3129f6a51ae21e7

SHA512
303219c9364a67374af1781ce1018d3c081b9156509e083e4fd7129c39e7173a55e1f47d352c86d78d4a5a9b3df110768c0d747bfb7a5c2c01e999a284f6d500

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
4517a6051ecef0020322c53f3e3134e8

SHA1
f92981ec36fa04cd45ccf551ad8f666f00d90d94

SHA256
94458cbfdd695134a3ba2f4ad1094c7302513d5ab94dffa45d75574f88b55004

SHA512
3bb93279cc27b166ee25fddc40ee7dcba3586122ad5c1cce30652c7fb2d38f5ce589391fec74f1de8509e5a3264056f8332be55259c9e319321552284ea5dae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
886378bbc14462fed281f9a632d85744

SHA1
a5e8907a0455f777ce4e82074b536ee9873306b9

SHA256
29df2b18826cbfec34fa15344171775aeb4290395ec8dad9430d033f53219a83

SHA512
d72c8547e3f14096ae5a2197351c04621893ff0d2da39d92a21c05a27603edb82a9e0e53f397015c488c4fede4d6d796b6e31bd142671be99d2bfe47d01a20fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
b282baf5379cd71afc24a67d177c6adb

SHA1
b569bf90a9d7c9ebb9cda902c9d71303d96a5506

SHA256
090a69d7b5df3f4d967c23d50a736c12087244ca7c6f2acd5d9a186ffca03d1f

SHA512
7ae72c2c8e2d2a444ec0ac884035693e5617dbcaa415ecfc0afe9a0a3f6d17315036bf757ba9bad3421e497926a4fea12c8cf4de9fc54a5a79afe59072ccb64c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
b0c80275aa85dde776681935de2556bc

SHA1
31b2863dd0d91b85d121ee4fbb152ab01b892f90

SHA256
56aa9706bff5561af5e94a8d0da2398ca212a4da1949d4b576dcae21c7424bc5

SHA512
4671939b1b5598e14d72936d0747a337c72266f099068f8c30cf84cbbf33e47d585aa203e7e658ccf1d20b4f0051bbfd2651740d991678c9619b5f38c3129e81

Download Submit
C:\Users\Admin\Downloads\Client-built.4rQUD-QT.exe.part

Filesize
8KB

MD5
a89b6aa030905e78c35c0ae0eb10b850

SHA1
3f1b9d58870c95fc15a1962708c50ffd6f206677

SHA256
2897a0fab54afb4bb1d7b371a8527fcabe7822fb3f7aaa51a81cd632b1baf635

SHA512
a415d30d0e453cf5d5a96aeedc8425986f11dbca89c699fd06db77e3045020a8b67a5b8619b74177087d88ed2163ed6e02411423918e432f64cbc7b7bc46c4bc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 435362.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
8b7621e5f2a0df6800250a2ddc35c86e

SHA1
a79d6517d8785490abd3b7cd5921975251395994

SHA256
b3ff63670fe419a60a0b1bddced6d6dcf3fef46071d603eae179715b8325b1f1

SHA512
f5d7c1c020dc337ea0aa31b606ef7cf3494e816e8a1d7d720da124b00343060bab6be31d0fb1cdbf199a35c673c77c1ec9daca9e05ea46ba601cbb64fa487c48

Download Submit
memory/1988-634-0x00000000097A0000-0x00000000098C2000-memory.dmp

Filesize
1.1MB

Download
memory/1988-541-0x0000000000ED0000-0x0000000000ED8000-memory.dmp

Filesize
32KB

Download
memory/1988-542-0x0000000005D90000-0x0000000006336000-memory.dmp

Filesize
5.6MB

Download
memory/1988-544-0x0000000005980000-0x000000000598A000-memory.dmp

Filesize
40KB

Download
memory/1988-543-0x00000000058C0000-0x0000000005952000-memory.dmp

Filesize
584KB

Download
memory/5272-667-0x000001617CEB0000-0x000001617CEC8000-memory.dmp

Filesize
96KB

Download
memory/5272-678-0x0000016118000000-0x0000016118528000-memory.dmp

Filesize
5.2MB

Download
memory/5272-668-0x000001617F520000-0x000001617F6E2000-memory.dmp

Filesize
1.8MB

Download
memory/5472-688-0x000002294D990000-0x000002294D9A8000-memory.dmp

Filesize
96KB

Download