hxxps://sc[.]link/pNLpW

Analysis

max time kernel
960s
max time network
966s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/pNLpW

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2992 msedge.exe
2992 msedge.exe
4172 msedge.exe
4172 msedge.exe
4588 identity_helper.exe
4588 identity_helper.exe
6040 msedge.exe
6040 msedge.exe
6040 msedge.exe
6040 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	firefox.exe

pid	process
2992	msedge.exe
2992	msedge.exe
4172	msedge.exe
4172	msedge.exe
4588	identity_helper.exe
4588	identity_helper.exe
6040	msedge.exe
6040	msedge.exe
6040	msedge.exe
6040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

msedge.exe

pid	process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEfirefox.exe

description pid process

Token: 33 368 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 368 AUDIODG.EXE
Token: SeDebugPrivilege 5672 firefox.exe
Token: SeDebugPrivilege 5672 firefox.exe

description	pid	process
Token: 33	368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	368	AUDIODG.EXE
Token: SeDebugPrivilege	5672	firefox.exe
Token: SeDebugPrivilege	5672	firefox.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

firefox.exe

pid process

5672 firefox.exe
5672 firefox.exe
5672 firefox.exe
5672 firefox.exe
5672 firefox.exe
5672 firefox.exe
5672 firefox.exe

pid	process
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe
5672	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4172 wrote to memory of 4576	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 4576	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 904	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 2992	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 2992	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe
PID 4172 wrote to memory of 3744	4172	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/pNLpW
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb171146f8,0x7ffb17114708,0x7ffb17114718
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
2⤵
PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5540 /prefetch:8
2⤵
PID:3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
2⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:5252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4700 /prefetch:8
2⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
2⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3896 /prefetch:8
2⤵
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
2⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
2⤵
PID:5632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1332 /prefetch:8
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6512 /prefetch:8
2⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
2⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,6082449233401613217,14503026388229796461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.0.691959530\1905589595" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {540d23d4-e7bf-4f3a-a89d-6882bd09c7ac} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 1868 264e0822e58 gpu
3⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.1.2038451156\818280562" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {809d5f34-d33e-4563-88a4-e2d62076cd87} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 2436 264d3b89c58 socket
3⤵
- Checks processor information in registry
PID:2512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.2.1032354351\1672577568" -childID 1 -isForBrowser -prefsHandle 1500 -prefMapHandle 2880 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced1b51d-bc3a-49dd-abc6-c12a0f22c87f} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 2984 264e3706e58 tab
3⤵
PID:5736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.3.523189476\12130900" -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {488ee46e-37b5-40a4-8e50-a2df3f6195b6} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 3944 264e5960758 tab
3⤵
PID:984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.4.1444208917\1419371658" -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5228 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91712b6c-0bae-4558-9e65-04b85dc23684} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 5280 264e7685b58 tab
3⤵
PID:1580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.5.747891067\384582965" -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd8f014e-fdaa-4d51-b3fb-92e6bfb5b8ab} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 5408 264e7c34758 tab
3⤵
PID:2708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.6.273368051\778063245" -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5616 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d18ab521-d493-4f6a-92f2-209e2346db61} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 5600 264e7c35358 tab
3⤵
PID:3860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5672.7.1122900718\1357979761" -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 6008 -prefsLen 29059 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45053bf1-3f08-4c18-8f71-ce437e0948a3} 5672 "\\.\pipe\gecko-crash-server-pipe.5672" 2780 264e56bdb58 tab
3⤵
PID:2676

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52529cf0-c08e-4e6b-b29f-45b89142efde.tmp
Filesize
9KB

MD5
76ec7dbbca22a81d41ab4e7eb00d31e8

SHA1
ad1cfa080204823888c0d8ae545ff9ec96f0a37d

SHA256
8db52145f42a27f30e61cb718e5161270508f5ea1bf6212dc060b3c371f8d97a

SHA512
bbaffa7337cd02057aa32b681d19eecd47b408f790c10dccbc3b063186c4e69d0f36f75af9433904074d2a64853ab2669e1b750893af9de008244faf8049c7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
121KB

