hxxps://github[.]com/FailedShack/USBHelperInstaller/releases

Resubmissions

08-05-2024 23:10

240508-25zbfacf8v 4

08-05-2024 21:14

08-05-2024 21:13

07-05-2024 20:34

05-05-2024 21:55

05-05-2024 19:37

03-05-2024 01:17

02-05-2024 23:32

Analysis

max time kernel
633s
max time network
689s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28-02-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FailedShack/USBHelperInstaller/releases

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{25ECA232-7E1A-4E94-8810-C26B018E3B29}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
3944	msedge.exe
3944	msedge.exe
5320	identity_helper.exe
5320	identity_helper.exe
5764	msedge.exe
5764	msedge.exe
2120	msedge.exe
2120	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 4768	3944	msedge.exe	77
PID 3944 wrote to memory of 4768	3944	msedge.exe	77
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 864	3944	msedge.exe	78
PID 3944 wrote to memory of 800	3944	msedge.exe	79
PID 3944 wrote to memory of 800	3944	msedge.exe	79
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80
PID 3944 wrote to memory of 2684	3944	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/FailedShack/USBHelperInstaller/releases
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb7d3c3cb8,0x7ffb7d3c3cc8,0x7ffb7d3c3cd8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6692075140300636936,8596945253254124771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.0.1639128225\512607979" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dd5c541-d226-45cd-9e12-670c1df87f37} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 1896 20f1e1d8c58 gpu
    3⤵
    PID:2020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.1.1884317566\1390768777" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2252 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a3c8c72-f840-4beb-bbde-c8a67048f6d7} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 2276 20f1dce6b58 socket
    3⤵
    PID:1164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.2.300351847\983893348" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ec117e-fdcb-4043-9c86-bff5a78aea72} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 3260 20f2319e358 tab
    3⤵
    PID:4788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.3.1109394514\1311028913" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3084 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96a88178-5069-4f3a-b074-e4cb1c21bb67} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 3128 20f0ab62b58 tab
    3⤵
    PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.4.2123570737\1042604444" -childID 3 -isForBrowser -prefsHandle 4624 -prefMapHandle 4620 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9c8560-fdf7-4de9-874c-2692007a9bcb} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 4636 20f2528d658 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.5.651766819\1268880143" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5056 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {093124ee-5488-4105-ac75-04506d221348} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5048 20f2528d958 tab
    3⤵
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.6.1350207371\923106043" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62de399f-fca1-4e1b-91b1-76d2eb66a887} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5188 20f2564fb58 tab
    3⤵
    PID:4068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3000.7.294030752\1794934466" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02fdda2-552d-4a9a-8fa1-424cda454ffc} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" 5280 20f25652558 tab
    3⤵
    PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
22KB

MD5
09f8c92e96d3cf8ee18529227652a071

SHA1
eec285f8a4a762ca3de3e80ad47a3405bb01087c

SHA256
268e7bd4d3a846ebeb61b4be20cbbe6f98288e4a08de05e024c99eaba11a370d

SHA512
6c34f957570b168688102e50591dcc3f1a5369b2933b4dcdb1addbbf926671a330e8f4740bb14ca51a56c8b9bf77c44c57c0248840b131e445bd2cb63ccfd8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
143KB

MD5
584d22ea4ab1df2e6d501b0e05ac92b0

SHA1
508ffed83e053949f8cf5820c87f078be7f1876e

SHA256
b8ec8a06cc836cc6891d2186ab26d5ec09fe7e3d29cf1121661292a8a8502a33

SHA512
ad78a0dee02c4ad90cb2c4b6ffa63b043cf53830249ef00472c4bbbed74b5f8ec0d139ac69672c0d36d382182bca37682db28fd4936c2af605e239156738fc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
34KB

MD5
d5ec9221fcf1936ede2eb0bcc7179684

SHA1
45fa31d1d0e1e07941cb1ddd68b36aa75c5a5800

SHA256
24c7f448f3ec28eb85cf63b849dddc00fe9c4f21287e3a05938dff5097048a55

SHA512
246c2d5ccf3de0fde086f0f1141c13f42b7f682aca4e8c66a9fa8dfe52014f93910886053d4e321c2cc64c270cbdd7865515f6362acc033b4b92b827b98b5c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
46KB

