hxxps://uploadhaven[.]com/download/b06eaecaef3757183f7e33fd19d51822

Resubmissions

21/10/2023, 16:27

231021-tyh2wafe5v 1

21/10/2023, 16:20

231021-ts6wraha66 1

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://uploadhaven.com/download/b06eaecaef3757183f7e33fd19d51822

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3777073499-70821052-905318652-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
2252	msedge.exe
2252	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe
Token: SeDebugPrivilege	2392	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2392	firefox.exe
2392	firefox.exe
2392	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 1788	2252	msedge.exe	76
PID 2252 wrote to memory of 1788	2252	msedge.exe	76
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3884	2252	msedge.exe	86
PID 2252 wrote to memory of 3944	2252	msedge.exe	87
PID 2252 wrote to memory of 3944	2252	msedge.exe	87
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88
PID 2252 wrote to memory of 1908	2252	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://uploadhaven.com/download/b06eaecaef3757183f7e33fd19d51822
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9bd7b46f8,0x7ff9bd7b4708,0x7ff9bd7b4718
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16687336881722405188,6200339847569754819,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.0.1017482439\49240640" -parentBuildID 20221007134813 -prefsHandle 1924 -prefMapHandle 1408 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df04810b-c8db-425a-974c-766d8a63aaee} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2000 1c4b72dd958 gpu
    3⤵
    PID:1812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.1.1462717007\1019726133" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de562b60-80b3-4c0f-86e7-7bd89091c8da} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2376 1c4b6a30558 socket
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.2.1685827314\1504544609" -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9893430-0789-42b8-9585-2c58ee7dbe89} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3224 1c4bafc3e58 tab
    3⤵
    PID:2768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.3.1824650669\405681845" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3480 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a8ce110-f702-4736-90fa-7e6c5df08658} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3592 1c4b94d0e58 tab
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.4.1384034731\2057318517" -childID 3 -isForBrowser -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1308720d-7ada-42d1-9ab1-92616b6ac25c} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 4700 1c4bd241e58 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.5.487158158\908959425" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5012 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b3062d-a2c9-4d05-8223-2440646de7d4} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5028 1c4bd241558 tab
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.7.191446875\475867365" -childID 6 -isForBrowser -prefsHandle 5424 -prefMapHandle 5420 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ebd7d66-fb5c-449d-8620-c146cec66787} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5340 1c4bd4b4558 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.6.1374909242\1865634642" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12ec0bf5-fa99-499b-a4c1-2f504c0990ef} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 5144 1c4bd4b2458 tab
    3⤵
    PID:5364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.8.184612013\418680297" -childID 7 -isForBrowser -prefsHandle 3884 -prefMapHandle 3888 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13a2f80d-8b0e-4d74-a699-6b7dc7ad6d43} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2820 1c4be5f3358 tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.9.1967189798\1580250591" -childID 8 -isForBrowser -prefsHandle 5968 -prefMapHandle 5948 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {944882e7-1d5b-45f2-8e81-566c1d9464ae} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 4868 1c4becef858 tab
    3⤵
    PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0cf64697fc2784c9847420986e1640d9

SHA1
529a3599e6d0a45784825f82b0aaaf914eac613d

SHA256
98c2d1ecdee4883a243dc1160d6a613c15b980b28739b012392d50fa2d1033c5

SHA512
040600746da1fd99bd624e9748c00c9eed74b6c99b02b22a4e99f7b4d7bc28b53c88224ab16912b7cc58193725d4a2f0cdd7461145bd2a97aa3bad9cee03d96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6878c53a-9a74-46e4-ba76-f93a5228c934.tmp

Filesize
5KB

MD5
ab526c38018ec0921e10f3775d39a970

SHA1
bd67cb8b71a580907f5b8e55c236e0a483a1092e

SHA256
e33afbc221be0964eaf1d13fa552d8b33f82372bf043397422d0ab35c3989386

SHA512
39da546bbc6c2d9c89736edfd74c8922e58d192814c36d31b9a7a0507a0f99551558d4d47f0d07e8c557aba6e36da8aa5743cddeeed7405988839309e8826763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a44d7ba4f22adb41f7194a0e69c3e1e0

