hxxp://archive[.]org

Analysis

max time kernel
703s
max time network
716s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://archive.org

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-627134735-902745853-4257352768-1000\{CAA8970A-2587-434B-83D3-485C3359543E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3568	msedge.exe
3568	msedge.exe
3852	msedge.exe
3852	msedge.exe
2124	msedge.exe
2124	msedge.exe
3944	identity_helper.exe
3944	identity_helper.exe
1936	msedge.exe
1936	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1532	firefox.exe
Token: SeDebugPrivilege	1532	firefox.exe
Token: SeDebugPrivilege	1532	firefox.exe
Token: SeDebugPrivilege	1532	firefox.exe
Token: SeDebugPrivilege	1532	firefox.exe
Token: 33	5016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5016	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe
1532	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1524 wrote to memory of 1532	1524	firefox.exe	80
PID 1532 wrote to memory of 4768	1532	firefox.exe	81
PID 1532 wrote to memory of 4768	1532	firefox.exe	81
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 2916	1532	firefox.exe	82
PID 1532 wrote to memory of 4372	1532	firefox.exe	83
PID 1532 wrote to memory of 4372	1532	firefox.exe	83
PID 1532 wrote to memory of 4372	1532	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://archive.org"
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://archive.org
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.0.2034171455\2107363004" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ba66ea-e624-4a1d-8bf3-f24494e90c9a} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 1848 241b95b3858 gpu
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.1.36541922\245510" -parentBuildID 20221007134813 -prefsHandle 2232 -prefMapHandle 2220 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ed356f5-33fc-493d-a70e-383dbb3eaf6d} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 2244 241b94e8058 socket
    3⤵
    - Checks processor information in registry
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.2.1394960927\647284399" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 2832 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8778a924-e575-45e7-8fef-46755dcb5c69} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 2804 241be948f58 tab
    3⤵
    PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.3.102258345\388499237" -childID 2 -isForBrowser -prefsHandle 3972 -prefMapHandle 3940 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80fe43bb-6e50-4113-88a1-12160dcc00fd} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 3988 241ad662858 tab
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.4.132681731\639361513" -childID 3 -isForBrowser -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa2e7703-e09a-4d69-ade4-eef62442837d} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 4668 241bff19f58 tab
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.5.1944347283\1216858069" -childID 4 -isForBrowser -prefsHandle 4976 -prefMapHandle 4932 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {190b7bfb-d7bb-43bf-8078-c1220436d027} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 4964 241c0b4a858 tab
    3⤵
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.6.1274858791\241995542" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e923ef52-1cf4-4753-b91d-7375beeb07ab} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 5180 241c0b4ae58 tab
    3⤵
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1532.7.1580559094\1390816413" -childID 6 -isForBrowser -prefsHandle 4928 -prefMapHandle 5036 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c584915-d323-4445-8e59-a19b28c3c543} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 4668 241ad66a258 tab
    3⤵
    PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd962f3cb8,0x7ffd962f3cc8,0x7ffd962f3cd8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,14694501857612056016,14875067935756217674,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,14694501857612056016,14875067935756217674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd962f3cb8,0x7ffd962f3cc8,0x7ffd962f3cd8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2036392324204680307,14706309934203608297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000450 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6d269b97-779c-44b2-bbfe-b90f6deab81e.tmp

Filesize
6KB

MD5
59a0ad578bbbfc2d91d0c9713441cabf

SHA1
12df8c52581d75d8c0b26f68a19ff03adc7ccb83

SHA256
8a633737211d06b42754f29eda416eb76be2e913ac2ceff434e88c67e98d99f7

SHA512
c616b7e82cbbb5aed3d5bc002f4c51d021a308c5b23cf45a3cdb3aff71632ac09730badf514d6d98856c35eed99613b9397576e036c0561452940078293fb675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
112KB

MD5
f91354dee893e5b5f7eedf08fb503e05

SHA1
a291685de177c087466c10c920907d99b3472bf4

SHA256
50d56951f0baa312d62451574206a628c60e3a195361e373a36543eba12ae8e8

SHA512
f31b12d4735a4be4a4934cb816d210be9b461afd36b69d931cddb74cdd3b2ca1b04e955c801b7d8978db40b6b4d496b667cc73d54c61a3f5fd249204433ce42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
30KB

MD5
b7505fe0f63f3cfe4ec1489052a728e5

SHA1
3b39c0b0c3e75c5e8be1c98a51555f50165e8d42

SHA256
3b31419bb24f50bfd372bbc434c110bbcf893e66d61c53a985858968e4de3cdd

SHA512
645864ba957cf20d84e24d3fded3dbfeb52d78d510a4e88f89b7d2196fb32a439a22cce099bbf9b517f822596aad9f3a590d763fdcafa5f2825852f8be9c5733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
123KB