MD5
5e72db5bd005da40522603311d7268ff

SHA1
582e7c40857addc4470a9630e9693cdc2508a950

SHA256
61bd26697179a94666302b481f0e53e6125ac28310da93fe94bfaf100187e634

SHA512
5f5720752a25528bed917026609085a8c2e800cad4169444e1e0de00fe642ff341fdef714e34bc26834bfbcd3ae746925b8f4f9feaa7b62cc370d3c34575c7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\203937f6378f72ca_0

Filesize
409KB

MD5
3878d56b7c4928aeb1ea9c2e42ea503d

SHA1
4867182069c940936fd494697b1fa74929335ac3

SHA256
6320addfb2c3a84e19d7547384e6855dbd7799942518b01df443f8f4e64fe53a

SHA512
3425c60bf42838002216acb419b7ad7e4993ed1d9d09427992c39652b2a1c4be715471bf1c522b79978d1c40a7a6467b961a8d7085342b7b38b8f3bccee737b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\372d0ecf2f9f8930_0

Filesize
43KB

MD5
cefb1812339acead8ab90b26f45ed3ee

SHA1
d0a5e49502f216572c5f01a41946ebdf2a1d4a2b

SHA256
eb3ec5403e7905864ee6274a6e62d5242b575182d15f7a16f874cc43aa50a267

SHA512
16b3cffe6f565466b43c67e111c5b6fa451f483a8020d6738753277103109c22b24b17b15e66d19da507fcba74e3eb7f6a01b47a36f3e696796ec66e0ae7cd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8894ca068436fc49_0

Filesize
3KB

MD5
2ffb2a2d2c0b129b5c35455923b850e2

SHA1
837e9f8e84dadb27ccdeb85b549565514bdf2a33

SHA256
8104eb906d5860f29e78306f7f28af233904b5a925fc04b35c67c41f5da45795

SHA512
51ac9bb754f325b423342cb6721f0c927aafdae88f8914e5be1c7a59b1beb0592b569bddd5ebf37358cfa3f7c015c5e9f5224fc120c5ca53c5082f61ab49cdec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aecdcb3a2ad1a53f_0

Filesize
33KB

MD5
1ba0ebc40569f3a8cb3a445853d94bbf

SHA1
231788d77ccd0681295579f5908080da4a69cc5d

SHA256
d898eedc227da34b2ddabd1a129cad2e0b6378de024f7d7db77bbe18148f67e7

SHA512
3f1ee725cf0e50129257ad68ab94b8e9c7724641aeb8dfa070dc717d17622698b2627a1756cf93453f8bfbd2db86633c061f8a0f3e9a4e6ceea92b8e6b48adba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bed58bda5e518895_0

Filesize
15KB

MD5
c3ba2028125122eec2fed7b864740297

SHA1
595a65843db92e60fd64b1f4a2c28013eee20011

SHA256
925dc23da8c8510fc80f1961fcd8f9b8475fa7e4d50664583e5276cbf8babfd0

SHA512
f2d20cda1b77b51c40c9d16cca2e76d923e384c755a575ed5bb35c3dcd29291fc899b317f69a836e5b8ca741323fedc1281d0d4784c5f173d16a6bf3ad14a7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9010d52ed1d18fc_0

Filesize
35KB

MD5
571c2fb244a9f27f841ba3299d4c1e70

SHA1
4a907c642f92931ec84e25aeb83182df5bf8621b

SHA256
8f6c479e60c2b119a44a16169fd98d82f5230361c406a6f9a0f6cdec527609dd

SHA512
016ba44725b436f9e6c970eecb65a34049f5f6c25d88883ca5158e0b78af692e49e792204aca751b3ea84645eb23d81f930c4c3d36d833c0719dab2f0cb3d6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dca0a42e49a35164_0

Filesize
7KB

MD5
5f5600a68c68d840cc66ae39544b21c9

SHA1
b2996ee67c253a1f11e2290a674d0da3e4b40fa5

SHA256
0c6fbe73dd027b731433277da84719c02db5efbeb428e47767d6faca262bf336

SHA512
68500b1d95a2fc706353248a129137e6dae2382c297f3d38de5ed261fa3783104f4418e12a6359daf20b981035270a90e9ce7e37351d40942904455baec48eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9299ad773ef3e44_0