MD5
48b805d8fa321668db4ce8dfd96db5b9

SHA1
e0ded2606559c8100ef544c1f1c704e878a29b92

SHA256
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

SHA512
95da761ca3f99f7808a0148cfa2416b8c03d90859bff65b396061ada5a4394fb50e2a4b82986caab07bc1fcd73980fe9b08e804b3ce897762a17d2e44935076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
70KB

MD5
ec080122ae1c52b26dd5a8b316ccb509

SHA1
857e7fd84764f0102ac414aa5fd264d30dec1826

SHA256
629b4db51c51d1b8927103d83a79caa04caff9fd53caad5c1c1f3410345e06a0

SHA512
5d38767daebab4da8b73a43246995e706a10aaceca4ea8d7400c7b8f1f6074d66b314cbe5f8b1d0a12fa266a0a3dcf122b0ea0083b5eeffc4c5f328225016f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0589c1216115e8dc_0
Filesize
266B

MD5
56dcd95996015bc6085ecdd3b9087164

SHA1
dca8ae12310e403573251e4e7573813fc30467fd

SHA256
9112f3a2d0ae17f9498c5c6bf405301ed3d178824bad4c1eba7b601aebee3c5e

SHA512
bd7ad7abcd595b2ab45385a4c335d4299ee536652e6885bf4b266ba807953784a8ff628b80fdc21e644843662da50163b5195684f3144d196b9d229a5a31aa5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a64436c78ad9f0f_0
Filesize
3KB

MD5
5c6113332175389f9e60a0f9996e3efb

SHA1
56908f37004c6a679b6043aa84da034a9535c299

SHA256
a4bc829cfddc1c86d480874e60c324783ac6af208fe6328e4567fac0ad87c36f

SHA512
df41ffc68657f0a3a1f6e4bb278d05dc93676ba64b24a8aaeccbebd2966b82e92e34341defc3a27791108b0bffc3e0ba555cd9dd4b201280c442129d961c12d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e54fea6952fe141b_0
Filesize
10KB

MD5
8c35fe71325c49279bd914ea272836ba

SHA1
6ee7d2566e84260f02f02c18e7a6eb31e42578b5

SHA256
a037938e0ad7b22071ecde906bf3c8ff0adbe6155e429b1d018bf3743ff9711c

SHA512
3f3d04f599b2e503057afd9ea449e845d42d2c4a5ba02553fb3cc7361b2b330f64ab170b28168c1a3d4dc9a79e3cb149e376a68fc1133cd45e5a19431bb6b775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f36b89036a09617c_0
Filesize
158KB

MD5
9383a4005464119202b2d79864698cb4

SHA1
e4d3f6ecdaefa68126d878da8a9a4ea2a6d25ffe

SHA256
9ed262818729a7fd31d811510e0e3233a5db7a0246b3e8268e5c2133feca7324

SHA512
9105d7091b8bb1f9f6b7e2de353ba5c0ab9a6d0d59eb211179752e11d0c11edac275637853993e90fd4a60417238c8cae11c5be0097e88f7bcb6a1cd1d9e65ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
ae104095ba86df8c105dc0d05fea9a45

SHA1
cd8a845da768723cae3d079f61a120b569ea257b

SHA256
5965f50727f2772eb28f6de691a154e8deefe14b6665e74e8eba238985f16c1a

SHA512
39dc503039f673fa3cf243f01ede02032c1b33bf9b4a0feeb8a3eab119ef51959779a82bcccddb03c73e6a681414cf5c909f3e24a5fa77e0541ddc9e6b82a87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
121afc3ae0186ff5c5f78fa387114c83

SHA1
2ccd7590e88588a935632f6f39ac9f56c4365ecd

SHA256
963f4de959a36bafe091480ded8e0f47dee4e686c5b6ae6ac43f35f9c008c783

SHA512
492aabfad959f4d2faaccd65ffc3c0b326c970d40e0ce47a0acd7cd513169040bb4abc2374ff7ccdd13432bea14ed51df9e868752729ab6701c77afdc5b1760a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
02de80ec50821a76d4e090ceca03151a