MD5
b71aa3ee7282f0553d4412fa9c5a2adc

SHA1
f340883561230b4911e3c38fee31968768d843c7

SHA256
a0d4bdd7e9fe56320601dd17093a19059a54f5da8e0ab80f053a7f8aa0bb75e7

SHA512
55161a7b2aada6fbe9e4e34f65806a9a3bdb1b1e2b9b707b59b238bd27410e556281a063f1a8a5aed6259097e961ca5d1240d8194669e8c9d93830a2da9a6658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
385KB

MD5
d8ab1854b6472aa6cf087218c9d0900a

SHA1
0e8332f889c60f7ed90541a65b78b78a8a47af83

SHA256
317666ce0bf92a1f52214df2756d2b6fded1f89541b03957e6ad02c25a35cf16

SHA512
790831e74f6e8b7658d689965702c152818a42d82307e9af4e454ad995a12390f92b8c867c0384e94ed4722658101158ddacd80e6928542857c8f1f9f2c3ca74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
63KB

MD5
c615a914afc59c348977ce7fb11b2008

SHA1
1248e722910236f831672b95abca6eb63df98825

SHA256
ceed1db1b5d20656325f63a82b185131a30ffa65e3a8633acd39b4f5da46cedf

SHA512
210c2cd8a59d95c95c83dd228f1654e26e124878f2fb3c829b0b5fd6ec49b3c0c7c900ade31fe5f711b13dfd1b802783d084ed6f2f9e06b728b3e4d90c17fe55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
13.7MB

MD5
6b5ec4d14d95c04e624c95cb0311a858

SHA1
1e48e3da56f6de0bb3bc66d030f0a99f60907996

SHA256
7c9eabc1207889609849a3d8719dae69faac3d649522246a3e82701df6c6b94a

SHA512
3c5c64b87f0953750f8567bf49b35e25decf4ded93574b2343ea776eb7dedae2a7e42a2181b40088485921b113ce3f9a6d864cb3154e8a688332e4ccbe6e170f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
20KB

MD5
21341310ace9ef7d60b7dddb007c4891

SHA1
79227c5b8fa7e29888f9fe8a409598a981cc1a99

SHA256
27ad23e1cfed2de0f41f348e1fa7ca6f53d6347a9a90465d15e0b7aed216a673

SHA512
d29a6af6951d66c262c36e099438196da0be2c2b0c32c778858f3484cad368ddaafd12c7a6b92fcc99dfcbd26692c2fca8bca0f7dcece54412c11ef12fcba123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
47KB

MD5
3aac94b10389c322f008a6594cd196a9

SHA1
be8e87aeb437a365c8b7933266d1e97326115133

SHA256
e0dd08ec606183fdea5ed05d6d52f030460b47cd118f30e72ac24dcf58f1acec

SHA512
e7379d3d15e4e4ce80bcedd54121de0dc71914cbcf53f6fd32a220db1b108517a88f0c2f4aff2fada36a204cec0c13904ab5a77531f62d0dfd1a490e6516efdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
92KB

MD5
53200041589859e3e412a87c0201d513

SHA1
681e8d11e8745b806ff4dad5a1052a199900365b

SHA256
61b3c04ed24443daa265767c7f66ce11cdc77d67589dde30d13e61c02015064b

SHA512
918c407df1572b177d254383d46787f1794728ddeacb658faf4f5236d074d6badb2acf326d32b15d78f950a8b093ff6041c1e3e79c03a410693442e00c03d1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
28KB

MD5
87b2ab4415e46243280a14e3e1314df1

SHA1
2b10d735062a20209e18aa684f694a9cdf03078d

SHA256
74f45c566b9f41fec717033d6d420eaf6e91f61d9dadde5b1a6220d2e86732d0

SHA512
cffc250b0003d94e9d7783149b3d23810ecbbef351d0279bbf16ed57cff843b92fc6144dedd1711cda3ae578da6410f2bc8ceee67c7980a522b9df4cf8f30dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
436df59e2c7d7bff1448eb3ff2a12627

SHA1
d1dea38ce1825d16bd9b84f6aefabffe4a1410ca

SHA256
fcaec5052e13ebd838c0fc331c165cc3fe3ab3ff5f95ee94feebedf10385c360

SHA512
e1d4146cf79d4d922fb1edb4118ded9e5c428455aacf3e20235b3e95863df4f95b5629fdb18a483f61fbce3f09861782767b67f1d54146b94726a93b480e070f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6ceac0dd7d8f1760ce6dcc3d3f3a36fd

SHA1
ef5c58ae7240100a5d3429c2c0f377f1635ae579

SHA256
3c4a7324a59786c1951066ac7c3f89ee7b1951ec5e50806fc9a837670ce1735e

SHA512
b72b95dd3e4f0da70dd3694bede3ff0a4a3507e25090f2bec9959fa731eced6b0d38a87d66fba8f0989c018f89595fb02a8ef6e57fb5ac8414f151ae7366517b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
85b2b5b7970489c1f13d0f1647ba892e

