hxxp://youtube[.]com

Analysis

max time kernel
1737s
max time network
1743s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
647	api.ipify.org
652	api.ipify.org

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c1187a67-3af5-4963-ad1b-d331e6e1f692.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230411172020.pma	setup.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6923D00F-D88C-11ED-8FFF-5603A1288413} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\7z2201-x64.msi:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5156	msedge.exe
5156	msedge.exe
1960	msedge.exe
1960	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
4656	iexplore.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4656	iexplore.exe
4656	iexplore.exe
4376	IEXPLORE.EXE
4376	IEXPLORE.EXE
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4376	4656	iexplore.exe	81
PID 4656 wrote to memory of 4376	4656	iexplore.exe	81
PID 4656 wrote to memory of 4376	4656	iexplore.exe	81
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 3304 wrote to memory of 968	3304	firefox.exe	89
PID 968 wrote to memory of 5028	968	firefox.exe	90
PID 968 wrote to memory of 5028	968	firefox.exe	90
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91
PID 968 wrote to memory of 4080	968	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://youtube.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4656 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.0.362269970\74788772" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49928bbe-24e0-4030-a70b-71976a366fcb} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1916 2b2a2fefe58 gpu
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.1.566903000\939974623" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4a8e31-2a0c-46f9-bbee-14b4f601e6bd} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2316 2b296070158 socket
    3⤵
    - Checks processor information in registry
    PID:4080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.2.217693124\1355670617" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2948 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bee4692b-d160-4e7f-ab74-7f204072b332} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2844 2b2a2f65b58 tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.3.1183330772\1523011214" -childID 2 -isForBrowser -prefsHandle 2456 -prefMapHandle 3028 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04cbf351-b7fb-448c-9700-24d986af9b99} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1284 2b296072858 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.4.934045315\869744838" -childID 3 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {863b37e3-70c6-44e3-87bc-489fe05a5e35} 968 "\\.\pipe\gecko-crash-server-pipe.968" 3980 2b296061f58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.7.627858958\124708867" -childID 6 -isForBrowser -prefsHandle 5040 -prefMapHandle 4928 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac99f8d8-9ead-475f-ba1e-3380897ee563} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5148 2b2a94aed58 tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.6.884381622\1599571571" -childID 5 -isForBrowser -prefsHandle 4908 -prefMapHandle 4672 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a378104f-20c8-44b3-952b-86d67d28fc08} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4928 2b2a94ade58 tab
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.5.175472111\104131057" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4860 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {690657c1-7858-472b-ab9a-7ab097d110ad} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4896 2b2a8e8e258 tab
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.8.832010728\1346901266" -childID 7 -isForBrowser -prefsHandle 2916 -prefMapHandle 3684 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b188e86c-35ce-4f06-a3bb-5f51afca447f} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2856 2b2a9f80758 tab
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.9.559545738\476443468" -childID 8 -isForBrowser -prefsHandle 5960 -prefMapHandle 5956 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc3fb36-7d8d-401c-81b6-ff3db03770d6} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5968 2b2ab4fc858 tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.10.1471125614\1230316529" -childID 9 -isForBrowser -prefsHandle 6076 -prefMapHandle 6080 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a050ab-2147-4a9c-97bf-bc60e7f446ae} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4772 2b2a578a058 tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.11.748050163\368621794" -childID 10 -isForBrowser -prefsHandle 5860 -prefMapHandle 6068 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16008629-18e0-44d9-9063-003b27394380} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5432 2b2ab0fe558 tab
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.13.2032776350\698741594" -childID 12 -isForBrowser -prefsHandle 5000 -prefMapHandle 5024 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9367e7-09e5-473a-a49a-209a0d5a8af6} 968 "\\.\pipe\gecko-crash-server-pipe.968" 3600 2b2a7b10a58 tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.12.1834059443\2079836320" -childID 11 -isForBrowser -prefsHandle 5488 -prefMapHandle 6072 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fc341e2-df7f-4c8d-bb12-c8735258b5b6} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5096 2b2a7b10158 tab
    3⤵
    PID:2756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.14.836015842\688380047" -parentBuildID 20221007134813 -prefsHandle 9804 -prefMapHandle 9808 -prefsLen 27331 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0831b82-ae96-4353-8672-91c4f1f55763} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9788 2b2ac0c4a58 rdd
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.16.447183632\1315547863" -childID 14 -isForBrowser -prefsHandle 5228 -prefMapHandle 5744 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a14ffcc6-d374-4326-9c89-7581a3ac74e6} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5700 2b2a8e73b58 tab
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.15.1670647950\1531460893" -childID 13 -isForBrowser -prefsHandle 6096 -prefMapHandle 6052 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0043148-6281-4e41-9957-31913240a969} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5212 2b2a8e8ee58 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.17.1553909665\422948294" -childID 15 -isForBrowser -prefsHandle 9312 -prefMapHandle 9304 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {427171c3-b1e3-4794-8cf8-76b7082a5337} 968 "\\.\pipe\gecko-crash-server-pipe.968" 10100 2b2a9f04758 tab
    3⤵
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.19.1098852131\880424808" -childID 17 -isForBrowser -prefsHandle 5700 -prefMapHandle 9900 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cf3f04c-b402-4bf1-a2dd-c8c78a074db3} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5228 2b2ab1f2d58 tab
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.18.1019099820\1054748952" -childID 16 -isForBrowser -prefsHandle 5368 -prefMapHandle 5344 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ae6afa-76a5-4115-907e-f7d012fcbc43} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4456 2b2a7935958 tab
    3⤵
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.20.1476398817\1482921135" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8996 -prefMapHandle 8948 -prefsLen 27383 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7a0ddaa-2b33-4383-9fe8-e3c911b103f0} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8924 2b2ab84dd58 utility
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.21.1202045560\2108167864" -childID 18 -isForBrowser -prefsHandle 8964 -prefMapHandle 9016 -prefsLen 27383 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cd3d573-8491-47d6-a3c1-0e3cf532d727} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8972 2b2ab38f958 tab
    3⤵
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.22.903251648\158885652" -childID 19 -isForBrowser -prefsHandle 8368 -prefMapHandle 8388 -prefsLen 27812 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29f6a85c-a89c-4f4b-bef3-7c0b22d099e8} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8336 2b296062e58 tab
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.23.1975032755\349427824" -childID 20 -isForBrowser -prefsHandle 9124 -prefMapHandle 9132 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b898dd28-67a4-43da-a93a-12eee557d0c1} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9588 2b2a7935958 tab
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.24.1802262335\1703484157" -childID 21 -isForBrowser -prefsHandle 8412 -prefMapHandle 9964 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d035b737-c297-4fb2-9814-50040e44757d} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5996 2b2ab96c958 tab