Filesize
264B

MD5
a9679ae3853a6fcbe165a5c6093bbf2a

SHA1
e48cee288f17eb7d9360242ab6bcbc0f3b61a946

SHA256
a0bab9e4a2e647fd3119a91e414b8a090acf064543064c1902a3cf48905d7dd1

SHA512
062fa676d63fb302e61cbbeb8775dba494907de3bb1be12ee1a7cb66ea00cc4e5fb30f2b415b7ae94b8ba3824660b526697ff82a2f708a6d7b0f75ddce6d2c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1c50be8d4e1332c9e52a40ff5c95e277

SHA1
57d454a513ee0b0d1125a8e0efbb022366d29c9b

SHA256
385fcd60e6c0a4cacc2b6011381546786d7bf8d326dc754daedfd0b6659e5ed2

SHA512
c6f43881bd90dd3cb1f018c958e5331858d2737bdfdbf76e893274ede3ddb8c557567ce78c1afef4e6d0fc124fc87d03042ae05e64bb26676258d2d0ad5c0e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
60411d4d56408bfcb3353eeae8ba2344

SHA1
25ffd016a7dc327cd11717e87163028e1697c57f

SHA256
827c4b942d85c17be05b16f5e2fbbec8500cc3f9550359f29e74714635f46b44

SHA512
7d7f095da48a344051c193a192aa3f37003dab040982e14664d9afd0d4aecd2f7915e10f0049e3e6ae6bef77abfe5027d84d1fbe78b49f7d8909019b4b45d9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83b3f04cfae2b86162021e27f04a82d8

SHA1
b1779e056eb36155792d8cad89cb03d5e117196e

SHA256
7cba1f980dba31a7b0da383a42eb0bd93533758197bbf96e7ccdc15ebf2376f9

SHA512
816246264e38cae4474a92b848d5e7cd277d4b5354576d5812af4c4b76d89bc2f771c619e8b6e340ff0d0c53e55bdbe1220962382966fb4566f82135a1500446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
92e4887a5bf16d03fcd94dc1471711d7

SHA1
8472657b664192e8d040a26f3ad1b8fb86c0276c

SHA256
df27f127432e26565f3afaffe6bc04e5bcea682492a3a414f16f2e3025e7bc84

SHA512
d8b4ff86dd691cb1455ebd937dbb4a3c4a0ce0eddb37bcebca5bc2f6bfebebedad31d30dce2b1092a21be22e893c91064e48d41b60f0fc74de99fa87b6114a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3d141f121336e4730f7045e829a72222

SHA1
5c7183cd45483d60607ebb542f613ba511256ecb

SHA256
7a969901227034fa5e01b8e70ae9c3a1d11c9c5c95e355277d260345d90b44e7

SHA512
a16690d734f465365dbbc3dc1366b522150d6ad9e2b3ccdf21bdbdb283882e15358ae38a5382738a202a98bd309abf8962e40a91220773db4cb3e86e2a051430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
714e10b48781c0d3069b7b16dccdf0de

SHA1
820a8cefbf6b50b0c02946b15f82b092765ff70f

SHA256
d1db09bdf69a27c25b5cf9a7b1d95d26d92c0bb04bf1d44b66f2a458a2cd0a7f

SHA512
d0ad76cce34a2506b810d968b5cdbc43a7f23a0b1a7b516b25a57da8b9db681b6f0c7036ea75ac82e7a792a6c40135c70362c19149303e12fadde9cb3861d0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9aaa2478b18bcfd8d013166805a92709

SHA1
e5b4ff33a0af88ddf95952692eda5c74cd02341e

SHA256
0c7227d4fbff2bbcad66acadc27efcd7ff433cc8b444b16f89da2b3cbf5dfe7e

SHA512
fe0098f4cb2068ea06a7f5a7c61f60b85588a0841ffae9cddc8c07f64b2e3770c317b000b903dd4e42cbe30bd8e66384f3c552995eccf4bc22b91c5f5297b749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b422637d8e86ab0f1274c77e02a68116

SHA1
4ada875cb3318d7cd8d39eca3104dafcd93dea13

SHA256
20bda0ba64cce8b4f4b997928daebe76abd4952b5aab0ce92df924289506220a

SHA512
5a46b9a23f1f9c87a9bc8ca4d785a0b5646eb05b5f341a0979accfd2b1ba35a49f934ba5a4fee6d3c1b33372f202476c1b71308dfac7304e9bdde95926eae118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8382af3783f1086fabe830f6f25fe29d