SHA1
959a2c38d52dac9ea9d8bf4747f0715a469ab269

SHA256
f1bc39e0525f3a4f40d85aeecca44985e7937e5b18c19a48e747ffeb0d1878d5

SHA512
8f26e4ab8562e248f7cc4190543b9a6290b0bed319d0e6b17d32f9fea005d7b205ec0c466a823349e32a22049b4dada0fbdc00ac56c91a75f22c65592dd2f63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
d8a05a7b7e2f5cc68ec790b6ad80a133

SHA1
dc904e2084812e7060be7475e04dcef3f733f7ae

SHA256
47dc811a4cb558e544f90281ebe64ed665aa08a293c5a43eb1a1c35046219cd4

SHA512
bfa1a4a36f83a6a756687063ea4ecf7ab4e52bb562e08737e238aa7072abd7b9eec011760da66c2dfda82b6f0c2884205421cdabd6e9562b2da6eff99b6c6008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
a37d8729b0a9b0a3bdbd5dfd987d9518

SHA1
7868085a2c9d4c918c4de29fe18b492c6f22787e

SHA256
6ca693e9bd8d3ce66ed5caa0eecafa0a0538d2c2f7e6d4452e7d1838172e1281

SHA512
f7cf6d3527caf17c10dfe6bb01579ce1be10b00ac45df87a5e42abb39dfeaead59d805fd2c4c71fa982d3ef0ed2e98b0768faa221f1d7c27598b8488e2e78bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
7ca1f93140e6a1166b3777ba1f622a18

SHA1
718cc8c4f8d419860cd43fe6c7d653ac48d5acdf

SHA256
d9e1bb57933a2ded87676f4c8426a9b5ba28283a7cd1c06ef9fce8b3e12fc9ab

SHA512
d62658c5717a9c75be5491282497ced8c726f1900690d9fc404f42b148d120782e43c7ddacaaad606190397af01f9c6be7f6a65924001f30791857aa06e31b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
ad75d81ca0f2343f565a20102a140009

SHA1
eba77592136bf38398653e7178bb1bf0e09de9d1

SHA256
3aae17ee408387431a71648d4d2fd7aa27de1f9c1191274049bb0b81d7856567

SHA512
6959227b444051715de538a1360680b9100a76d23fb0af083b983eac24b5f9b8d20bc52d5dc6ab1ba39175c2bee641df269aab1edb61131c99ff358a493372fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
95061f3becb3f281e70bfa5b5680e59b

SHA1
ccf6230a55f10720489205ae4854f39926e0f0d7

SHA256
83b33337102368ddfff138b9b8dc2d2967c0ad62a5426c52556a4ce06d350119

SHA512
6c965719b5471215f7b7207d1332c89aaf32ac1b1e6eb6b56a60e62ba75cdfe1ede7143826e27427f7c49c3977fbe03df1721dabbe070544f3ef0fd25ff34217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
47c39ee20735c54ba7cee13cceb10a39

SHA1
85c19f5b3b6f0e325e0d8506df9794747e5a5932

SHA256
43d5cc0951a1903ac65cea0c27a8e5fe07cd994ce5a617f305b1e4a4f3730aa0

SHA512
e8d7f1a028ef399c8abf47984f164e5f0222183a782486d83da5c8d08a3687ca873166469b861187f5bded85816337d4449e96c2e1abfccffd03a03c58816114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
316d04beba912ab6388dcb9f648f5a51

SHA1
5a2e0a847c8aeac15dae19c44966473efa134a48

SHA256
01986c066aecb84357a8d7c0d570842ecc51bd4ed3bccefed7d0ddbd89e83697

SHA512
e88b059b0e47c4ef5dc0ca1761a1684ba5e56507d9a999dd856ba015b5dcb50c1de820adb1cdd6c9fcae50e35bb4bdb66326bd1e3e76066c6fd746da60d4a209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
0920bdc1e6af87c51c8f9f2f269f5ae1

SHA1
5a82168361a9ce8cc1959a88d36fb84dc1143c80

SHA256
5a23d7ddce38d9f9bf550a6178f7afa43610a91381eb088aca492e45e15b3d15

SHA512
e9223bf6e519afb6420608e11ce109fe7a0a6e0c342140bd704aca53661c7f8ab73dc6f92471b80b0648395ae63ed76dbe3cccbc5c2d78018a9c05c4da9ce70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f90d8b1411fd8f5a8a0b7cc1824e778b