SHA1
ebc0f7ee54431aa594c8605d7a42d746588266c2

SHA256
eb014ddd5e9f346b83ba045f0571eb0d1d4068cd54d96cb4fbc8741995a61d68

SHA512
ede6a7ae429dd824c78cf9143f1e8df29f4d66ac0d08127c6017016f4d42015b798259d79d8d0043f1f672621894b3b31bda6801551782f77b3706920385eca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bcb85ed8daa7ebc77450762b0991ae74

SHA1
42c21e2e505a191e6ae2dded8551098d00c3deed

SHA256
e2ab6c449995bd357205da3ef3f78b08c7eb362cf3af63e3fe2c655ea96f9667

SHA512
5c85a817d319b49287e5480d0b4d686b398a08e2f3f2b8b68050dfae9d7d5c16384da7689f761a2f95d1d8be1fba725a4ef23310692751f466da0387c0587374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c3aa4a9d12e564d92cf21f678269ce46

SHA1
a4c293fdb846ba9efe826a3cc1ffaa00a99d404e

SHA256
64307a3c0b492acf0701d31627f39d6bf2bc60dc2656527613a861fa126851a8

SHA512
8beaf737e7dc2f41264be6a756fa66d84cd38219d1dd4d57d35a6d784aae0d0692e34a0653923b90be43540b9f3f4d4891077f5ed7d34647972184ddaa258bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
09f421af9a009632f968bd129e415cf6

SHA1
41d1e715664261a45259ba3bf34a3c6b81632ad8

SHA256
ada24116f4028fd2de0821e854b327781df71f76f344a7ec68670f9ecae08a23

SHA512
fab1dfa6002f34b9cfc2bea88ae61e26509db114ce149ede14b9ac49b7b705a4fa85f6c5185dda371c83aed63b671f99566ed5d108ca5506134026522bd39951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c6be67f7aae99da45185d5cafc907da9

SHA1
e7a7f573753e9cc915fa752ef6544ec1b3e3ca96

SHA256
092d9fa81a68ee3d26807dc70b8c0dcefaf9499b0ea2e27d7c0b1ece135053ec

SHA512
2ecad99f813d0766f3249d0016ea2151c4c76312c068afe6db9a374c2feb631ebd78af61fb4b22d1f9c4a23eaf33be97d0d35123a68460de3ca7531683349f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f92b121ed36a3d5bc7ca7f498ab6ea95

SHA1
c10c704f70de8fd7aecbf953f06e39a45b34daec

SHA256
1d3547d2774a13b89fcdde52642dcb3f2cb59836e06defed3b88bc105dc21706

SHA512
43c9479250c73a7de3384946069021bc2da3d4f9840d235fa71a5e13b174b5516d726ad5bf1c17a5f44ca938485bfcc008901fce13bae56cd36461de22b7400c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
635ab23272b1151bb16f167e1217cf3c

SHA1
734e321faefa1bae015b5d784a576a9ee55c9521

SHA256
fe2f1177b2bd010da80dae498037fd50789606ea059970aca5e13bdaa21d8784

SHA512
74093cfaae3f6664372a34f33583a99b59b71df8f4fe1c74375546e4e815ab2780e6c94da394a20721a45bb3cc89352bb49ab72e8600b22630e8cb7dbe1d8b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
789B

MD5
fb0b63cf00f8e2345bdc20759c7e133f

SHA1
3b9282fc5ba45abf3c85cb5cf98d3a4a92655e8d

SHA256
184104ebf18731ecfa25876c7cc5cae717dcb0073505738867e0126009ddb0cd

SHA512
9b3f60575c404bd2239f09e98b135d3dad1add569462f0349c519f6aa620efaa41cb89386fdedcb134cb36f063ece9bcc6372e285d4248d61f42918502d78562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
170ad8258e976c068d5bc1bc79a48c00

SHA1
8be0562fca8a6ecf9b81dc199bc511b7f2f4827f

SHA256
995350355c5b2d7f6472c8f920574a1ccce53bd8575686f7726470079f5262b6

SHA512
1aa6e3dd0fd364d0021834a08d980748ccbe162cfa0cbcb3d1d5c99be1dd1ab816585aa40adba9b820d8d2690ed7ac1f0c4239c54bdd670ab6f404cc8949360a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62d69fed225dadc6ddb0ff29e6f3ae0c

SHA1
8dad8d4b87ff9972bf080171a396d6f58dea30ec

SHA256
15ac58258134717d7ecc7e6dcd14c9046ae6b57369e73bac9c9ea9a3c31d8191

SHA512
baa09755f404b2220ba1a027286a5fb871f74823affa3e26b90e26d1d429f8b577e5f9c0899a0ec339cc75889b0bb1b818e4e2a7aba4835a5ddd8113559d6a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60f29be2fb9ece9b66ffcb73f71e81f5