SHA1
a4e0dae5e74191f8d8eef3c8e903b0f321bbf01a

SHA256
08449edd9ad80b4f999601c8c6b466dc4ed0af6ba3c472e66f96fa4e89618560

SHA512
7b13ce92fdd089e70e8b6d5fcc3668d70b78e89ec789acc6169a6629de8aced951c5dd6e8a2916d816341994d828dea52bcd462ffabef3709790755f5816577c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b0418ddd0ee289d311f2942bfb4fe799

SHA1
20c0ff8cc9212834d9101f0cc171f36664ba3bbd

SHA256
40d82e583c5380d5931b5d0578721619dd3da87e49e4901e39ca16d890dbcf8b

SHA512
10210e013868fde0bee087d445ba3c93092b2694ee1e01b6804cc0573de8c0c25b6e98966f6e878656551d7147ba095069f15734260c10bda12857cf045c1cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c08d5dc4ebfe5b8b834bfa3186994b

SHA1
408acc5335829f5698b45ce7ae9126bc5ee0e31d

SHA256
da1fb1f4eb32378617ce2510840f7e9f2fe5d9597c303f6d2d84329098b53f0a

SHA512
35701ecb884a36b9ec43604430ac24c1135fb8f1806ef5edcd8b6dae1c4128fc49ab96f842616d6ba894255e0aed0623f37f844606c9b4b27cbf5c84d2be3ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b44e32dcef93de880d98adaaca76c9a1

SHA1
c94276619c78788b1cf53a8d9a7ea9f707103f6c

SHA256
5392911d9c1dce87b8d9336f33a9fdbd7d97ac6f2fa8dee0833d043897520eba

SHA512
b426ff203a8f8ed065cfaebb9b6006b2613833d2369f413159babc737ab97a41a5432ecf3918ee02d1c73f0b6b296af21c9b900463e88c108efa6f71be5cd451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f35a0be8995cc98feed95b67c8457fa2

SHA1
c1d3dade38e54b303cc8a62cf5f486be9bf15be0

SHA256
d3b9788d364980bcbedb5bdd823ead098f151ee6355f1c14dd5719ccbf2126d9

SHA512
5711cdd2aa0252d2456bdfaa5953c512600dea31907d36fd869abec97f8540f0bfcf8a407602b627a23e3f5f1101e8bcf055233ad9ac1026e5df4c6591c45c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
072d5569f55ca932a2ab960aeba3a3a2

SHA1
f3a4290d6408c3a83769c86cd4094c8fc0a516dd

SHA256
c1047326f548935366210b5e4432465c0e902724e4e2e91ec8bd29e5c4c07cf8

SHA512
b0fac5340cf4fc3278e243023e1e61bad260197b80bfab2fb636cec1ec9658b89102fe7b72be739bb7e959490144b08345eaabeb3d038cb82465fcd281df9b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58655c.TMP

Filesize
371B

MD5
f5a7a8af1ce33723d37ed8ce4de1c7fe

SHA1
8bfc5488e52afa269c9bc736a17747441d537cb1

SHA256
684bc8508c25a83d12b3847b2869051a3e0a03ecb299024c49c1019474ddf7b2

SHA512
e007773b949b6d9f98bf2bf97b7102edce0d479a00ae34747b9cc7257e23dff977a218bf210e157ae5a30300a0c276cdf5785f26d65da128c17b7e2564637822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
62f9d54ee5d455f942a88ce4723901b1

SHA1
6651cfff531f803ba0a306ce91b35dce70d252da

SHA256
b60173206413d3061739273881b079090024fcb0bb5888f0d7a9fad37b64b1b4

SHA512
4aa7c0804180250a88c7d5243baff6b2b296b1fa7481a25b3b8da7f8bdca628af8126dc54cc7be838178af606abb13269993e3423c4b682ccfa6125f02748404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7cb551ec50b164d392df997a13c16a42

SHA1
ebc79d3520e0a6c8fd51a941ab241e8f37fa612a

SHA256
24ab7f0e440122f217c5666048688ab1cdf1d2832b3f2cd7fac8c2eb934f62f3

SHA512
e1b605f17762706cd52b784e20b93de4fdbbdbeeaf84710caf9afc5158f168041088d97c319f1176993b345a7ebab0b3048e82b3d621a9a7d01eb38e59a2e75b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
8b6cccd3a5c8065c6f6ab942638c5acb