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.25.1027146178\204310524" -childID 22 -isForBrowser -prefsHandle 5364 -prefMapHandle 8412 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9efba9ff-d5a9-4011-b69c-16d5050b8dd4} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9356 2b2ab9a6a58 tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.26.1791907527\2115150755" -childID 23 -isForBrowser -prefsHandle 8620 -prefMapHandle 8592 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09223e92-97e4-4c4b-810a-151220618e8e} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8588 2b296069358 tab
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.27.2096673463\2029682050" -childID 24 -isForBrowser -prefsHandle 9248 -prefMapHandle 9884 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36aa01b0-ae8d-4417-9d06-84972f23c273} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9856 2b2a797e658 tab
    3⤵
    PID:5360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.28.234019114\1838928158" -childID 25 -isForBrowser -prefsHandle 9256 -prefMapHandle 9272 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0fee649-f3df-4228-a3fc-a2637e8f7fd5} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9912 2b2ab935458 tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.29.110933221\424312602" -childID 26 -isForBrowser -prefsHandle 8660 -prefMapHandle 5136 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc966057-4170-4c7b-b47d-dc9d15e1dbfd} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4008 2b2ab694858 tab
    3⤵
    PID:2872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.30.504869823\193853191" -childID 27 -isForBrowser -prefsHandle 1292 -prefMapHandle 8384 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e24f6d-f501-49f5-a771-0e4ad4b29299} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8396 2b2aba8cf58 tab
    3⤵
    PID:5268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.31.550234335\1050493254" -childID 28 -isForBrowser -prefsHandle 5148 -prefMapHandle 8288 -prefsLen 28083 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de2ee53e-b8ab-4d63-b83d-b6a61c1effd3} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5356 2b2a7b10458 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.32.1121535001\609655045" -childID 29 -isForBrowser -prefsHandle 8020 -prefMapHandle 8404 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {194b80e6-aa3b-424b-9b4e-49cd7f43372c} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5340 2b2ab692158 tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.33.1281142589\116665593" -childID 30 -isForBrowser -prefsHandle 9244 -prefMapHandle 5496 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef91146b-053e-4d73-812f-13890b6ef264} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9532 2b2ab0fc758 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.34.1244552031\1537704060" -childID 31 -isForBrowser -prefsHandle 6188 -prefMapHandle 5048 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa377594-b7e4-47d7-b3a9-dac053266239} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4456 2b2ab936358 tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.36.1665785313\1256625954" -childID 33 -isForBrowser -prefsHandle 5752 -prefMapHandle 5952 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff1f0b98-9f94-4d24-834d-52cc43fcc07f} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9628 2b2a797e058 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.35.500636549\650847972" -childID 32 -isForBrowser -prefsHandle 8044 -prefMapHandle 8208 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb50529e-cf97-41e6-b336-446f54d6ea96} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5332 2b29605f858 tab
    3⤵
    PID:3076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.37.1543202605\998756598" -childID 34 -isForBrowser -prefsHandle 10028 -prefMapHandle 8444 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec4cb41-0862-4a01-b515-a8cbd47a9df3} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9448 2b2a94b0b58 tab
    3⤵
    PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.38.1198524753\1670531494" -childID 35 -isForBrowser -prefsHandle 5116 -prefMapHandle 2860 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa2b9ce3-e375-4dc1-8705-5ceaa54987af} 968 "\\.\pipe\gecko-crash-server-pipe.968" 6068 2b29602d258 tab
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.39.534356876\1764370573" -childID 36 -isForBrowser -prefsHandle 10008 -prefMapHandle 8704 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526fe1ed-0ec2-4931-932f-f6fac2970852} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9384 2b2a9470e58 tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.40.1291751343\1184960967" -childID 37 -isForBrowser -prefsHandle 6200 -prefMapHandle 7956 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f19860fc-613f-42d0-a8a5-48e6e4168e92} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5816 2b2a797e058 tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.41.1394147936\67778929" -childID 38 -isForBrowser -prefsHandle 5420 -prefMapHandle 3744 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15932b83-14d7-4d83-8429-fc498523c8fb} 968 "\\.\pipe\gecko-crash-server-pipe.968" 7916 2b29602d258 tab
    3⤵
    PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.42.173511339\288938991" -childID 39 -isForBrowser -prefsHandle 7972 -prefMapHandle 8740 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae36e206-b997-44f9-962e-694cd0df1812} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9448 2b296067858 tab
    3⤵
    PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.43.2030489965\1514323364" -childID 40 -isForBrowser -prefsHandle 9624 -prefMapHandle 8364 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984fe224-f678-44c1-922b-09a77a03014b} 968 "\\.\pipe\gecko-crash-server-pipe.968" 8516 2b2ae3f9b58 tab
    3⤵
    PID:3372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.44.2087073207\2138570079" -childID 41 -isForBrowser -prefsHandle 9564 -prefMapHandle 4772 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec47de44-8b4f-46de-9437-f4dfa5aa625f} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5832 2b2a8560058 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.45.519807148\1591022761" -childID 42 -isForBrowser -prefsHandle 5092 -prefMapHandle 10092 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3937b1d3-c75b-4f86-97c1-196e3e06a0d8} 968 "\\.\pipe\gecko-crash-server-pipe.968" 9832 2b29602d258 tab
    3⤵
    PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.46.1901582979\541131819" -childID 43 -isForBrowser -prefsHandle 1292 -prefMapHandle 8444 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {652db125-2457-489e-8aa4-96bab118b110} 968 "\\.\pipe\gecko-crash-server-pipe.968" 3732 2b2a7b11958 tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.47.1975168327\385325182" -childID 44 -isForBrowser -prefsHandle 8512 -prefMapHandle 7980 -prefsLen 28092 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3b0a7e-617b-48eb-878a-7ec18507f3fc} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5344 2b2aa691158 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.48.1015144284\2144520017" -childID 45 -isForBrowser -prefsHandle 7904 -prefMapHandle 9104 -prefsLen 28132 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0600b55f-4ece-4c67-8ada-9eb9b7375387} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5208 2b296061658 tab
    3⤵
    PID:5612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.49.855664668\1628583018" -childID 46 -isForBrowser -prefsHandle 8412 -prefMapHandle 8648 -prefsLen 28132 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e34e8c-b470-4d2f-9b74-0130616637db} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1424 2b2a2f0fa58 tab
    3⤵
    PID:5872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.50.192569558\385422046" -childID 47 -isForBrowser -prefsHandle 8728 -prefMapHandle 5340 -prefsLen 28132 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b419c2b8-6982-4661-9074-01454aaecbbc} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5260 2b2a855e558 tab
    3⤵
    PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\JoinRevoke.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffb6a746f8,0x7fffb6a74708,0x7fffb6a74718
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0xfc,0x110,0x100,0x7ff74aaa5460,0x7ff74aaa5470,0x7ff74aaa5480
    3⤵
    PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10077451651256773672,13525861322253850731,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x2c8
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
50c58c30fde7b3d197f3f2da1ab90b7b