SHA1
24993d6fcd2529f42819a842c3ab10ce2717d0fe

SHA256
a328e5a987175fd498afe5fe7e2f3c27763ccb95fccbb0f227608f17d4dbb6cb

SHA512
05ec68f7736455861ff5b8d89cf91fd77cd780840b2865aee88dcdd634717e3ed56863eafd5efb371b6d89e7b600eea974dde59c533b60e01a8f1dc3627bf876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b6ab264c143ff53701c5c88f312828b

SHA1
8093b6ea7c69c8cce6d6e6b0930c22bda5ab7435

SHA256
6087edf44b1469901bdb059575c76ad2498741dda73969d5a0e401c33cb158fc

SHA512
9d3dde08a34f010d678a2696208655b7e921a337f8cace7f477f9f1453e1d81c3147ba8002e7297daa17c0d90c7013d0b8b6f1e9169071338bddadbd250d55cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d20bac7d92d9b1fd70c51fb004e27120

SHA1
0d1c5caf98063f026445eb856d3431e38932da28

SHA256
d6185fa676c4a7a2c35e34d3759f4ea333893c8032a63b0e9b4a6acbbfe47df6

SHA512
272331a071824fa642d9c7f921184d7ac9076d299353459d3686209467a20f4fb5f808b7b77b532323f8104af51c5ddf68e58ddeb1f99c4d1c99245f4333396e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d7cd0de477517346cd8f672fed45431

SHA1
bf2b22156cfdf3bf742354e969f066add3984dde

SHA256
9db0cea29c06c7c38205c49c4176aba0ebf04a446026e990fcffc024d9f72830

SHA512
721346f97c713952134090a0a2c3c3eeb31f4aca15bed5124593d6803b5864eb99d63c2e5804fda964618dd5cda1d6c1ea06bdfee378a309881779c60d29eb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c0a6bc2b7ac10bd7e18d8f716c0aca9

SHA1
f27f7150ff25ad41eb21c1e90edc3d11246d22dc

SHA256
4f712528ffb5caa4f43b524180abeddf52cc6ccea1d8e75bfae0ec18ac629aca

SHA512
63e6a34c6df78758ad81680d04fe56250a9db4f9f1ffe0c2c399d315ab40c29114dc0132e8217591dfb7d1f408320e8a22c5e142b11954a7940a76e91f43703d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05e859aeccd845356efbf023649db31b

SHA1
01b46ebd6258bffba4d24688a245f0b21d8b2e46

SHA256
469b4c18a3e7c8c13f0563ec298a9badf4b3a0a6c93555ec8c64691a014412ca

SHA512
cdf51a2f937879dc14ab20710f2dc8171c0891379acd93312041ea8a61ccc9de57d013dc7a828f8a92b8f0e7a906fef95836639f5b4e082e8dcfa7ce5861ac9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5a38c3bf2c2b8c9537d509ea0a1fe9a

SHA1
7e83f0230c4f6193cf3cffe23a4590b5dc109405

SHA256
041fae1ebe2e6811919033229964c96308f582c7f8249e7d2f4cf267cb62d5b2

SHA512
f917339b9cee1aef1de116acd1f80789b8292998c4a4ba5a92a8b06d391645c8fb535fb4f6ae976ea3ec1c8de6b39659268fc37724fcd8f7d56abd94936a9b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
179f54cdb0fbace8ba5b842a10efa35f

SHA1
ef36f4f902c8bcc78e8560c9b4188ad8028f3e96

SHA256
9d75226f50114ea4ca6752b26f9cf91fc5e4f5ac5a81d6314f9fa3725f36f31f

SHA512
157b9ab4d856d690da2ebb7520c1452b7cbb30eb6fe0cd211952f6845ea0f242673644508d2ed462d0dd835f4982e106d9a27acbf0ce7eda8653bb68ebf5ae47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff30d2e2b038a0168f35f34d5cc0cce6

SHA1
5e928c990e37f726337c1fa5ef98bee5c2512370

SHA256
13ad0bb1c6a54a059f0857b7525077dd7ddf3e4875210311325171cbfa2187c9

SHA512
2d8156fa45802034c6e930f56f0b2cd8eee3e7275b3a096efe37c09c841d781cde0bacd11b93419f8ead77bddc257e032215f367d0d8395508d485d782af8d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1020bc57dad36b147876c98b4a96ca39

SHA1
434d03009a22ecadff8c1218d6fb7fc494a0f417

SHA256
277e1d8261bd526938df0ec56f045f757c48d9ee90497a580567ef463180d9ed

SHA512
2fba8f6b007bf6f874fa209b120ad63bb21e857bfec8a8b8bac87ac7b97c8b81fc2b21552afc080af718e556ceef2948ec83d5a1d75eceb2730ac72bdc423e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
086a51b90d99ef0b2de43808cf219282