SHA1
83ec8a2b88c47047a7d287d0a9adfe03e7ca0f78

SHA256
dfbd021aa78db92c78a8a88dbd7e05e4f7750935f288ba55c3e8a36f008f2fef

SHA512
161854f0c4f16321d15fdc3ba603f057dbe77bacc3aac5fb27f9d5f1e92ff23aa0258bb8a74377c9541cf4eddd1e0c93090abdb12ae62966f09a4cdb65cd5f2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\cache2\doomed\20960

Filesize
10KB

MD5
e8dee31214995bd4607308ec1ab04cea

SHA1
1400ba40c706fad6a871cb7a27b9617abecf402f

SHA256
226dc51b1dfb8e6f1e4781d3f7790678e15d67e9ea7a7921188abb1bc1e5f0fc

SHA512
c1a3253aa5db009dd646e092641fceca593302245526e1b8ed5c93c9213ad438b00fdfbcd70c7924f1098392b4f9bf4d22ce612ac188ebd781121ee0fece352b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0

Filesize
13KB

MD5
29c3f15c7fa45453e67ca7c535e65c54

SHA1
48f7f6d63d9e31f5be7603f332c2787f7d0a1591

SHA256
d15a2bb1a8cdc2d9ba736c9f06e62d13754ba928dbf08be43c93de5297e6d028

SHA512
b301f0a899b436049ca3953eacc9be5bfbfc3e6e00d8e97574ae52bec83cf059b98d99537ad8adaba64d44033a4f4392ef92b0d8dc6de62b385cb7930d7a8edb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\cache2\entries\49B2A39D985F5990AA3C4C3E0C08EDEA0E89202E

Filesize
193KB

MD5
526f1983ebdacbd509f6a1dbc67ec2a7

SHA1
b0aa5b6a446671a16c3615f8d711f63be0a1ec09

SHA256
943c8b88310586e7a9e71b1f67e165d50cd216d35c20577494b1f1f39466cf98

SHA512
50b1ff675724bb96a3eee96283afeaf3690a18b05282d973f49a13343cb7c272c90e4b38fb622861617df0800436e974f093b9707d64b40e3b1122e45b2a06d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\cache2\entries\51D52D298316CD3F9A90A40E946BB34EFA1BFB72

Filesize
13KB

MD5
3d92080442e040f926693f16e84b8afb

SHA1
cd3954e5d6da37613c3a9769057951fda2594377

SHA256
23148b111d4f501165309a7899850bc101d20e272f5e07ff49626353c3eebec8

SHA512
8c2e3781387a4f7c9f56e20bb86e6b958b875b9eecc9c6fca7adebcc0336d123f4527ea0c0897a5eba67f3d16820c5747b009ca5a0d871582f2d09f8b986e857

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs-1.js

Filesize
8KB

MD5
b72c2a8953c3260ea43ad18f94893f56

SHA1
badde811c73ae83f936f7cd945cfac974a65307f

SHA256
b3eff48d1abebac26cf02137c6fd61a600a7d606ddf915181f6a882e9fa6fd23

SHA512
cb42be56e75bc0637c67abfc0523d4f737a23968c345f2c2b585bdf714fff1087549b7620228127bd011fade0c4976842d3bf42985e50a6f5a53e10901f2b2f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs-1.js

Filesize
6KB

MD5
c95a9eb3fe3e733e327eb2463c8be611

SHA1
052d4d086b0aa03cc2b2df1e7fd6f99a83ceeae1

SHA256
46266530dd8171f7f14ed5e47abedffc1c87cdab7f301968c64ff849af4fe6dc

SHA512
fdf33a6e496b490b4c040b7b8caf60a8f4cb609bb9e19a5adecc8a5a207b9db38b1c814143f718cbc1f9cf66a5059c0b4dfa7aaecc7e1c7121dc021c5e9f84fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs-1.js

Filesize
6KB

MD5
adf63f44da9ff1863f5cee6d2ca1037c

SHA1
3578e6d7904d1c9b384b59df3fa3941ae7cda23f

SHA256
d5c96e4aa178f08b06ef7489f2f0b75e76d7cf4d323b1def6893befbe9a15c91

SHA512
64d70a55efbc76926f15b7c7f8f14df492c1053f13939e2e1f7f9f8f11494bd9c8ecb191ecb4c790236f39c31268cdf0db75dd0afa866c803d8eed37547e2280