SHA1
6e89052fe2a0069ce14eeeb3806507ab1c893c36

SHA256
da3f58a2ff96c711388b8aadc26a3bec84fde90a3aceb85ffe709477903c0c59

SHA512
ce58633b652924f30d2f1d5bbd0bf4cf99e62039b33b8faf5fdd41ded9212ff605540268785e24a00286a2da58c5dccbad6cc71f129464d5521d9487b205ba10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_4B05AB70063E9CF4CEFC3109F1DA8D9A

Filesize
471B

MD5
ea5a87360ecf887fb80338f777960ff1

SHA1
c510defa97da28762d90af73beb047c3894aab85

SHA256
582f2ef18af8750234aef845802446e85594dec5a3897b41048cdb04074f2531

SHA512
a69e7dde74d04ea7142804ed7b35d2b222a0551114eafab3379d600bdeb3fbe25d8ba33c5e8d99a4f0c1263480e4fb4261ef5a69028893507def5471ac26b62a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
76dcc760dadfd3e9f118181e884b3a4d

SHA1
6685f18a517fbd58b58ef4a7edad650f52c72275

SHA256
c58a5c500fc1be319997a0ec3eb4f432d1717b84ecc00fbc9c69bf1e6becc762

SHA512
4545bf528bb920e1506eb554618a79051d9e97ea690cedbc76583991f0982444eb0548d19502777ac83e15efdafedd9b71f5dd5d446f3e4cd782594269828ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4109d79e2a3c304a991d359fe047b5e6

SHA1
b67ad73cc51cb294b8c6c94724a7feacc0ab6a20

SHA256
04f493ad7c91a64cb36eedfdd00e7deb27df9456f23324eb4f8f18840ae11c41

SHA512
864ff08cd92995f448025dde21e19ba8865a4537f49c81b102af34bbfbd7840b9a1132eb5fe2dbb635d0ff3de09bd7d7f18ff7269ae8cf650b8e1b7f71797684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_4B05AB70063E9CF4CEFC3109F1DA8D9A

Filesize
410B

MD5
6ba038738749c49cd02846a623c3168a

SHA1
7bc4f8698cde70e3a2bff617d69207301a9b79ca

SHA256
56800491ac518476bc0b3bc985ae2902f316ad55dccb441e498fe5d31c98e4f8

SHA512
3190007732b2e9baee30df92788c47862dfdf5633196e92209a1847b2468f4f45dfdcae2f36704a52f3b21f67ec0a5f0be2ec84c10342290267b5c2e45b4a236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
1024KB

MD5
d268e78606f1873bef19c1eb17c46ebf

SHA1
5af111d8a561de465fa1d26b8093337db4963efd

SHA256
6111b7edf83d04aab9ceaad8687e2fa97a3cd0ae9acb4c6001c5f075fd0997a5

SHA512
7f2c0cefc0fe0b06aac02a0b337f3d0f93ee55236404dce8eb87a51c309f1ad4207bfb2dc585f1bbc15217174d254055ca4208560a6c079ae518b65e4954049f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e514602474161b48dc9c7e9d8c5de4ab

SHA1
c0a749380495852443ed431e1177061b02524048

SHA256
9d6cd45236835cd4897e1b46398a0d77b42385c147ae06918565c503032aabb5

SHA512
665a8e498d0397e4e3ca281852c231ee811658c11a345d004a1b8834596dd884e1a3d7ccfcee7fa5ed56bebf7ada737f949c7010a953bfe11292cef0d9a9e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
c6573d541d1a88021f3bd0698b31e514

SHA1
6cca246d94f982804d004615a8deaef9379cf7b0

SHA256
c3040aecde7c48d48ce393e1912329b40557f5fc2dcf3889be8ffc819071827a

SHA512
088b76b7e2721021bfd78b1acd28effbea6cc0ec0bba31249f8651b689c9ca76f51667cb949714885b3f662fd1bd40b38dd8d1a4ed75d27c633ef7282422510b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ca9210703ad44c60752567983120e0bd

SHA1
da628e3e35db45a348e6483aec689592423671ad

SHA256
7f57800159d5aafd15f748ed9554949abffed745a31273bf51bdb409bfbcfdf3

SHA512
8a94539ee3b7e44e4a64f0fe43f286c0da647fef87373295951a0b8d815798625ea824af6712c98b3925fbe79c344d1d22e188a094d4e21d9c2309fc6f19e3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8107a9c4f57f313df19f6a938e5a6920