SHA1
023ffe8047f3605612078a2d5790332283b850b5

SHA256
692aa2dc1640a6b9194e4413d5edc3263e2f4d89bf847f9c6c0eaa4e0f48164e

SHA512
be32ca818b75f21745e88553d495570363ebbfc0f043e747d63d3f88f93918d9a2e5aa9ff365a6c6f0465151860e0900d158432d0ca02e1fa374bc3423dbd59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
650b2e8d073b237605c185e5277f2385

SHA1
73e12b769835826698d3e15486060a1646c6a7ce

SHA256
6dfde45ee6effe61a1aa038bb1f505a280e2099daff3b620d302d578d22d527b

SHA512
121b5ad55a2d82da0a548b7413a5cc8bbd054d0d36dab0dca563989d1300fbfa28b7898879501f9c5acdd49a89a1507de68727c8bf5ebf77c497bc18ccb7776c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
59b751e1c93dab8337e6f72d734c294f

SHA1
4c22aeddc20fccb043f8f964514bce7c7f2cb1db

SHA256
b9c61dc902b2fb6e919326a90206843cf7220a9550d9ac6459d484e10bbc84f5

SHA512
64ade12724ddede3293603f5524e67b4c79514e9c04af420b967ce808314abb606054a977f014af5b8677617c6c1a0a39a91a1e4af32593eb8e8b3b4650a7141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
80892bdb748d90899bef08ea92a3fc54

SHA1
6b1caddb03ea7558826fd7149e71eff5e1f08e9c

SHA256
405ac17a37a5171822fc754cf18a75bccf7b5a6e710ee52f625b9c9ee07f39b6

SHA512
c8cec2fbab11f85be7ce346ddba11fefaaecfcb335ee3a582be27f9f8c2c7190456d15c9b3158d9e9aedd4be6228bd079b9fef3102ad8bacc71ded45586e0ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4bfec6c3ff122a0de3b0886d2c94ac61

SHA1
42ac07508d4b307f415006e0061dc01789d3df47

SHA256
79e58b291e7dddd471ab82e8ba52889db13480c9e479b442fde9aafa57aa044b

SHA512
4f18b22d8224fabb0f083514ed8a8295af250dd2ed2f4146ec29ba87408e0b1486608b9cbee5ee467fbaef2d292869a313553725dc14456b62cb40c86781283e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1ead13aa4a026f0507c702441c1de964

SHA1
5f46c1e11d81aedc05e6ba7fbf62351fdbb9fb6f

SHA256
98ec0fc6bf3b024e1ecd70770a73cd45062f0dc426e15a47e70d5e4e09ae9342

SHA512
0d1d23e9535e4898c5c78faa400ca225936ed8963d8efefaf4e4587c0876f9122669641f8adecfb229ca82cfb1db1ea3beae503b9231c7307242ccdca985c1bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
35b3b0b5838b86d798f1e41e181b5897

SHA1
8207574eea0259ed616f467b4d1aef8983e29608

SHA256
99381cefb4e79306148ecce70de5801b1c5380bcdc21bc8fdb794a022905e95d

SHA512
acea151ee12039246b99359260ea54abc8b9d23fbe86953ee4f1171bb38305b5931bb116868abfde26138a4ddd660a9f942bc67ff44e3ced5a87f9b7d520d292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
92083a59a4d5d86e96bec9aea23aecfa

SHA1
a31de11e67a27d22d5dda92d25a7b312b6cc9fcb

SHA256
3eb167e187b4e69a5a79fac0f8bb4015d5b00839cdd3279cf5737eb52bb34e1e

SHA512
1585f6ad89adb134efce08d7bed9802d85e06fa09c0d5c835af96b79399acabc92a1d60de824a02c9b7f96a44333cc6258a318473779a32eac18116156253e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3e78ba8866054425c82e7fa11b67d708

SHA1
856e253798178d5948023c842c8bd7fa01fc190c

SHA256
47d7483f027bb25b1f24357d4f6266801ca1141c4dbfe5d6f1ccae0d00ea97fb

SHA512
75ecccbd4935fd1e354fb881926baac6f84628710882eff879f14a57474a67e28d61df9c13bade2a519ad17f31558ec0142fe2b4aadfa0309d8985a96e38c1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
203d47cd790c5a9a956ce8437db13e2e