SHA1
e1ea9bc5bb859eaa3db099db9fccfc4868062728

SHA256
5492216a4ebeef9db595085544ccb4c2e1ea7b9486f6113d829494ea4cdaaee1

SHA512
f9d68b8acd161fd88347db236a8cca61dbd9824e319f54482dd602212c62e441ab02534d5de3476cd86f9aa15b1c55f9d4df9be100dd92bfa922ca519d629fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ed3c67e50ea99520d39400fdcef59d8

SHA1
b8ebb448e57a9c178f330545b246a015fb1c43ca

SHA256
9f936611752540284b0ac2dec66e5efbe9b032b6e6155b9a1dc7d73492872b05

SHA512
b64647cfd09b6a8c69e0824a2367255e1db2eeebeea287fb2d61828d738f3422ad751707ab6f9e51a0fcd9c74be941788b8b37e76928dee3517c630495f5f619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d73feb4e2a15f427b74b9d370ca4096

SHA1
8edf230d829e8a1d3f674d1f8404643e3fe77df8

SHA256
f8e92c1e5cd0a64cbe7e6b580c3c75373c63db96556bb9c168209f21b5e99548

SHA512
a527de3fca19e40f9fd3cb7ad18cd0a96a6d2e95b5c8be2651e4bbd1de4baa94ef1756ffcdb3f2eefcdf9084094e2e25e163be73369c91f92acfbf50f370c859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c057e10f12fa70ba7e9ececcd29b56c9

SHA1
60f6102a3e42b1f317d367d291a9914bc624d20a

SHA256
98eeacef6ef55bea239dd50dfa6139d328d0770f4cdca04cdcba9541c64b6015

SHA512
7c58aeba5a329aeb9597299aa91ac327f756179ef2c25cf14f00f811492e68a142069e86c2645d9d7b262bf961d3788d580fd9b7f364eb2cabae2adac7b24a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0c14681dd1722b562fdde7d230f902f

SHA1
3c85304a86e9e4b7de821939523da25d4be16a91

SHA256
06520c9b8947cca76e6d6074fc2815f96b4ca8c61c6dde32427b06873cb4b2da

SHA512
06c91399317d67d39d2e1bc7460662c89ad6449e5e1e3e67c171019e628a3a361f7c2c8abb0322013154efb4e0725a04d21f7ba7782eda09b0efd38621197ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73474a8e2ce64fcdf7e4552aeadd15a8

SHA1
c1e3a127687e5b6ce0f30755c1e59e95be981da0

SHA256
08599b33b05e7cc2e29dd9cb4a4d6cd918f501b50c140017930af9bb2f54c026

SHA512
ae05c6702e8652b9b0ee617912671752e6699871261a1c912480d1c177bb2b45bc8ddc8bb5e13e4bd7c4cedba8bf4a15f3ebfdac9cd1a48a211ad9a728a84ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
451f04dc9583835ddbebeae8b6b39ed6

SHA1
278d1efc98426e46d67ca40b4ac63869354769c0

SHA256
9c6049385b5b96e44d15e3fad560b06ed1143ce98f5aec47299587c9295b28d7

SHA512
629718c3f3b75b36773b80ea03b5f161c6cf93bac67c521cce94cfeb728310ff20da84413ac488ded2f317d0a3796685b8ac1b2aacb244577230266b81fb8c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5f09b818bbbd84071d9d0b54b3dfcaf

SHA1
3750cf59beab93c6d9a5e8f84a78e8cdefddb1e8

SHA256
b42a4978b6f64683b6f71ec8a2d7e1f0af43dc9c30c5975c246b5a9405f986a4

SHA512
36cbfd5d27573daa2c15c7a67ff6ef46d754c863db00ef9b92c548288b5bf5631e5fb45a71c333911f0242fc91cc9001c638e078c84314f125795a901ef8c3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
574b0619e3400cade91af11b55698de9

SHA1
d2c6463b76b5d985dfc0a4c1e87437d0ef58621e

SHA256
dfbb98850d8c6a00b97b947857ffb59b9d92503e6baa38ced59ddff0eb031b72

SHA512
e75dc75193627751e12ae0726fa0d43319ef0e66ece5680a7946ab4a34c9ce3da0d93d3e4e50368998eb6b214ec7bd7bfed16cdc7e26d9e934e0fdd9013e9b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc5c7e38d8f90e74366f5fe713da01a2