SHA1
871e31a64792766185b5b06faeff9be692812667

SHA256
f818977b8d4af3f0ae4d70c8df1b6d7447dcab3ab6d7fd1b5be6bb97382063c0

SHA512
f9ced12475f3197591e88c3fca46c57de348bb8ff24412ce54410ac9ae5f769f987777a71a6ad6aafea10aaa07e893f385dd4593db7c8236d011e39636311ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa30df6b21e146f8232669f774cc0b63

SHA1
de555c769a6e775c2cc399b98c1443fdcf056f68

SHA256
13e86fb26ff0ee950359b271c773cc2f15117ca9075d165019b112f5118bf95d

SHA512
1dcf3a644d1152e5862d69116a5f00d68712e6bb6819a6ea9af86a12cee114eaa56e9e5c13ed09cb80e65bd0f6da27ac984f233aa73322167db87007be723ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ebab35d5216e99d4e667114e5b743021

SHA1
915c98305f459127395934882aec87dafd6f911f

SHA256
c6a0cb8d1b2c8cdf30292b9b6b86b685520f2ec95528cc093a4883030555bb88

SHA512
7416e2550200d49634e6d0cbba65acca517125c8e9116397e2042bca478ec524d6457d2737cf886d4ad40a772258fc8faabab9fe59e150ba51fbbce8df171068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c0d8a43ab08277d28e6719e1c3538cb4

SHA1
6c4428c33c05292ea9baf7112ecc8e2ce5cbcd06

SHA256
c3082df7970e5f9abbc9b345f10fc67f14a76fec9561a08c471fed1fd07a873e

SHA512
19633eab56108005bd4c5595e0ae64a5ac3ffff34fd6c9b7c54e9bd36d995c32b6abd1c70cb295bc466e776fb13b83a5554a6d5ced0a5875b99ea2dda6fe5558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e3cb9acf3a4046cfc1e6649282a149fb

SHA1
21c66056f0d6d829b1a11fa0db2996a88bc9f4fd

SHA256
8db04d7d5091173dcf25930fc31098f6cf517388f4a6fce45438304188d906d0

SHA512
29656bb52369aa668689c1a49cf3d1e461c5b4656e6c2f4de2d5441ae44ea7fe25591997880bcbc0a66c5a6c980dab9b35b2ed4d200829ce9d36a9f2b0b51f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f6a3c19bbe6be24df2db599093574a6e

SHA1
af166b5f8f500f0730b5a2b049356c2c69475ae6

SHA256
dea64a89c8ae13a1947cdf7022a034769ca6cf0fba4d5a665c34ef2b86f8866c

SHA512
30619c493156f464f9c188ef849032bedfd04e9f27ca4bd8898a201d5f97d21763d439428da9fd6ca2360e197910b0ebc301013bcffd29e3686546ecdce193cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7e6fcbf51760411e988f1aad4c0cf7d5

SHA1
218548f688c95c9e15e349924b20dcf19be140c3

SHA256
41461d1315c644a9f567cdad1b13ab63418542e51996ae7a46d53f3e9593a3f7

SHA512
090fb8d530417a2ad51ae351abbad08c5c7681bc2afa45d91159866d7e877fd602545b3917ae18219b3faed01dcf94b6c3c86389ea862c6ae26366e24e6e7941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a2cec2d0a630d7386e0cb7ea05ea4252

SHA1
b8d5a437dfbebd50ff8c9dc9dc8babe1f6855697

SHA256
fc7d764be1d9941dbb529ff4076a190756336f0f607e236ecf8e66e71cd556f5

SHA512
55e1c56b89e03f8515d747c66460893c98891386231f656f0067eaa04649916348aff8773baeebde899eeec7458352b4d5a89446c088de961a60f26dacc8cca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
95ec52a4642129e01167ee1b4b2ee71d

SHA1
e28068a38816af1b04f76b0fbdde9dc259cc9f1f

SHA256
876b37a8ba99573b052f4593ec574c323c60aa7457b6fdb22ab1a5cd0c981f08

SHA512
cea46d98d4b991f7e02d4ae1cecc60a4ac7983a9627084854aba134cbe640d965f10f82289d17910b36c22bdf2765ce59627400e382ca52a7c389b6a3a611876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ccd8b48074468040869d0b56e9829e82

SHA1
e76fd2d300d63c28ce7ddf8eb58cfb722f44c6db

SHA256
0b2e2132f4a989d98038db6b5d361390f3f16441cf82f4d423b7777e1987570b

SHA512
9bed4a89d04fadae44389fe574dd366617d64051d48435edf8c4ba55387cbaf6080c5d039b1d3e397fe8843fd17b6ae6ba78ef46a5815e44e9edbec2814e0bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
38d7f86e92a94000fb7390f20b890ab8