SHA1
2bb19d535361b84dcb4d9091dca564ad1aaf5ff1

SHA256
9a6eb9370315eea1b76ed19d3361617d75d29027db278fe25bc3cd87ca9366ed

SHA512
3dd799a17788562e37f202e8aef848f2e07614291ab8766e1819dc5fff0626a58310e9ab849db7b90b4cb2d23fd6154d43876144483868e8bbad7df521e2785f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
73e3ad4bf48bfd03b752ffa9a46fd8dc

SHA1
6f5c4b3cfd400f8e0387ccc193a332dcfa5ff296

SHA256
fff1d4ba76dbdfbc8d99299808a3a1ea4b7f5b0a06e1caf43ce51726f522cf1d

SHA512
60e021ccb40d3c18a7811128d63d4b8a2ae2ca51449c36c1a77a0afeddf81d5f8fd7b72e4b0f0faa56a3660da3a57719c9e875e6c197360f53ec3bf957e3c58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e2cd363a5cb8f2f3ca4d81f85aef14e9

SHA1
95bbd7a020a253f2377a509bd17bd218ccc5dd98

SHA256
5d22f7360117cddeb16050d98a20cf2389c9c6d2b9818f5d7a8b7bfd56b0046e

SHA512
e37daa56d2f227ffa9d1df79215540571ccfcf0538b0a1411424d462ed93cb14b777c312f1e62a01c0ae0eac65642dd9b1072145488910bd94ef6ffa493a7dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
82eff7955f6d65537575840bd0518667

SHA1
4267f3fa04041e1d25901657ec0bebd340250dcf

SHA256
725bfcae9d98a68ad06c3c5b7c0a846baf3d150576e9ca373dc44bd3bc6b7f34

SHA512
e1ed3d0fca2e7a4b7c703dd85b27ed7b6f2086d18152f2bd28c9ecbc29e7f36fdd97c901ee70403de051927e4e71440c7a7bec425cf3dde52cf94dc7dcb7d519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c61fd.TMP
Filesize
871B

MD5
498b66f3f4a63f17706c27ffe501c369

SHA1
ff7016704701d70b6fd54326af49954d80e9643e

SHA256
7b382928581dafea2dffc64655586456d2ae8752caa3daa8c12bb8c9e8df8fd5

SHA512
895fe22dc67e31998441b9fe239860411725d7b62187a0b0891d3a46b6df988b813621ce440a61e09469ca68454d7439a059bb7ac9352d178444dbc957e0ebb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
66354f3b1d313ef7b11ccf178863d000

SHA1
0459897da9f1044a5078da02c6199e135e1ec13b

SHA256
b871a0730c6d0fa5f27c7f4fb7c80a217ef406aa3ed295e065a67f16dc71defc

SHA512
190ab75831ff72c6ece9bc0f4ec0c5ae48a6b85cbffe8e3aaf4eb7c5607af21acd1e9ffe07080c2f29dcc25274e08daa360b5496f45e2a211f45fc02ef0f25d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
09caadb072a09fe5793c0a94b11d8ffc

SHA1
59418e870480875b82ac06387ebccca0aff72da2

SHA256
3f8ec6c33872db7ab9659dffc1fcc8e63a71768e95ec2b9539adf69b59d1b057

SHA512
5f10c0bf68cb6925b76e5b88d024176a8b2b3890983079fc24edd6e2a11ee3e6a305827b1f648df86c1f0a36db014f363780a35bbde39a3860a424b72276ffb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
5e590478d901c3cf348c1d3f8b9837b3

SHA1
ff48d695296d908e4694173d261577096abd4fcb

SHA256
88543f98e32ad4696ab2e7933ed5f8c22743533b2112d73562616c2d943d676c

SHA512
dd3976a409456c89fd6e2f0c7f10b31194c3b126a46aded85ecae004f30410f9a0b319cf0759e1292e2be1c00a8e2d95c2d046952f4a9e2a8fcf8d278abaf7bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\7323350D2761F6D3E1533FA1457FFF5A5BF1774C
Filesize
52KB