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs-1.js

Filesize
7KB

MD5
50845001cad514c519fe2ed1e8fa5a9a

SHA1
71154a7d691240cc79117196854ca15136f5f7d8

SHA256
22feec401afceb5ee990bf5ff48f6a5e731a42bdf64381cb285b1ca66baf0226

SHA512
b8030d3aadf20665572c08e6df486678b42939e26f38c489bee1f8d2f7d22cb0692ef821b5589929cfc6f0a51fde25ef5165f2160fe7fd8e7310ec1bc9377df2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs.js

Filesize
7KB

MD5
05318577cbc8031b489947e0f16ae1a2

SHA1
2377e14ad621165b20d274d69ac4d8c4dced4659

SHA256
8916b4567919179ee5aeed319aeff7ea3efb1b4379e894264a374c82b4287fb1

SHA512
80749ac5aed4d2b1d1a4a81714409327d6797134da7c5fbc9e46d6a6ecad7bf6276b5ff96450553875aeaeb85ceea0823d87876d1b2a2a451032b1bfc8fb0e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\prefs.js

Filesize
6KB

MD5
41d97d9c41d084ade9c94bac1845274f

SHA1
e14d620b41597701d6acccf9d5400a0e1cd693d5

SHA256
19138f56daf65af5f8e41733f881d7ac5827cb3eb2ec0b09cb01c622d4613d0d

SHA512
790d4714ebad1fb064a790a24b259215ad919a6699ed305454063039703621ef69a72e11c1f6d4b29b159ccb63d101ab97f3d6e3a78c07c8133f9601780d255b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
26336dec77a2102cdba4a76ab6e2d790

SHA1
5343dde9289c4935cb25b604e7eed022dc44f1c5

SHA256
0c3ed0ec0fec38f2be4529524265fd793f7679bde0be320e8eca292bc6e9e91f

SHA512
072a83d1e3379dd92220b45d904e76f5d963fcb1d9960d2417bdb128fdd2ce7937c3cb1edda6481a7ea30664ff835a63b993c4577a7348bae45c92bc562942c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
938be9b948c39902fc366b658393eeeb

SHA1
9e38267c538103bed15f3f6a14a3c01ae91b707f

SHA256
f0c9774190ea365905e06c7754b4041a6bf4e8797b9e81eff429cb090d434710

SHA512
dc882f61cd6535fcd369064ca0adcee9c2113f8d917fcb8c5632324c38b6ae4c31752c57d705b47a4e6231b246d841a31f7715ad62fae34b94a872a89b46204e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b4dcd3b293b7c8dbaa068740e7f9addc

SHA1
b2509a3220026e1e897c19fcc287fb1bc124f232

SHA256
37930bd4969eea533353722ecae6877e2cd0ebec16f200f1436a1b998f072080

SHA512
916662f5482dfb3b528e75ba0f13052f824163d4e1e6fff5807553958addc1eaac81cf1346784f9f88775f0c4f2c85808741b89b9376cce18e0980463a59e92f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0b730a627ecbd93f1da92b6736b7efca

SHA1
ad5184bf1f21fec5af72c026dce32f5419261034

SHA256
3df5c1404edbae90f4f895f361c662149c0d8cae7d644eb019672df3224b1adb

SHA512
fffd5224d890ecf8f9c6ff147c32d7e8991c6e4b356e6f7ce6b589f408312c635e7a5cb1c2e9ba6adcce7d6bb7c4dafedf59fc39d1b678fea3ac775219ce36b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcxiiu5t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cd164b32c2ad2265eba93a47cd389cc7

SHA1
7b4d8c812e9dd54f67a42c9f50259be8392b5485

SHA256
776eecfd7f17ea87ab36e61a16fe9ed163a60b43201f4459743fc0958b1dee27

SHA512
6b104ea75d7cac6a27d13fdbe11245ae966094a8d1fc36c092a678e92b61b51d92a52358d3191dbca2af47ce7de7ccb17488affa58f7b8a7c9d22499351c4e55

Download Submit