SHA1
60b2a9877c503aca36c682ee9ff2484dd262df55

SHA256
f3c28d8cbb1ba05be97850bf3d8ce6d0f3846c4c1316c08bd9ab85846b2f5baf

SHA512
d9587d371f2a65ca9f256249daec6e1721be31c9e8204ba021d9c2ca45d0a124cde19e21fc4de6f7979c06fdfb574abda23b4865c74afb74c11b818eeeee5b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90ab8f0615e0080a49cfe1aa5aaad7ce

SHA1
edefd9701cab25453f3082ec7fb5f886375d5ed8

SHA256
6f0d914cd000e4fc1a78a27f593251d68012bc08f90946d29aa3f7fb9f964e5e

SHA512
953b8319edd75e35b91492578bf2d00c679fac4626a6cad2623675a8967ee1439cabd45ced30be9af1abb7735dc3bad55d90eb22d732436e8a9211aaafdbb019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
849eb1addc0c649d76a0f2af587c8f40

SHA1
9137d4f3bb1ec9263406f79fff1accb001607c2a

SHA256
354912b66613703d0478990cc1b60101981fb7788bec95e48845cdb6b7269bc1

SHA512
58a90c1b0df90b74828017993948301b97725d9a48f6025e4721b8d83cf869823a3f893a00edf1a63fb458a546ba5ec492178a267ee54e145a896666c221dbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba1c69a5c35ce6d255833abeb1d309ac

SHA1
ac5147d582062e8441a14b5c005e5d7ea16f283f

SHA256
7d634f362623013496890f4cf6704f056ece0e5b5388b429c3d1b825e059436e

SHA512
b674aa1ab8ec7aabc51d0ac045627aff18aa87bf8aeb882cb010756655126e6250c9a3a277582949251a6b5aad5cac9af1d457e462eceb408cf58e5da2bc5bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3e16ae981cfd95b54e8c28ba1449b90

SHA1
00453790ea47e1dd8ca795fb1b65b425184eb05b

SHA256
5c06f0fdc62e3093c5d1dba98897fecfb9f82398ace7ab72cd6355750b17b151

SHA512
552ab409bbff62484ece516fd779f4212267033b7783fd450f20493cde33dcdede3a4246dacd7ca30885fec8f06ad6b11b25f4e4ec321c5e785ec184b655d1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bbe5bcde3f0bf91dfd0bf84b02c863db

SHA1
3d95e733e8ab8c981e9601851a84da157fcb249d

SHA256
263be065ae901c63138903e2d3df041e306a288dde79cbc43910767303c3865b

SHA512
078e085bedbc33fce341d034b9d3f2a8d3b1473674925907d6a6d578c503ece9d97f47c391b5687872f19adce5f2d16d43355371eb251920d06ff73349b77137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af59bce6148a4432895677e494912432

SHA1
c142a8d7748330a606ab3f33f9849849ae2a9029

SHA256
c2287562e9088ea50b077e829ef976d296319f3f8b03b75cdb0930674050c6e1

SHA512
e49f76e29209f823b0c34ea667b964dabab13d19dfe3b24d305c5f9bd62fd232e081e26ea29ca496b3c4a9bd997ed856c61847a1d79427e34c2188de8713a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
351ae94aa77ad7859e39c4d9535c512d

SHA1
ceee018e2d344071a7121b74812198dd7f83e6d2

SHA256
ff3eee4bfe973cf199995dc2fdd4efd38d1e8d3cc6f23f2947f666ed37e29f29

SHA512
4f5ef7d2a57d8b7fc0708471f5c21ab6feed2f1ab2b04b888663ef578a7dc34964c1b744de00e1c24aac1f6ee9e6775702d57b5a59caba8283ce8db9d88afc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4de8f33bca7de0b6d53e8e38744b9da

SHA1
46492884b621447038993a3c9d6f61fe87e05b83

SHA256
9ca946f49ec0d67ba9e933ae5abc50d0b9539ca823ae362993bfb39acdcde502

SHA512
54c616b42b1271817160800c875a6f117e843c81883fadc3a8e641e5962ae3f9585fa8e097cdcce5bc7f4d1dabe0b0dcc39419dfd46d6dd9e60ec86aeb8a0b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edec499104b4ac3d73722dcafbd565c7

SHA1
4b57915ede5c86d6ced73136450ee23691216187

SHA256
b0c25da80d8a1713b98e44ac1329fe011a78b00bc5f9c12dd1f72a760c277eb1

SHA512
ca4bc6b218c5b2700559c822e599c6a05e7551aa355190e535beda1ed83a42de9461521351d01d3965f9f20ad367723b84fe8a0d1a0266c29be0a6f1cc02ae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ade419379665fb2144171b4a1a8eacd

SHA1
fcfe4e34f8de4cf3bef5cf590c97dae32b112bbd

SHA256
144576a6f3ea55ec5d21a5487e205d2000b5b7be01ce9389c08bb18bf5a7fa6f

SHA512
7d1a3fb20246774b10acff50af0ef610661217b515e71744a12adefe8f4be96bce981558b74aacfe64c3bbd2e54dcb471d31022cbd452ee505f418f339c2f10d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be5b96ad59c6467c20b06eab1c2c9b76

SHA1
661d2668d8a6a18fa46e909956464e4b782fd0a7

SHA256
2d1d55e84c49424904743670ccf271080e3a36960c083c38a568f8bb5c924807

SHA512
7aadd33d2c45040013eacc73389a767aa22968e3fc7b02f6c3761d89197d6e0ea819d768fb83779a52972b8ffcce3e77628fc58875b26699afe95e9822a20816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815f4.TMP

Filesize
866B

MD5
adcc3e8845b19362d7dde5079303957b

SHA1
748f2ee5fca09bd99ff142c7d9b10f8e1c47f10d

SHA256
83a28d7c49ab62e593588fdad5e270bf6ad34c5823ae74c65bc0ae584350a4c3

SHA512
a58b03fe641ea3ddbde44039cb4a9cdcc01c9fce27ff8c27c6cc3ce3394e1c0de894b6f826bcf5ebbefd4a97ad50397a3f2b045af5653037f98b637c85c45549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b6e80985eae1513ecf09740ed29782b

SHA1
d3cba8f2591e5a05e27aa87ba2613332e4c17863

SHA256
098923e65d36b1f0b9743580f97d1fe7257ed203a41f8f3c5510ef16f4a8e55a

SHA512
050f8a1b2ff989a79b921c2be31e0a5a3068d96b197e2c01f37fa122b05a449bd3f4907a06b2e46211eb4227c523ad932b7e5d04c97d3651606e9e5c64da821c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\doomed\9687

Filesize
9KB

MD5
ecfba2de1a7dfa336417f600ae6cef99

SHA1
fb7350f62f1997feea7e14832e2501e313973e21

SHA256
c1845e059c315774eba162a0c2b098c0d8de146d78065a622f324223ba6acab0

SHA512
c8f2ace772c36b4588b6556b581dadae5cec70aae36d702eb599f0ee81c69aed20d63b9434d50d76a3c58e6e9c1e3911f7aeb51305235ae93b419acbe4d86551

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
1873c99c4e2ba94c3a888b233023481a

SHA1
2d35e514ae4d600fe39f85674d87a64309bccbae

SHA256
d6a5a0ffb992bcd4a6f30cfb8005bb626915dc4525e1313770c8dc761adc95d2

SHA512
a0b7ef963cfe8d344c72b86b791418889d40893b3c8695283bcf159608c11316429ecfb59faa906302827539af5ab0e69fdb737f270884b8a5d55f7fb9a3ec25

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
a6728d32b54d6675d3309676c243cd96

SHA1
fd504bba7207c0942e45af66c312e72d434cd8f6

SHA256
d6c33eeaff45f820c74b98c0bf4ffc26dbbd94cd0013e8b7d55cd4582dbd3743

SHA512
0f7874ec3db975735ca20ebd4a7683d46518da5a2c855992f09ea2645db2aefe6fa887ccc7af6a1269127d92ff480f961cfac4483702472d598535e0d263fdfa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
1bc20383318f1cdf95ccde65c2f3fd47

SHA1
ca784609bae77f2dc36e8a11996d3b6c2479a244

SHA256
ee78597d511e1a65449b2d0a6eeb3c4ebeef3378d192fdbee02db20baa63fe4d

SHA512
5226947bc6f34617c3fc20a6176f8a585b74b1bb347fe67b8fd90f1d89223abd1dd4f5ba2a3bc45fc72a343af628f5376d2a92b6924f23908bcec7f51f20ac2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
6f6637cfba3621092f002e62e0bfa53e

SHA1
a0b8ad4747514e9cae499a41f6756c1c6f4ed259

SHA256
a96f5bcc9427656f3cae3c5efd5bb35075978f9b621164f6aa3aadfb72e198ea

SHA512
3da68f089fe4ba7ef6a983ec7010a67e3fc5c2698cb15eea7a6400443b12fb508af62b388017b92d9dbc213d82e06a1061cc301e8bc82b1890eb29b742f1af7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
e885ad3d1ecc7d921f44e5603142478f

SHA1
3aceec5337fd21554c65af34722f8d90270549f9

SHA256
acfb27491eea17aaefeff050ff716449343f329393da3d547032b7e1e591a740

SHA512
34f23dccc42e2c1b1441bf25113ea889e94dc1a12f3981a2c7665df45dd50946d01029a598eafedc29eecdc1291eb19d5a59902227789984a59242ba04704755

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
0c7010980634a7fedeacbd6083db4be9

SHA1
c3644efb622dd40b4038c5256ca5aa802fef01b7

SHA256
bab37e42b7f67c19ad4bb34abcc953f7269b141dd108ad29b34e5b5e929195e4

SHA512
49b7e05a2b87b5f2e845aaed900bc36f4f3b85b65fe4c506881f5eb6ea393b30457b1ebdb70ce14593fa1894b944d66f6bd6f545155a3a05a7cc5121e5fea8c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
d423858903f80524be96e5e3ec2e9df4

SHA1
50151ed963f149f76d0816ca5e0729e3d81ba042

SHA256
203174c2312988506c760b069adb4e1b6c6644779943e53f905b10c6d1b5a0e6

SHA512
a7be069a16f415b0fafea9e92040e24d08dfa774f394ab0a5b3bcf81dc063b28b6a8ec9c41fc3f6d8870482f000e863b7cd2ed387e3e9c72144d020fa48017ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\bookmarkbackups\bookmarks-2024-02-28_11_BQdq0UHuBKeF9mmhxOAwFw==.jsonlz4

Filesize
956B

MD5
590f2fbcd9bb03835bf9dde75767b3a4

SHA1
fe0d9cc805cb531df2811a908ddf3f59dfea8312

SHA256
1fdc2ed26c25f9ad280b1a188d5c857e4275e81b57e659961104e202e70b983d

SHA512
4963c060444fd86e3696b7e3631f56faf5b08a743600faf2239605585ddd797d3084b416b3e47e303bd3350e62a480391f39e52a5f52a1cd8bbfbc5e12773537

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\broadcast-listeners.json

Filesize
216B

MD5
4bfe7b71639c0279d0a0e86d58f70ced

SHA1
043aea6d0af88e995019df1fb0b69122bd99178d

SHA256
22493c501f5ac3e295b6275a00fd5919b7fea4ef1e5449cd06df00a353db9297

SHA512
2a3706d3742c7a18ee5c1b015242ca13bfbd2103e0557edb6505e2e1cbb3e309557a1b55154e8cd6bee031a402af772f56ad3f2ba76de08bb2636669c11ede3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b370b26507b5bd10c07a2d6e4b207d4c

SHA1
ed8cc3d85f5135384fef95a12304e6e41996a4ba

SHA256
b7c951e95be82cab067b7b62a4bff5ca2e078210335474931bf32836f5224af1

SHA512
bb8ea9f58e4a81b15c6d101c4ee79bbdb09ea611b1e2982d38070c18143bf4af6ba546f90d0bd77cdc5d54f50f688d7645c49d493c875f75dc0da3405db5d9ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\ab504565-236f-477a-a49a-ac78127d3388

Filesize
11KB

MD5
00e764788bcfcd34f9faa5b8827d3301

SHA1
72e5e4be12c9998122018726b75589c55f56c3d1

SHA256
6f537015aa13f5f8e64d95e6413de757a02ecea8adf1757ad47348c79b61b661

SHA512
d8d5fb84aa212fc88f03e17d9c9b227f229a1bfdd80560edf94785c667a27afb29a54e7c7f82547e65d6d597d47166d18a38b94e7d96ec72d891659592f8e65b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\f5ab51dd-36e1-4799-89fa-83e1f1326c03

Filesize
746B

MD5
d67b5afd45132b207b9177347166b413

SHA1
c00dd72d464686fcb87c664661c538eacc2cade6

SHA256
46fd09dac3c267a63e2aaca178934097dd8b8c55ba04daa16297cc67da1fe603

SHA512
ec112dfe2dc6d721b4e6c6891cd3972aed6876ef13d21aa82ba9d2bea1bd17e7c7c9eb1dd73fca4fa59b4f1a4ba83d0f899eab7681077d0b662c4b0603d4707b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\extensions.json.tmp

Filesize
34KB

MD5
1ac541f5dbc6ef5cdd66259c4370b73c

SHA1
2fad7ba1ffa03b1196e1f541578101e3a401d49d

SHA256
1e0a3c82294d3b1a264582e0ca9f331a11191b20ad8e338f151c47e89963e83f

SHA512
43a638c0142db8cbc07edce39b1a23862af5aba5bff6621609f6f7531d3a4442b9c48bf4a868be0c5af987ff072d3355f4681f90e3ad12352e302b3387a067d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
30d576579bcb3438998fda590b6a50c4

SHA1
6997812c20160bdd473f3db8385e216b2220eadb

SHA256
caf4613ca84351aa72cdfffb4143680d9395bbd3ce327a0ab98ced068916b141

SHA512
5f41f2a5f99c24aeefe736e170eec0e6362425355dc690a3820dc309f0bc9f2b3de0af425af94193932304b7767a52fa274aee3dfbbc5f37ddba5ffa4dcc1877

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
9KB

MD5
979afa68d0acd7299eee3f4e8e594de5

SHA1
901ee47869afa12cfdc10996fff492367149003e

SHA256
ef0f5be44c04a40de8903f334fc8c481ff4801af363cac072c4e094b9b756e9b

SHA512
d8cbadd1cc0d6fc010e843e9e412394ba13bfb0e36e62687e4f86d22985a938e18d1cbda4f3429928900e2a65e8bc783543e9d9de8b2d368806a8dba6877dce0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
10KB

MD5
269f2d647c058c2d540060836f87127f

SHA1
14f0f7d8f480e0d3ebee3f6a702a3be138833e8c

SHA256
fe369641209e89d310d32dfa8c70fdfa7cd3adc25bf61ab4d31f49aaa63b986c

SHA512
4685eb56390fae9aba4901f1129a8990fceafce645711b80e083b8ee38e12620f63f58955c06ce096aca13c2418d9a810113db46edf2679cecf33c84d02ad17e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
3193f1dff4e5c11789c8ab296091fae0

SHA1
d527dd85748901e8ef93fc0aa8922f50226ac345

SHA256
1fde9dc119fd959dbfd69783e77acbf1c48776d64b18b6b241296674e73f6bcb

SHA512
7d60fb5ec64fd94601e54bd97f0284236f18b0362a6027b26b704c9a70101230bd607df744215ac345baef3067c4d1b9d6ce26656cd15511b4e9e8a51f53ace4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d858faa7e3fdbc57e524a2f23788083a

SHA1
06b73cc6ec319b7a421170919f800c7f5f3622dd

SHA256
f70c2eb7d164a0adef30a9169315e0059e35f5f68a079038da906c86629ab632

SHA512
e7dfc28295469d56f60d030543651eb9dfe5216d678acfe25a3ba9a29f8ff7ab4891b560653808dad1fc4e12256072b98f2010aa5ef879e6fda79489f99881ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
217d0ef5b9527dfcfe07bd8c23c4888b

SHA1
74cc5c4130bef7e83982e4f9a244b2c32ff067c5

SHA256
e02a35bfcc182b173ad243074f47953972db821a531239736ba4e56d2d1a55ab

SHA512
5a6362877a53bf4aaf1e23971aac0b61b00ca747f90b8d6d7ba76b606613302755de08f0d138eb2a93e959f577f7ca807ecd9e01c813e7f8056004cc2a1b8c47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\targeting.snapshot.json

Filesize
3KB

MD5
d41dd26bf4f1210d85e10b589b877df3

SHA1
b6f04ecd911e94e6795bf186a91f259141333faa

SHA256
559cf36c777ded75d91c3c51396d29206e8961d8ad82007062fa77fa357099a0

SHA512
33f17187268e5b3b93c16569e325054a423bd39ae7bcfd59fa385c533b6478ce7dfdc30fd1da3d20648ab0b1553be8dfc01135bafcf32242278ff2d94a3951bf

Download Submit