MD5
1afeb33c90741db7989cc902b1cc95cd

SHA1
5ee1ef1b5ea909eaae62874fdabfedbeef99122f

SHA256
b07a00664c44def809fc97f5c38d254a2f6acf2cd40794c240b1c6a0737119fd

SHA512
7ebde12260e0bd1db6d59f969f296faaba1485fa4bfd49be1e6709d3399b5ba2f7a0ea1d478521362ba10f6f38a2ddfd33ba57c253c6cb724e663f9b7c4a6ca5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\7A0838F7EB204E29A369136E09111ABF2414BEB0
Filesize
13KB

MD5
8ca089a5e273d8e15b7b1342876f51b1

SHA1
5ba0da78a2a3a15b70a4c47cf42e62b8d620bf36

SHA256
a83902f36456e320cc36c6cc6c8ace824051b7a85790b56c7f3e693071e7f29e

SHA512
cd460297fe51821caf312ac5c361ace24a3ab62fcc75e57f9d46ae5e6e06916558935a32aa33c924b67b446c236385916e1b466a707c71c5b8303bfb3cb987a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\C1CC489F2F09E2F6CCED7FA57FBA96D3F6E7BEA4
Filesize
128KB

MD5
b8ebc67d14b4c0f8de9cc353dbdd5d78

SHA1
298bf9c5737b835eb81d4500446bac406685bbee

SHA256
8bae73afb7bf1ec4bb94ac413f35acfccd0ddf356c76a5b2ec7f9a2751c0cd20

SHA512
ceeae8671352288bf9c21bbe9c856f781a01a8bc56046a3826f6449a879eb44363d9c9d3739d8561afb3c9f83540e3bdd2838226dd96cf9707257d2910bc792c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\DDFF2EE2706DC7EBCD1C39FA766772EFF80C1EAC
Filesize
129KB

MD5
5fbd6be89446be797140aa09984bc924

SHA1
89e68b139e176939a4eeae893853e6e1d33f033a

SHA256
576cf3cc9d5d195264d80557bf25485cc7d92824fbf8343a76031eca2fe43b12

SHA512
f01deeb93472607b15739ea0846f796d5d77a58cce8ebe91127a7cfe6daea15914538aa978c7b8e96f94ed93c15772d6b0a881b9aa219576958eaef6f8cefe42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
12KB

MD5
719a81eed887fa8da66480669601ec2c

SHA1
4e450a0fa9bc939f1de35ff487305f43237c971f

SHA256
0fbc61b28cbae8b7ecf46d360efa0c5cc1dde8725add97094312fe284a5809fc

SHA512
a6bc93716fb3f5aabc02f8a26822e5d6a1e9634f0ef4d564d85b4465752a74d2bf0d07df34f9b6640dd87635ed68ecb8142b2051a0d8afa0f4614e447e6bbafc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
8KB

MD5
c3d26bfa187656a652581c62f5746098

SHA1
eba2fbf8e4dbb21a95482feaab2ec9adcc39a7a0

SHA256
caed7450495a5ee981ae8482b33ad1b378667ec0ef32bc363158607249a14515

SHA512
da2cb16304a7a9037d5e8221571d9d181023e4fcb2bd014a7e69bbcb5db8c96f4680264ff00671213248172ed0807bc590cacb6978f9acc9606bde47d01e697b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
7KB

MD5
da4881f51f467819b5ce4235ce8fdd26

SHA1
a2e91cf951e931fd06f1f2e26c5cb79b64b4c47d

SHA256
1468393e2ee187a33f9f600dc9bfd45a3d95fe96f3bf39006afe0633aa09b9bc

SHA512
fe866b10ae8215a97d483de2dd8e0357ebdc541c169f916cd4a54a66e9e18145a52cf96443cfa0078861904d888c1ebdf0a369b772ab812580b695fea6db1a8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
6KB

MD5
9e614fb04bf5e8178f51205338b32160

SHA1
fddf7f88db8f83361a2d88ef4c9c68b9da7276ed

SHA256
033c97524f2d14c93e2aae57994b55981058b143c02aea051382d10f8ac32266

SHA512
03bc11f4bb5c222e7d6a4d886ab280c1f800ce2f14e5d172de0d8ec697984a3182b017ebc5377c080b8f3f5407848ed089b005e50c7e3aeaf3f5f25c563a0d2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
373a4803c1da68109e9466b239b5d494