SHA1
4a696c1dee41f340c610827fb9a10cab0f527bf4

SHA256
b104078f76cde19ea5f5cdb713ea147ec1474df9caf18df317c302c0058d3ebc

SHA512
2d6f22d2fd1ee9d18b91e899ab1cd6bb9c6d219c566aefba1d42d22b208dd4f6d33301c0aec2f205d8b9be73537159c6a4f577a6603f1b4f7379e39477933093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b6b016682b48a747ea752df185381fc8

SHA1
73cd3d7ea917cc9b2e056c0362d510909808b787

SHA256
a2ab6a93ab12cf4225f897fe92d7821ec86822488bdd78ca7d45b0e84891289e

SHA512
adda986e5427afdddfd77622e23b44f276b353e578fd4ea404c0f5a6a86591aa3db4801869bee6ffadadbb48bc3aada34910c8670e58271b7daacc8fb8eb4617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
b5064a9b902e1938ae79a6b82f2137de

SHA1
1db94ae893c1ce600800ce6e03aa73c13064ab32

SHA256
d6c23a4131e28c6bc5c0e35d6aa586760780e86ac1e632f8fb39058763830e04

SHA512
2a47a87e0c902dae7333c69ce6dd5b9979b2e5913b9296fe5ec6f1484e79962c1d6816f8277853cade881c516695641077aef770fd6843bd34548e61a71f0a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d08af2c8dbbf3118104c2698bdf0eeca

SHA1
004e09a1a066dfb338c7e5a4837b878ab6ca89c8

SHA256
3f6a17c186d228716df41c55d3c0253e1cc737296e009596a95c27a93506c8aa

SHA512
51ff9cc9971ed71dc364dd8b5a48ef82b2ab6307ae6382d7699eb428bc8205a67bb39a0baf411f53a002071fc2a52d9fb4c38457c5748d7b352e397aa59385d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6440fdd08b54c2052162adc24c28c6e5

SHA1
aefb45f4051f4a4abbcfcd15e17d4f773d029fc5

SHA256
0549cacb5b4025de646d228f02b735878faea1c88cf48d7d88246ef5f7ada57d

SHA512
68ed5aaf80e3b062311e7e1bf037f6571c8b92f7318c39a5e2394dd363abb40a50af5d79c5e58f6a7e51ac32415655359bc85c571f20cd3646269fc642335be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ad979198a01ba0be13058ac304e27c7

SHA1
8f58e94fd3211addab3b612eafdd7cd20b813de3

SHA256
013a6b6dbf8f2ef62d47966d54c7a6dea2d62cba3140dee02cf6c44eacbd48cf

SHA512
63ff0c5ed5b541d005a48669e1c5a0eb7fc4b31fcdd649759b97ca36e7890dd887a5e966169bf4046eedbe8b31cdf2000fa2f5882ef55ad02bc81ce7dcbecf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
037214a5d67b089be0b247ad47603020

SHA1
187ecacb8e0fd3d464a30a5c0c76f9d41befbb50

SHA256
393b195cf9c120d9e3a5954a0f3ad25e32a5ecd45926a283d7fdf987adf623f7

SHA512
6be2c3fc59db4f9a6fd05bc7f0b9d4b1abedca5e7ad608ed3357d51d0d406a8140bec1bb59188cc4e41906cf1715b73ed9d1e7620eab44724428bfbd3f008b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4bd25a7b46c31b3bcc5b0354ef96f5d2

SHA1
4d098ab094df1616ec97d4f296990700f12846c7

SHA256
775eb8f5dc1f8906cde15cfb06d689cdc87b9d6aacf94f283a6dce86cd135cee

SHA512
749b2f7f29941b30c8d44a54b434686370917d1ebf1a63f43cc7d57ccf522130aad2d7f37b28fd0674fa6a89d9b60ce9c0c8f6e0f31254907573d57ac97b318b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5c126af3f1428f6a94ac9d30cb80ee37

SHA1
e13755d4c6a475dc830f0259be87a0bb6a36e8d8

SHA256
090fe81bd1630a85fd117c2569e85008e36b5ba05ec80520181c232e28a97ddc

SHA512
27c581c8a8ff907d78159719510575c34d737bcc97f06763f5a313ea0b43ca53a9d684b10b514fbc206749afd95ed6b5e76d5fbf1cef1de63843f587e75be479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dece06c8ae57197b7c6b59970f5491aa

SHA1
e54f4bc70d489f406344bc3e2cf9d2fa7d43e72d

SHA256
252e75a1d1d307635527c3f3bb08448c2271b3d723faab16e42229881c93d557

SHA512
5fa6a65cf6a8ee6fceb72cec1b88e15e416ff08cb455fd4d2dba45a930ea03449ea2100d76146d573a37a4f60374ed33457a1711754d15f15139d431f466584c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1584808834ba8c988c481a68c573c647

SHA1
97e6caefc724e71543a2d1f06b81816b9b4a51a4

SHA256
7dd167fbc6084a6b94ec84abe5a84f917ddb11cfc9f64bb129878a07097ee50f

SHA512
c6f5a346b784a564bae2e3cdc364166a99609f8430368170facd38249f13027b2309e1efc9e1311c1f4c40ac27111faf58b1625e5ff895ef847f9104ab3e8f83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
3da502339e0b7053af15a30f11270eb7

SHA1
b0220151482f0e5bedc08f1c3112f3b10d25d535

SHA256
2dc49bd792459a916862f1014fb570960bbfba10bbf6f0faf442a69bc4ccda32

SHA512
3de59bdacd9fcec9249382d9823a8cd985f374b53a7e5d6c6985bad67492f06c46c482a3d6345520880538377ca417697cb83af99aef740cea381e61e28abc83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\10293

Filesize
8KB

MD5
eed863f35b940b03796d4e1cd9d5f6c6

SHA1
794d7f8c4abb9ed943f648c00c16511e32b679a4

SHA256
b1af2fc76fead923e8987868343f4d4d7d20a4cb427b283919f051e35055047e

SHA512
7ebf21ad4bdaf649c333fac3dac20f47f1b229b4d8ffcf07512a09d81dbaff1cbd0d5b238b7d63056b7d3738ff68e21f0398e31fdab99a5af8e3438993d7e3ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\11605

Filesize
10KB

MD5
e6cd59f5147f5731c97ee408c258a923

SHA1
39f5a412d3f710149e5c57c11382627f7ed4a314

SHA256
03bb6722875f9b1d3d9e2d4a8b4500306d0904b3bf68635e6f33ddfe31a4e734

SHA512
d32b6db8c9584aef82dbc054b5307c04e5685d74a6e72f9f869461f49e4b3a0ac452135fea2c1360fa5b4666424d971e83a9d8f50b6ac541753cc5589e643faa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\11814

Filesize
15KB

MD5
b87c4f0f6e4f53215f13a64a965d19e5

SHA1
11d73e1e9ee140ef3a0f6b3ee97e90c59ef6240b

SHA256
066bb27c519ead798c6bb65c4e85f4af617d2915864322c2afd59dd3cb29e501

SHA512
fdb3c6ea2c018f4121f79f9819cdf7ac5ab9c18539fbc539de4bcd9e4a687ab701f8393c223901c10b063acfba1202a3f98e5f7615e21978229a7f669a0a3e8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\12286

Filesize
16KB

MD5
9e44c77ea6039648e9623b42401d0c74

SHA1
c3b99add238b32a99bc65d429de67ed38e0f180e

SHA256
b45b26d7d902a5d8b63bcbcc2f93b3b1db3ae09b625f214598ce741eda8e985e

SHA512
1f59804c8ec70dad6cc4aa31c7eb38ea62df32e48e519c9c09436d1089f9d8179d088413e9067cbe866c69524624a6705fc970aede147b18c73f8e7e3d134b45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\12587

Filesize
8KB

MD5
94e37144580d630be53529e286de40be

SHA1
5fb21a38ce66a9bf23d31e94934c079ef0e9beba

SHA256
f3920ad41bbc5fcf168534c2eda912de1ef8b5b5fd5b2d6bbec0fba2f8aefbea

SHA512
98443b359396c5781d8f04082504777cf0ba1342f51968d6a42d9e592fc6d08d9e3f49c16686b4225e02d7ece730f4aa91bddfccd89a08d5128e959d3b355467

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\16430

Filesize
10KB

MD5
0c0c412b081b21a9e521a25388af9c4e

SHA1
f75edddbbf6907f36fd25faedf0d244bd7a4084d

SHA256
f8457c8e6904b00af93a4279e3bb7af15191ded405d39bdc7e71f62c06626bc9

SHA512
9f700239e33da76c8efe1746d8d9ceaf0b5c8f0984e929cd217101b3d674fa0d0faeacbac6a872e6c0c25aaa485cd98677178c2db91b2d462a16014c87392202

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\20171

Filesize
8KB

MD5
25a8402ebb77b90f761c135762e8f2fc

SHA1
57c81d49067d8da622ca99c895b22b5de8284e9f

SHA256
dcb5782f6ab09a7b8f26d4e88dea26abad65cb425841507bd96d2c3220d92a1d

SHA512
567be2506e0640d05ed6b919eae2c8309bcab32b6b7ee3a6f064fefe06648f6421c7b9c21f3874f5e309b0fa5e60d69bd16e4d45569c566969dd835ac51b216f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\21319

Filesize
15KB

MD5
e37e80e6bf5286c297db68f35ac4c358

SHA1
d6c440b7aebe2b96ee74047537b32eb8fd07842e

SHA256
73de93745763dca7963e578245a07fa92682394a5f0de82860545f9f9f647211

SHA512
dc18561e3bb86e5e361d9a7295e019305b445242ece47da3da5aa6e4e6f4ae0d803f90492efeda9c11b9d6b3b3f9e09b3c2c1226e74ed9b5b573790add13de48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\22849

Filesize
10KB

MD5
d341de1a7ed2e198bc9134ca3713125f

SHA1
d0650ce7f754d5c144df87043edfe4110b93b18d

SHA256
69fd5435ba324ee999d3d4d16c69542677fe3ce402b0dc8b640af9336bb70110

SHA512
7bbd782c56bff33befe0d3352f1a4715cd1e16283fc2ce9bfc7b49ed90d4c1644869927c17e22aaee9660d50a83f29ea232dc64d37606bb427f95c7442416361

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\2566

Filesize
8KB

MD5
1a7c6fb6a25cb89265f3188df096384e

SHA1
05c1f6fd9aa78eaad0baea0e1f803763d1de65cd

SHA256
83698760974a0ad0c579cdcb89f7a30e4427bb7c6220c59bf558c7c74efa4337

SHA512
b411c19baac8bcf4804169c3e52d0669d6831dec22552cb4dce773083fbdf799633aa584021ccfbefbc0f4d52d42ad06304131efd2f279f5633010471b92f752

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\25971

Filesize
8KB

MD5
553d83f9f5f04c1dbacdc58a6445ae95

SHA1
42bf91644ceaf1dde06713637e0a8926a78a6e75

SHA256
a078be8e78994e559b76c7e402c82c106c69632a9d7290a4d12df42e4333f2b2

SHA512
3f93b7b8b63b929d4cf3706567bb8ad814a480db70184e18070637ba10404bb5415768d6ff2a31634cb2b6433fc21670dca8386ee3c85ee396ef48eef0604a8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\26629

Filesize
22KB

MD5
77f6df7d5baaa09bb7e2336ac82aef06

SHA1
89516a1acfe0314ab77b745aaea33e27a3eecd10

SHA256
d40a99520b81b8e70dd262960936910191073afbc35494de1d79d8f47f498d00

SHA512
c59985c12e9681cf1d9d3adabd127e56e0bf9a12c2c41087fc82adbd8f6882e4aeb1859b95c96db1a0e85095464e5e4bf77cc48f24a1f901f1e1a806eb842960

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\31583

Filesize
11KB

MD5
8062ff9ba364b6f8d5267cd58f0764cb

SHA1
ce9b02280ad2d92508eaa572c90f0006ceb0e602

SHA256
cf803b346092f5c7c804401b40d9a4e0cb1eb95d0283f8ecccca34990a7d3109

SHA512
5fa7e3fc68c1069b8ebd6b916c6edab400b029ee18125be1247d9450e1722a2b4b0d8914b34460cc8b6add800e220cafb74bde46b101953bb7dc2c108ed2247c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\32013

Filesize
20KB

MD5
339f7ea78a119b3b546fe775a19d5281

SHA1
605acd89e1f2038295596a44b16cbdbfe6213377

SHA256
ffefbc1051a537552c47a91e6f5493f91f53552253b176a651b26342712bfe2b

SHA512
ca13ad990563aa7bf7351713195d6c2b97b0ce4a1477d31ed101b5b527b2732887d2501cb56a340fb6659759401fde54788ea3287c96de8c31e832758f46afa5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\3622

Filesize
7KB

MD5
dadb724d8f1592582ee48dd2a26fd1a8

SHA1
d5ebdadf6495b40be0d11beba1cf0b6d7a3a959b

SHA256
6e6731b13ca7359a8c8a8876c086938e8ce867af69fd4e5c82a13fc1442a7c5c

SHA512
2752cca3bb61d36b26a916fe4cdab9e9f32152f448616a8d4f8f56cc85278f3a8779119bd6b093e1c9f57bc6f36fb7e8d3a439d34aa856e6c71ad7b16835ffd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\566

Filesize
8KB

MD5
e55406d922932df58223fae085856a28

SHA1
6a851c3e43a658c82e023be31dbea38f1c79d0cc

SHA256
ae99132256e4d18da7dba05e71e46e281fad29eefd40a0873791dbdf3e274ff3

SHA512
38ae118309c6ab2b03e5c5c9de80e0bcb9380b0721cd723920f18ac20d33c652492e71448f3cd040cb0c16798f2cb8b991a384d6dc006f5c32be06e537263482

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\6267

Filesize
22KB

MD5
6dc33b0bfd5b54d122ccdf50aa40d56b

SHA1
460218f56ad5597d877cf7b93713eba344b88072

SHA256
4ea0f34dfa5fdc20108cae1d2dc9e0eed81218f5e8ed807387d0d2c9bdee0abd

SHA512
f3ea4549c5bb57f880efd8b572f9712873348377393b5a521c0d17ffd3bd81cc90a2efd949ee0f0697aef4e105c4132274c9449356c2e8486975dde85fa4ae74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\13C28CA9E4C6ED47E38AC2049C9730D5E7A7D521

Filesize
966KB

MD5
f4e648dc086854d44d677734566792b5

SHA1
ed17642cf2b9cd7d842724665baa79682f7a92ff

SHA256
bed41e8e97db4433f32e5a64e9ef5f7cbe084d6a37c629fb5d58eaed9a16d7a2

SHA512
3ee042481697163193388030af844bdfe1385484c7b1dd3d083ea033aaae770bbf78e957d99276facd38460714d05708e51992f85c707e37e78f102ca9c258bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\2B619FBF7A3AF7BA5BEE08D99288DFD872E8B3DB

Filesize
38KB

MD5
87ebfca1339861bcb3a8ffa93c6a789a

SHA1
9958a11cbe1976217944d4e4beed689042750a8e

SHA256
f5a4f6fa4d823ed2c1407cca7db90a15f640cd749dc7a0a6ad2e60725a498fb0

SHA512
865f06289fcd2a35750c51ffb83ee461b8c015c6a5ba88d67d0bb795078fbe20e3eba0a8b6bdb9b5c1dad0b66b711c0547907b269a6dbfacd98171aa31af8510

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\91CBA2B150B1552218DAFFED6138A0364F03D237

Filesize
47KB

MD5
c3b593f7c71b73b8d636ec062a95c36d

SHA1
4576ea58cd37f2ecefdbca91f071383709bb0d6b

SHA256
4d00b09d97420cfd9f1b84ac286c4932d4e26874e4dbb5608ed3f657ef675f86

SHA512
19201bb99a0118628adcff58d8315a8d908955423e1edbf267db2fdc17544ccd632f0215ccb4ede0982e08df2b52daaea6085b29a533e4c3d892de235626f218

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\AD51184B52202F4DAFB45A0A1A948145CD7585A3

Filesize
29KB

MD5
d6f58cd411a14500a1e1a1b8db98a62f

SHA1
9c4a3005accd2e0cb1bab50d263db61a26624876

SHA256
5dabc09cbb4da9c06a3cfd3c87622f13e8606642797a66fae5449e47e9691de1

SHA512
9f1696bf260d1586349e96034e9d3892b95554cadb96e6901aae5a09def75b10ff64f63949659881a8f10959807456f1a03fb12b35644cdb3d1ca8dff313df8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\E5BDA875718E825BF3E8607E7D4D3B40393FE680

Filesize
130KB

MD5
1ad4c0c8a272e58be8b705802bdbef8d

SHA1
669acf483c93a55a860f5c22c7679521294beb6a

SHA256
5fe763e5f70674ff95ed74a55855c062f27323a45537eec2e428e9fbc74177aa

SHA512
fc8bcdcf18c7ceba846c907aee217cfc08af16bb9ed10289e8aeacbad52064d8ec26be7b9e6f850bf3aab4b374c48b73ad8e7e0b0753dfc6f096886d56946ed8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\E9B0E9EE203FD6C7C1A97FE9F325C8FC32EA99E9

Filesize
53KB

MD5
6833c99ca6aacb45e7ccfa152dda4ed8

SHA1
05bc092910cb05bbd1e8f3be484ff9cc177f2e22

SHA256
88ca77bfc7027e5c18bfe39633de3e111ed9854f284ef0e38d3282bf42361cf3

SHA512
758428ab6780a25bc924a5757106db39f2aa6487f3cd1b5c858b44f651fb6bcfef20a6ed27fa3fad2f52af7f88a811f738dc232a422b6fac0f82f22181cbd876

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-8

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
419ee130dc08e3e956d734026e23ff79

SHA1
42310c43eff2e55570b26d427bc5533c85c2ab24

SHA256
4f57eb4824b8f02add2f099b2ea1e2237f22e96b17da0c9a17ec6158f5ad3d74

SHA512
9d0833daac555ceb05deea82d8ee8575b8bb6a426ec554e3f475299040f5cd69c23c78a9c3e8052019254860d49110a2c2fa91cd0f99c2402b42f7a0934142b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
aefeff94db6e3c70ec5aa88d264a2510

SHA1
e84e962036ec3a4902d015ee8dd31667b01d4596

SHA256
6e9d6e865d725f479a04a226bf1c8b9d2e56cc0d81c94398e8245999a9f8b4a6

SHA512
cd24f999b5ee40fe64235aa954da90483748ecf6cbd05cdfc27e1fd60c01b1b65962a5864c90f850add19475b5c7d1a7f0fe4f9c5cd89bba97be975c7a972462

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1788f9624a34a2bfc162b381eb9d4fc1

SHA1
adfbaafc1c6a18b55d9310d68d471621312570d3

SHA256
5da814225c0869803b0b91ea2ba5151d02b89f7479e9fdd82b4bb13a2d0bbbef

SHA512
320a35ffcbfbfbc5deed2e5713a4505be803a02131fb9b6efe9d6a8c0eb6962797444c5d52452589c5de8cda451ef2b85b4d7888a03e7f2091c407b8584469ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c2374f44528aab53380d8e1020967d0f

SHA1
386166dfbdcf441a85f7b2e893510e844260edde

SHA256
cedcfa9138e366bf4edfa873a6cb76d6421da292c7e34e49de951d29d8a46d53

SHA512
3da825cee5ba33450e4d2fbd87c1fe91c846d3854ea8f930dc7a5bd705a3a8fc46557a10bc973aab7791431bb8dfb930777ff5ff5de09b17f492066f5bf3e92e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
ea474d2dfbbd28e5345309dc5ce5599f

SHA1
54cfbb4b8a695aba5ba78f111ef2879330c05eb8

SHA256
0004a107eec2456164763c58842dbbbfb7c2c84689c79c945a408a47ce62e3b5

SHA512
1924f9db27e012bd6807ead3114df11546541608b0f7a70aab1aa6e8f1aba2dd112d14e535ac03fec77b63fcbca7f19e9436c2176799d7618f8c2d6cd5492a60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
5082e3c22211ec35b747a29f5f31c36f

SHA1
530a339d1fba629551db379bbb879dc23976a350

SHA256
5c2a0c055f7207b46f4fa761f85b6c73402d041e80d1d53731c693b7472bd7aa

SHA512
583ae9da6516e425b0c0b498e3997e9d4fa070c7d5c396c8bc7cabf51478397e808c95ee65b9af0c2273b0670ba7219cdbc8087f5b6d659a42694bd0cd62f7d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
3dc38e3c339e23b3dff934c355a547c2

SHA1
79d846ef9acccdb8e14bf77e05378219831d2821

SHA256
aa680e7e29261caab20867189428045e5d11132d8d18424708639f70ff2ebcae

SHA512
7c98fe07ea80d2b77143d7bbcbe51f4aeb8006f362f63705690f44f10931608cdd157b541b465fbfa43d65a9556b84a18667657534c55cdae97d7b5e1a526d80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
ea6c0e56e377879892e529388a18c1f2

SHA1
60862832ae97a1b488bb442edadeb7b29dc846d9

SHA256
59dbe78f9c05d0b0a4eb9daa2fab5dc54834b3b1a41bcf2433565848d9a64c29

SHA512
54369e2ada9109387a123dcfa7aa75681b3b1c9bdf721eb3cc029371613d487426afa786c12281a6d4d6bbb3d2d58d5afd72d8d8fb90fafe2352290bd9199f10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
8bbea8fb7f4ffe979ef22f346b154ec5

SHA1
097f359f8c71937c8e9a013c06182f6be6d6c917

SHA256
e823380bb2b866c6a3c5c419760b2a4d657b178e938cc470df8ea588377cac02

SHA512
caa405514bcde5bf69037134b2d9d13e83e8643efcd31561b6e9a3ae7778150766020cc429a2bdf816c19dd6749eaaec49c7d576581d1afdc310dfc553c2d9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
b2ae26b733c99ad3b6105157890fee1d

SHA1
011068bc84a035a66629391ebc3736be43730a9e

SHA256
37cf465e78b9640b3bc3d1e259fc2b8ae5a35ffb347e1da23082f375f5386ee3

SHA512
0d466d6a4ced36e68f148810a95c74bf56169a7a48143f0749faaf58e95f6606b3dc622a940531144c94a5c023c7b0ec9978dceb83de2631be37db59e7620c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
02ac12709a563ac2744fff3a092281a9

SHA1
808549186292fbf488d1e3a2fde20dd1985ee665

SHA256
d5bfa7912ef1226533eecb7099d0d80950ce58a7a3b1e1c1c514be0916f00e8e

SHA512
e9282386c23877171546dfec8a2292ee4c79d33637bff177e25ab9dc4c82b4d5a11d7061e705b3dda816e28032f3e4279e894d466446e009273542f918b0b59e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
7f6083d33e4f4b99792a33f4bd6b9e29

SHA1
b2cc5c9ab1babe9667963f77448c391a31ba1c07

SHA256
5c7a4183669531341fd81e24870e80dd44a4c57337920a0ae61fc2ce0cff3e83

SHA512
0b0af5e77eba7abb98c908701008cdd6fecf7324afa410f1f3a94fc73edc6a319090ba650c4d7b0fe7f57848e3716bd6ed8e0fd5de48a867332ccd3ae75ddbf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\serviceworker-1.txt

Filesize
2B

MD5
7c5aba41f53293b712fd86d08ed5b36e

SHA1
b6abd567fa79cbe0196d093a067271361dc6ca8b

SHA256
2e6d31a5983a91251bfae5aefa1c0a19d8ba3cf601d0e8a706b4cfa9661a6b8a

SHA512
67403e2e061fea6d54770f26bb22883c4586cbf3b37898d8b8e1b41f56a123b62a2f85bbfa891c6bebc1a0c9d0c5849acd5d79af364938ff80725dfbc69037c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\serviceworker.txt

Filesize
365B

MD5
e35d33c2d78ea2adc8275a16fdc0b403

SHA1
4397cdba4f843f36c61ca67ac3abaacd36822b67

SHA256
7441e6ec0e7337c7e637df0a3c07bc1c54b60fbc8e03c465f8899019b2aca1dd

SHA512
d7df498971fe249be8f519a1383fc95a0b4521f02951de986512160e18c95be6cc8b49e79d9a7ff4dec7cea600428ac26e7b6593a301d08cba433df485de79cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4b3563e68de40e9fa37de43eb21c8a96

SHA1
a1e2d8f58b01cb02751d1ec9e30daf7da49abea8

SHA256
c9a7454e3877bc8e2bde567393d692d31b25618ac7dc1fd93931d23f193b02fb

SHA512
d8771e0e79281bdef3beefe1383cd6b83bd04321657237054b64e036fecd860c38ce2628e71feccc2ecf0123acf96adf1b5050cc40ff1ebd9afb37aee1b0f027

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1163921e66d05ca9cc06580417a312ed

SHA1
e2ddc57c73821d33aea1d233b0cde39459a11cd3

SHA256
20f8e557e88b080bc4aff9a12c9cad0c5191076cf9c5511c9bfece167a9d4cf5

SHA512
fa931cb9252b80ad4dedd92326c722457ddd48d9070308fdb1387267b56a11bd96b03be3fd820948b715342c13740a53df00f4417fe47c710462d247f1ddade7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4

Filesize
71KB

MD5
f1f6673f4d736b7e1b2884a489f62cfe

SHA1
9ab867eb142afbccb4ba1f2cf30634dac00202af

SHA256
333cc217547dd392de33006c71e7036d2022eeaa41db049d3e3d83cb78bd6cc3

SHA512
24b61d3f2eea2aa02978a8ade8eb1ed542c09a1193bd178d5b7ec55dfa833980b93b2841ec0d8ca2088aded69018ea06d3d2e9d4d0ba7cbdabfb7450b3c0c782

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++sameradar-1.online\ls\data.sqlite

Filesize
6KB

MD5
f4427803c279331203e9156a287e8587

SHA1
579cfa1a06c1338114fdc3fa2edf9813d3c7e83e

SHA256
f224beefd9e68ec075175259fad75bfec7b65f29abfc16373ed20b95ba72205e

SHA512
d9aa519df1cab6b97530c16eac0bbe9eef73a211d4ca85947b4df2c459f8222cf8f3cc0510000795542b42fa1d43548ae8077b6e52bbfa508d84947bfeeccd47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++thepiratebay.org\cache\morgue\146\{fb815549-97b0-41d7-808e-ac985333a692}.final

Filesize
19KB

MD5
7c77c4996d686f21b3a7be09d66b0bce

SHA1
1ce0795d5d2b3565b42c4aae7b32ea284e95ee37

SHA256
c26c2db23b99c347aa84cc19b8039665db1f2fef9994f4e04a87d5a84ec73bcc

SHA512
3900c90ef86a88cb851f94c389148aa685d22c08935508debd63ee89d6e500d89852602a56e4b007385fe52ada59cad6e44d393e5c34884d5e3f7047fa62a93b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++thepiratebay.org\cache\morgue\178\{ac078e15-3e8f-4176-8bbb-e026ddbcd2b2}.final

Filesize
59KB

MD5
a249b5f9f1b26641c11222bc42737ff8

SHA1
64bcf912e0ba0f4a0951eff039ed747cbf043ffe

SHA256
0e994f64a16f4d824b37e6771033bbd46efafb37d6a36dca289646e1ee47e86a

SHA512
1b7a51360c83ce09a7220ac9668e4c8a82205f8b35df809fb6be72499392dcc17fa9a9dec0ed8dd28e024304045fca9871f62142ee79b90a792f9e04b0a9ec4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++thepiratebay.org\cache\morgue\240\{a39350e2-fc6d-4be5-9be9-976f9cf86df0}.final

Filesize
19KB

MD5
09bb8785ca89f7ecb341aaa809c50ac1

SHA1
22ee064ea67cced11bd71cdec5d1946fe53d0ec8

SHA256
e2a18cd84188572a0524eb460f65c06f1bc22814e82a671116d2eb1bbb376155

SHA512
4816e0d69d0077a08feba2853a13462f359daad330d6c1edca998e7e2ac64bce22538e16d71cc3886e9a63c7c5d3c71c19ff96888d22dbd7929dbbf134ee1b02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++thepiratebay.org\idb\301792106ttes.sqlite

Filesize
48KB

MD5
7156d43dec76fdcdef22589bb7aa17ae

SHA1
e3f8e3cfd256e854a9b5a63b3fdc67561d91a1fe

SHA256
afe79d6c401f3f5e0c71c055cce5cf83a31b281342e8f8950c5546c32488e55a

SHA512
a0ae2d94d95fde8a17c65f148bdab990c34a2075491d12335496364f29bf3b1c20c458667f705b47ad2ceaaa21a26e5947012cbf872ee37c3531d69ac81fb2a5

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.F73cyzWw.msi.part

Filesize
1.8MB

MD5
50515f156ae516461e28dd453230d448

SHA1
3209574e09ec235b2613570e6d7d8d5058a64971

SHA256
f4afba646166999d6090b5beddde546450262dc595dddeb62132da70f70d14ca

SHA512
14593ca96d416a2fbb6bbbf8adec51978e6c0fb513882d5442ab5876e28dd79be14ca9dd77acff2d3d329cb7733f7e969e784c57e1f414d00f3c7b9d581638e5

Download Submit