SHA1
cf9fe5d6e4521937c452cbeb17761bb5841319ff

SHA256
4880f8b7b782d4c6501ffc034d1c147f65353c7900343fc7d7e10ecb6c4b05c0

SHA512
37b7c5969273649535c026f00417713f75c24b5d3b15dae54f58c26ef2461cc4a8e31516f9e7f4f4f5c25fde995ddadc6c5b6713d568b8e5abdccbf147398b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0f417cd4fc01e9ec79df091aa09a7e6e

SHA1
cae90b96521dad7a3074315363026dccf6b8743d

SHA256
2462def2aea1fb7a9666e0dac4cf59092eb6cc0237e3703555f09d6dd971e48a

SHA512
da12ccbaef3a0d5fda3ac4de9a89133846a7a6d60116f8c80b00a55ca6edd5269861017f8fcec75885b63ca84d6018a3020ec6eb94cf49eb13392c4f8ea2e9f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f03a765a195be484e6aa41ddcc719ff1

SHA1
da1c6bceeaa195ace6dbedc4b107ab9a71f691c6

SHA256
7cb7130cadf8f58b8e235f3b55c009da5832e12c3cc8133460c9470fae296b69

SHA512
9937256b5ef70c5d079a079de9b90ccf8bcb7a749d44d3540b441ce27c26647a514cf7d48c242b45d849474f82891794796ba1ee2aab43a7de7aa52577bd3173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
cb65bf6a748a737c77eff9695a031f7b

SHA1
07334ae0cac404bfe90caad04dea5c466913af32

SHA256
1521de7467b50753fd1fb6a18de781d8f4736e76148ab906d82585e46a68efbd

SHA512
47d4fb65d428b5e21a2674c86c3125c4fdb9070f620232353e25ad38c6a730ec94e01f17d7880ed209d82f014e8bdbba2b1d3bfe0b3eabbfa0ca5d343404a5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
4c3a2251d09ea927638f1c8e23e8e80e

SHA1
cbff08228d96da69e2568dcf40450d2283ea2f7d

SHA256
89533600246df7249fb14154d7c1dbd56242174a2c45adc3788403be4533ca5e

SHA512
34cd50fcbdc8ce53c678b8486ae8381a71ebaa037124bbdc52f1a928f0088de6cb37fe3a840a9e1268968c800a60546d666189dbb5df1c3414f4d5f51d905ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7ddcf8e6ac0d7c125a0239d97640c51f

SHA1
deccdf2e46cdcca30de383a5f91944d75efc4871

SHA256
241c24f158331462eefbce7d394a64dc0d4d1cd999f412ca7912d8fc15537880

SHA512
27979ad574a814392c1529bb09206f8d25fb0050e6f6f40fe5910a33e8961c64216c7708056d0b8f55fddbce85fbf1a455d07d0bc0db2e6d039fc0e72058a736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
9506fb408f076f4d86ec03cd8c19f467

SHA1
e087bd051741062f4feb5ee4e715c48ea8903eeb

SHA256
ccc21a4cbde4eec812cd1675d6e01bde8d8d99f5397c8723e984609f5d058c97

SHA512
5e84b8b218777b189d058515d670e8821a13c9a8ee05d9981431b5943af288b1761e5f461632d994959e146632808dd4f7d9e30249e03e777b7aafb329a7f1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6d632754af73bc7048def84314261616

SHA1
94587b6a8810c6fc74b032ce105324e21b0a35a3

SHA256
0fdd87e098c447c254f9b861774139deddf8480cae4e35b2615697d8858d7999

SHA512
669a959015cddf7f3c514797cac65ec9ae0f36ad42f7744342a3686d1daf4c85915fe805013a3ad1dad5d479360aa529924a9ef3d6f7da99eb0e6934a96a17b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ac361.TMP

Filesize
538B

MD5
c0d344e7fb8200afbab95aeed4346e87

SHA1
867878b21930d922dd0ef1701178b82a48090c5e

SHA256
a35a5acdd6c2b22d93d1f22daa6521fed33c0917b360e4aca55455bb150b5b1b

SHA512
373fae65ac1ab8ba8d364acb86a3c4eb12a01397855411b985d15797bd3df1f4a7a95a713da08d7c34c0bd86bb761574693fac0adf56054ea9f9f65e318d56a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f1525984-fde3-4d2f-99d2-3996d3a5621d.tmp

Filesize
6KB

MD5
1bec7eefc818f591357dd10d0cbf1d42

SHA1
8dcd403e73761f602bb3aae4f0aee71dbb18aa2c

SHA256
9a8d1f5db8559b3460c4a57370dc981b5f984cb19c5dbf01f6c76e6086aa19b2

SHA512
09ccd03ea7168ea9635bdda9f417f55cb4c8aaf0535d9af1193bab0357dec9fb63b9bcd24eb2269428553e5bfd47056007ae2960d79149da291aaee7ba35a925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
55d894d4d2e0a4d0f94e189c1a8acca2

SHA1
82f2e744da0e9c8f204c4df8a70d9fbda3f99d25

SHA256
07aaa7e12f230ec0bf2bb728e9617c0c81340d0d5a6d2276272abb2d7770598d

SHA512
539382799885068e7d33da5eeae2fed8851b0b4dcc277d53bba49cc58d56fa2326bade702a5082342bdb07801d9aaf8ed9bb115e85a014f929783d9d5fcc4faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f9ba24b509b53645a1ec13ea096605e

SHA1
50cdcdb9fabbcdb17f9c300c86a986549aabcdb9

SHA256
19646a9066a69f590a1ea43300fff05477333971d7bb50f0d2387a5681f3da2b

SHA512
aefea7070c4c1e23b380fd91ea6429ebc2e5d8f21defd068efeebc5d115d7d9d1555ee96118232105b2156a0fdd892b62dc6ddacfb712748234d5ce89dd43a06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\2496

Filesize
3KB

MD5
8cef0e0fa91079540afb39fa191f4f4f

SHA1
63bcd3b48ed61ea11fe7ad4484f48e51ef60e70e

SHA256
24edbb948aca51b09d72fc68a3864267e49a5f5cea4cd6851fcb91ef68901318

SHA512
e538d031b6396b15d819592bf12db713886309a9aefafab2dd0f4f37f809e18fbc357e92e6bf19a47d89501bf37ff6c52e7c9fef02074329f19445d9d8d4e26f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
96f1330285f13c8eddf4bf0f418e9271

SHA1
8e1290a3581988ecc1fd51ad17fe5e8f0acc2e5d

SHA256
69928f89cd74a199eaacbb88c367cbf14da29ad934708a8e46c331c7c94663f4

SHA512
c415ab92473641b2d7f03994af8e1dd9ed4fcca26021cef1ebdad40b26f122e46ddb7e60f1f80570e50ca9d4d6bab4b9002b1232b545391f9b94bdd7e15a8777

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
95680c2616f4a432917116e9200d84d5

SHA1
42e2c5f89a505804a28ad07948050fd2fbdcdb25

SHA256
ef616504e6650c8cf30bcc20e9f2251fbd52f0a78d736edb5989a10698afb2ed

SHA512
7ec9e768703bf61a3729fb8cb3d69437d45e63b330321f1e05614b89a73f2e151dfe32614c1e046b7eee867b4044e6387b9f7a18400e066df8a299125d9a015c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bee0cb1a9dba149d552005f6c8968b3f

SHA1
f4f87f29ecebd2f755d7046d9a72e1dd1dbd1b42

SHA256
bbe83f59a0f8c975520345d939427acb884961e9ad7b73f2b6e7612650e7b31f

SHA512
60248020fc984c0019cb6eaa22eaf298bd57fa9d82ddbf3d0ba57c2fe7b21939d9b8a68d7730c0eba4dd9ce95f68ef42262f0dc66969e503341aaa2af4fa9482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
23165f1542d24b6b477baa92a4c0f5bb

SHA1
eb336fb43e598b97bd63afbf72265e69c2c9f205

SHA256
90eae31d01ce55433e60f2873b9de06fdbd79a42e76cbbf8004453997e4fa76c

SHA512
9b13d46037c7394c20e22af36d219f0f50a43b624aa1c833d328eaf89a5c3488891245dfb83c4e3082910e873c4fd8e1691552252566ccfc0ae6a93c574258f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
074f28f322d8a50001949d9f162a0079

SHA1
96fb4990ff7e11a157d07f95830665101f0b4e6a

SHA256
8209bd772e455a6bba8f3f5373f64b9e1090647567df39bc4e87d2f782799da9

SHA512
3540fb190acbb7e9ef97749acc38e8cb28fdeb8edecf3184faae0ce6b244fbf0f60ad1bbef6046c21411da845475fc74bbc8b13ea93de995216ba2fc505a0d68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\6338ef1b-1467-4f8d-9bed-4ccc175d8291

Filesize
746B

MD5
b45befafe423eb001687413a3e3d4b0a

SHA1
d13fdabcaf9343d2cea92df844fdc337fbc36435

SHA256
92d938ae6916515fab01651190ccf43841103d8fb5dd86f059183693000e0519

SHA512
1cc295244bc6809ade4bfbf2d672525a39762bfdbf52758bee6dc0c420da8c6529168d514cbc8e7ca017aea6e436b71cea2c09197427a754e9bfa9339c11b61b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\be860764-7ed2-44a9-9477-0ada66242813

Filesize
12KB

MD5
67bc60d1549343cbfba87c03b8f77cfb

SHA1
b9647e96a86cfca59bc1526bb243a2111dae2806

SHA256
59440981dc269af595a84200d01f4d571df46d2b075f7f80665794bf5c0056ca

SHA512
ec6895345ab5c9a7d18adc5ab1f7bd16f2b7907b2596dc4f9a1cfcbacf4e51f7306553b95ca867420fcb671f31ffdbdbc3abf621060a89bbc5375158cc0214d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

Filesize
7KB

MD5
9528a4afe30afa861a3f02e55bbf35e7

SHA1
99fe5be8aa6763eb4cf442b49e6d625722eb9cab

SHA256
f166befa2f5e3642996b98dc6a155a7338778d91299a052b93a2c51612cbf877

SHA512
f85778bcb69812e4acd68da8eb09e15d35275e669a5a2fa9344f81e629c84c61658783b02abbf4f13313f9bd2139350c2f5748b2e52c5f593fde33d1f04bbaab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

Filesize
6KB

MD5
d5b4784787a569b36d4be3d1bf52b144

SHA1
bfa2823c4a318cef0c3698c2e3b05d53d31d3b4c

SHA256
4fbb79b5963523d1da748d1f7dfa01afdf97d08d396e61ec43f4ca016cbd076c

SHA512
52e683e92ed0de2536730f7c378bcea7c9a3d37d8dd9900f5eb08f5119f942688803eaf5d4e6c0c95e64566a98d90e96376f973d05865dfe8df8b93e90919de4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

Filesize
6KB

MD5
ebe7d55dc28340cbffd39772be472107

SHA1
01edd77fe10e6d8c56c280590470d6f6f51789a8

SHA256
0143ef38ccc7b2379775d1b3aefc599f2c53cc936ee353374ad729b8ea0fe938

SHA512
afe1e5f08c25a82772e7b50d1199421fd0510e725ed7ef93ef8efaba04ba59d49a64d48e82f162a017995be4b96347a251cb101e71e0725e508b58cac509782e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
937d31c35d156f546e6b060747f41ef8

SHA1
504be4b0231f0e48a6defb63bd7b01fe498a6f68

SHA256
7e9c844124d26a4ce443d57dc1c99d226be848d7a68b36decbae9c80214c0512

SHA512
2e7869b0711fd5f78f435686265587a71365b42c73be10fa66e7b09df45d01210d8e511367d654122e7f4be89505bfad743608a768a5d472717d6a0f1263c59a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
fbe462cb236a5e4c3f8d22d1aad03e2e

SHA1
06edb66ae59f9d56e5f48e5fccdf06bd7a9a8deb

SHA256
9aa7b3a2f4566dd010206eacd75df70cbd460bfaff5e3d1dcf07ab8264956435

SHA512
3fbedb0b54a882d4e3cff53d19ba708fe26c37d42b21a5263780c9af52c6bd59605afb9ee327be541c3f8dd31a0c2316ca3ad8ac68d0339ffea4e5ad958c3552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b1a9f1c26229aff0731599d8d76cfe57

SHA1
460c954f77ccb7337c808ff2b91f555cc5f243d7

SHA256
1dc94920373278bc99e00e3698694aec3394fef9777f4cc7b89dfd0fbf90f4f3

SHA512
94e16224cdaaef8b2877a0b90ca001addcb88b7eb1e9c347becf6fe8762922540f04a5c2bcd13df770835edc43d5ee2d508746d2411eb9d1117212bf7e23818e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d16f55d5c88cf9ae550b8430a0caeb40

SHA1
d6f0bf0e26dd2b356d69887c6c0932ce39db86cb

SHA256
c29093fecf80e11a5deed93237bd4853868033e22e6351323cab2dc9365204fe

SHA512
848314032679bbef5d314c5b74361776d7fd1661c054647b4174680da01f92914ae6f06ecec2a97daaefd0819be75d28c4ca2b01186a43f97d6fcda9582d4aec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
d9c484e43a97ad415b5ec47ca9224871

SHA1
e9d4ec9601fe29775133b38711eb9910066f5ada

SHA256
2349bf91dd4520010d695391b80a2936a6546604bea0f5e6e100c6a277d18179

SHA512
b447695055af5c332e6f4aca9b81644df03aa04d1e6387d05332a3848c664926ab5531085ed65c95cc43580207a8b0eb1072ec76c4fe53d834d819c20c225f92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
fa3bbedb9bd845c908af1568d684af02

SHA1
1d0c43b854ea5268c1a907c6e61895a9dff86b8b

SHA256
b0df6aa1dc71e384fb27c7a545e5a3d240e9c3f82a3d1fd47255240a19b3000a

SHA512
ed10de8982456b73c2ce4d0656788834028d11c7cff77ac599362f989b21724eb12c467048405a5fcb42b5737b79e1f8d9e93b3cf4f84b2cf74b17221adfd7d6

Download Submit