SHA1
23a65a822abae529d7cc4ac524ac2ac2fadaedcf

SHA256
e3b3c455e29c69e86631a92fef0dcdda3f96cba1d47532a8334cc0dc0f1dcd21

SHA512
730a6c524e45daa4c87c88c6ae5d6f92765a7e4625f41e12e1b8dffaf0895a4914999777a864d55f273a983ccd6f12f904dd095267cac13a3977a3977b9de566

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
5043d0aa2074d14cac9bc1caf003507b

SHA1
c171ec480ced3302207edff2af0a34f5b53f68e8

SHA256
f9b7359630b2fff07d8e4c830638f89965fd6714e6a4c327f27a1c5bfc79eaee

SHA512
6ec67e9f7ae593500e6eb5e772386cd22a26ae5cd7bb3308eb65e8865286a8e6273e0fd2505fa87cf072bcee0a98acf73b0e66cbf6b0b73be036c136085edfa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
a03f320164a18ee934b3a85207d26d47

SHA1
55a5bdeacd1578992cc8e03c01ff37977ec77ab9

SHA256
40fbfe705cd3368bc2247bd37a198761974209fc0876e15d50d1c6a96b985029

SHA512
53302331f783f7fb15649920cf1482b00ee288e80e601daf6d2d2ee540f1ba4a43794c56b56cb8e9b9a0ac3e68af6ca27c3a38b14ebb321d1e5d1647b53ea5c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
42KB

MD5
edf1eeafe9b240d706b58a0369581b97

SHA1
b17e6d2919e74b3450a9f76703081903ab712a21

SHA256
261776bd3817b03df158923f6bc099332bd90c7246e922989a792f7229e0bd90

SHA512
97783fe75f68aa56eb00e8450a60c4cb2c1d6a8b0e44fc156ffa7321b57f8e38506e7081292f4e26d0915b6a38fe31eefd66b09aa4f931cbc123723f0bf3e675

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
564dd8347b8c63c238f2cfa97e6db8b4

SHA1
a1963bb9e4dbbd722e274e44ccec19076019ee35

SHA256
228903dce2c85abe5a7c7dc2f06ff8cf680531fa0f91e6bc4a2e09624c7173fb

SHA512
37e06e5af49e7e3126264228a220365fef7e252c5f9f7f6c0d0e751a3e034489cd6be2ce1404eae44fe4050648809d9af49581e88b280688e633a7f13bb7ad49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
43KB

MD5
f8cd32d9c73305913feb2088af0ab14a

SHA1
8b0d75f0a40006f5e0538b4d4c129be93aaaf1e8

SHA256
c2123129c38bba2bc4ad6a0a8bd427d352bf18c333e230b27f0ea5a1f394afd8

SHA512
b91f8f2ffb99aeb0b3a3b4c15dcc26387e0946a30f0891a43a3be820ffeaa64914cd19ca27bcb2809ef2e7c051bb41dcbb2fa80330fd087661e5261cd4433530

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
40KB

MD5
839070a7580a3bdd4dd662c98b72f97f

SHA1
9ea2e34ccc316f94c2bf90f200d1ce1da677e409

SHA256
68206982db0c9457c1c7cc08d66cab3a8ddfc54fb900b49dafa5565e77d54b42

SHA512
6ca480775f117c958c40a59e0a0716d7476ed40affc78497528d3d82baf374e06f61c1449a454002108aa6e47d58e13d0d4760c155c951f7ff89b4427f3e2a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore.jsonlz4
Filesize
42KB

MD5
6243e51ea911f939f0bf8d4ab99143b6

SHA1
c7c32857a249a5772357943d62315eff373ec366

SHA256
59de0b33d72b62fee8080370d446b72397c0fa2d86391f4f857dbb5c27eeceac

SHA512
fb49e855d43e0c75b23df2d3d8e6046dd49dddc33cad78685e4c0de9d1152dcb438a712747a39acbe66a9e383571a10f623c4b3d1415c80e7012f99ade5652ce

Download Submit
\??\pipe\LOCAL\crashpad_4172_FTABKTWIQABQFTZD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit