5d12fb93a3f9c48e0863da39809270af03aac542b74f0145aa3fc4e033b36ddf

Analysis

max time kernel
1049s
max time network
1054s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20-04-2024 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MultiMC/MultiMC.exe
Size

8.8MB
MD5

4ee74c0ca63eeb136a22187b99716124
SHA1

6a631c7962a56639bd575c36db7aed06b10d12a2
SHA256

2b4370ebe060ddd5118544102c4086524adb3c686cb1a8aa3050e5eaeab44ef3
SHA512

97ec33b4f371153d55d3d6f4f0dece5916a16f6cef0e84e7af49a3f3a8a457fa104102b5cc8d7f0771296bc12a0791ac7f8f02a86f1ed689010317cd60d1ea0f
SSDEEP

196608:LbGWIoKmAgFXrqzADUBwYarj1iojUDF4Y9JE2vPVlVPVqLJ1VZVVx5VLm8V8sVVw:eW1pszAeSWTVlVPVqLJ1VZVVx5VLm8Vg

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4064 icacls.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4064	icacls.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 53 IoCs

Processes:

MultiMC.exemsedge.exeMiniSearchHost.exemsedge.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	MultiMC.exe
Key created	\Registry\User\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\NotificationData	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000009458953c10004d756c74694d4300400009000400efbe9458773c9458953c2e000000e8a902000000040000000000000000000000000000003f0a38004d0075006c00740069004d004300000016000000	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	MultiMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	MultiMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000009458783c100054656d7000003a0009000400efbe8c58316f9458783c2e000000735702000000010000000000000000000000000000006381ef00540065006d007000000014000000	MultiMC.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718508534-2116753757-2794822388-1000\{BBC91F29-9AB2-42F1-A038-0E3384C30A86}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	MultiMC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	MultiMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	MultiMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000008c58316f120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe8c58316f9458783c2e0000005e5702000000010000000000000000000000000000001b2120004100700070004400610074006100000042000000	MultiMC.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	MultiMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000008c58f77210004c6f63616c003c0009000400efbe8c58316f9458783c2e00000072570200000001000000000000000000000000000000e76c09004c006f00630061006c00000014000000	MultiMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	MultiMC.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

MultiMC.exe

pid process

4348 MultiMC.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

MultiMC.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4348	MultiMC.exe
4348	MultiMC.exe
2372	msedge.exe
2372	msedge.exe
4640	msedge.exe
4640	msedge.exe
2308	msedge.exe
2308	msedge.exe
5064	identity_helper.exe
5064	identity_helper.exe
1028	msedge.exe
1028	msedge.exe
2072	msedge.exe
2072	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
2272	identity_helper.exe
2272	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
3940	msedge.exe
3940	msedge.exe
4600	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MultiMC.exe

pid process

4348 MultiMC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

AUDIODG.EXEAUDIODG.EXEfirefox.exe

description	pid	process
Token: 33	1476	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1476	AUDIODG.EXE
Token: 33	1788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1788	AUDIODG.EXE
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

msedge.exemsedge.exefirefox.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exemsedge.exefirefox.exe

pid	process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

MultiMC.exeMiniSearchHost.exefirefox.exe

pid	process
4348	MultiMC.exe
4348	MultiMC.exe
4348	MultiMC.exe
1500	MiniSearchHost.exe
4348	MultiMC.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MultiMC.exejavaw.exemsedge.exemsedge.exe

description	pid	process	target process
PID 4348 wrote to memory of 5096	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 5096	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 2856	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 2856	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 5100	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 5100	4348	MultiMC.exe	javaw.exe
PID 5096 wrote to memory of 4064	5096	javaw.exe	icacls.exe
PID 5096 wrote to memory of 4064	5096	javaw.exe	icacls.exe
PID 4348 wrote to memory of 2932	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 2932	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 4968	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 4968	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 3168	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 3168	4348	MultiMC.exe	javaw.exe
PID 4348 wrote to memory of 2864	4348	MultiMC.exe	msedge.exe
PID 4348 wrote to memory of 2864	4348	MultiMC.exe	msedge.exe
PID 4348 wrote to memory of 2308	4348	MultiMC.exe	msedge.exe
PID 4348 wrote to memory of 2308	4348	MultiMC.exe	msedge.exe
PID 2308 wrote to memory of 1948	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 1948	2308	msedge.exe	msedge.exe
PID 2864 wrote to memory of 3312	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 3312	2864	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4484	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4640	2308	msedge.exe	msedge.exe
PID 2308 wrote to memory of 4640	2308	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4348

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
- Suspicious use of WriteProcessMemory
PID:5096

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Modifies file permissions
PID:4064

C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:2856

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:5100

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:2932

C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:4968

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link
2⤵
- Suspicious use of WriteProcessMemory
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb362f3cb8,0x7ffb362f3cc8,0x7ffb362f3cd8
3⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11868074116709806900,6672359647445730096,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
3⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11868074116709806900,6672359647445730096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb362f3cb8,0x7ffb362f3cc8,0x7ffb362f3cd8
3⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
3⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
3⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
3⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
3⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
3⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
3⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
3⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
3⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
3⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
3⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
3⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16887898630138686681,15358031604855923324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
3⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link
2⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffb362f3cb8,0x7ffb362f3cc8,0x7ffb362f3cd8
3⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb362f3cb8,0x7ffb362f3cc8,0x7ffb362f3cd8
3⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
3⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
3⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
3⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
3⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
3⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
3⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
3⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
3⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
3⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
3⤵
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
3⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
3⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
3⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
3⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 /prefetch:8
3⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4120 /prefetch:8
3⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
3⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
3⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
3⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
3⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6796 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,5239760120693892262,17115363722479613986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6420 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.0.2100179021\1173178666" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cf80dd-46b2-4b8d-adfc-c52e265abfe7} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 1880 2c3f9fb4a58 gpu
3⤵
PID:3368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.1.1084124539\1180028837" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad2ce4b3-baa7-49cb-9b6a-13c10cfc18e6} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 2404 2c3ed189f58 socket
3⤵
PID:2264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.2.174891798\842630324" -childID 1 -isForBrowser -prefsHandle 1396 -prefMapHandle 2736 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e47b1d81-c0c9-47b8-a768-827f712cece3} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 2656 2c3fccf4158 tab
3⤵
PID:3352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.3.1400517361\186686131" -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 3476 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3af7d3c-30df-42fe-9176-53f3e4e61188} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 3556 2c3ff7fd258 tab
3⤵
PID:1360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.4.1240826100\1004986733" -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5128 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {335454bd-2ee6-4fd9-84f2-6f35a22b2172} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5156 2c4011a8a58 tab
3⤵
PID:864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.5.112065015\1703246966" -childID 4 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b14bc00c-7cf5-4c4c-9da7-233311c245b3} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5372 2c4011a9658 tab
3⤵
PID:1100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.6.1222295462\937146297" -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48b25681-4006-46c2-b41e-208ae88cb23e} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5500 2c402197f58 tab
3⤵
PID:1324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.7.1593186422\754588970" -childID 6 -isForBrowser -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc9ad5c-3741-4598-afe1-544c5206d6bd} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5884 2c400f18e58 tab
3⤵
PID:5092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.8.328639179\105146172" -childID 7 -isForBrowser -prefsHandle 5140 -prefMapHandle 3724 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60ae2411-0f0e-4518-9bb6-04d11aabac53} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 2528 2c3ed183e58 tab
3⤵
PID:5960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.9.757559478\1656297585" -parentBuildID 20230214051806 -prefsHandle 5760 -prefMapHandle 5196 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2eee263-b352-4156-b457-68e4fe8300f2} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5344 2c400bd3958 rdd
3⤵
PID:6112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.10.813594679\31169754" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3820 -prefMapHandle 5764 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86434b90-edf3-44cf-a237-efb3e882e9a8} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 3788 2c400fceb58 utility
3⤵
PID:6120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.11.141400814\966486834" -childID 8 -isForBrowser -prefsHandle 10304 -prefMapHandle 6340 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec2fb5f-5a93-494d-ba05-74a2c0b987e5} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 10308 2c3ff42dc58 tab
3⤵
PID:5516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.12.1995523915\1524061281" -childID 9 -isForBrowser -prefsHandle 5980 -prefMapHandle 5976 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d632f0d7-db82-457d-8427-d39b461977dd} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 5968 2c400bd4258 tab
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.13.1473477529\376169848" -childID 10 -isForBrowser -prefsHandle 6092 -prefMapHandle 10292 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6ad97bb-3930-44aa-9dc2-995c61934e92} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 3412 2c400bd3c58 tab
3⤵
PID:5388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5100.14.1715369631\412624772" -childID 11 -isForBrowser -prefsHandle 4444 -prefMapHandle 10004 -prefsLen 31308 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfac482c-96db-4983-82ac-4a4d50bc3e88} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" 4524 2c3fc33d858 tab
3⤵
PID:5760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
50fb5c7511719fbd5a57fb3ae211a971

SHA1
f6fc184d30e8d51a9f3790b2c14ed79c0191d695

SHA256
631ef3013fac1ac571f00a9bd33a766d1cd72794699215a1ecaad5bf8c1ce1f8

SHA512
9878b1b93a7b6fb98f488d79c070d26941bc4d3d9b38c85eb83691bcf9c7e2811696a2ab5c9262aadd31a22bd6e8ec81e2d1c398de9df26ecb690e9c34f7c84a

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
f4de22173699b4d8da8366e8a3999785

SHA1
e01fb5b04ad7d2dc8618cd184bcbb6879696ddc1

SHA256
5a75690a526bfceae94697703fa9b8237bb12e3fc230a38f6b7c977520afb1c6

SHA512
b5c13e5f6e9060ba9fc91c2d5aa5dc1b171e2197b75e7ac91783c4b593d5ad2fb795d77f10d57823bd77fe3768db5ae0ccf8bdc316bce0bfc56987f72a01a6aa

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
Filesize
50B

MD5
09526f5de74c59d7130ea6ecaf24b0cb

SHA1
80090c9cd553b3d7b4e4f400083147cfa8195d6a

SHA256
620a7c7e70eea525fd92a28c0f91b622a726464ed9d68c3f81c57b4e2b383e98

SHA512
4df1236ebd3fab852c0136f835f03234d2ed6368c49069354daf33d9681c50614032aae8ed7438afb1d8abe9139e698cf82e9d08beda96ec513a166a9b10ff35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
938cfbf9deee906bf5175d73fb53986a

SHA1
770f3b15913b64839ed278494c3da0861d0525fa

SHA256
85f73e88e22ffae333c96ef0bb7b3d5e9047a1febb5183fceb954af3b18231e9

SHA512
33b1c4e3b0e70573c4a289c00aa264cc5d0dbbca3e7ab1f84e5d043a2e0cc5f2ae8676567a8efe6668da5700d7bd5133bf571f6ea2800e6c6b2e6c3e99568101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48eec2a1fd127bced0a0e9038cbcbd20

SHA1
96ff8dfdf13593d68f1dd741cfc7f3b6bf6404c0

SHA256
bd45e9f176455149c2b2057beec1b85d16a1cab2a61781345335147cf7071782

SHA512
7a6dec8205ef8a31b6c879fd3db69e01744a0b8bdf80f48c2b46b047a1447ba47c2151f97367e96d2fe672ea056243f10302244e83859812950dc94ef2e2dd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
e2028c843ba343eaf37f7d4249a26754

SHA1
3f39b4ecb9d66d8815e6d51ad3c2270dd1b3c387

SHA256
fa21d4d9d94fe27fa1b55066efc04c6111e2020c18cdc09f4ef853f20c6e9da8

SHA512
4c1042b78925d4bc5ab60c18604630668bf14f7ef3489899e37d7cc50e50aa46898ffce7f1aafce061df983762be266df1eb325c74d5dbd87c2417b0a4e02dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
28bd9586b711a66f78c9adb46edc9d38

SHA1
f919280f7e7ad60a3383ba22b745be6d3d597eb9

SHA256
0589dd860eb50b7351d18d53cc67d498e71692e0406211a8d96c9ff661143aef

SHA512
fb3a458e7bbfa7b001d62fcff4be4f9be057b853a42449e51e25ab240183908ff311bb8096422b6ffd7f384f032d0e9234ac4c1e0ab8c49880bf25627da784f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
d48237b7d580c8fd1790dcf3a5448861

SHA1
4cb63faa9354fe96b3f3e31b062f4aa0db9a3280

SHA256
1d3cfa032d52f402d3474fea305a8ec9eed0c16111bde1ee0a556116b12affb0

SHA512
8b9ee2235e8f9c6a19f1427d3665bde0e23541c6230f51de80007a8d668fb3b991904ce1348485b81cd4e1e7bdc1c2b54d3edd8fc9d2b9c6bba4a9680fa39786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
5cb506b46cc887b83ed9a83c4897b729

SHA1
c7d3210c3799a64a86c04671b98d228cf5a1037e

SHA256
37df38935e09464ebfe7745e6a46f33f27ef724f99e4635570d319a605f8172b

SHA512
ed536216500897eb3940c3c60026f6f1f45fcaa5d21a4472ff65fe93ae5a952fb8055dc87d55e5b301e440622bd5d90203258e09aaf262d3e387b980ec1b24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ddfea81178007092f2013de828e75eea

SHA1
4bdbf831e6f5e04255980858c0b8f793d8f9580f

SHA256
99a1252cf48642f818dc1a1479ee1e96feb0c3b805e6cde8d6b1bcac6fa4e107

SHA512
0128aecb174b14ada29c15c1152259e6301bdf610b91fbddfd7239ca856734eef21fb7096e84c0e4d292ecffdbd5eac70f88630e95863d22bede6544b1284fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
d9999472442d079b8f2975488de468f9

SHA1
6d4ff6340af325842d02c918279ba4fedb401b66

SHA256
1cd3e748a789a5d48254e75d29d5c763683d6569e40797de0b538ddea30cf069

SHA512
71627637de64439fa0f2c0decf41ebe5808bc6b0113b2d2f6d25718126451cce659b473e9270a98f9b34659b5f5cb2df79cca51c92dfa02a15c7ac253a0f03c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
6208593b2221a6693ee2a548791ce943

SHA1
3002b905650195a0da8948abbe4cef9cb25bef62

SHA256
ac535706ca7dd3aab94e4a0492b4fe1280ae399d5e129358421a110463778b59

SHA512
edd335e722ecf98cc9c45ae01e99766c4430734d95b62d62806ae2bf727966f2ab52697550a019cc254157701951116c86cb0c993f3787ed3423edeb6ff892f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
fe4a365718779771fff10ac80c82d62b

SHA1
1fae4d5afbec72eb04bc7046305a34373d7c6f3d

SHA256
853648b2ad300b9e9b10cfab71f09cd0ccc4b5fd6c70298f750397f28947dc0a

SHA512
bf2228e9c99bbf5bdb547575423cbe93d710a15f59f1080e9b7af794ffbc73c6fd7a37d1c0685091c30ba074ccfafc30ba2f278754eebe29edb3f1fe18e86a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e5d733a247220d20a6626900a10a4e45

SHA1
bc130e2ae5a7f271f4e9d8e6a0518dd3f6ec4446

SHA256
5b2a5be96147c58154127ab48d22b3e009c35ec2592a0a3acf332eb0ee432454

SHA512
d42b8df45323bb293bb11defd90ed18c3fc0c6f5e56c55e82bfeaa0bc57142e38702f009823515e0fc0956ddb52f0e1502a9c374ca3ea1eba664e9575b61369e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1a945abd890a719318d89b3e9e6f4556

SHA1
dd484cf0c662e91907e37c5f6d58afda0921e47b

SHA256
d7fd22cd2954aeb2d0163132c635cc705230701e60cfbf3d6a576d636634181d

SHA512
45d36ae2bd310cb0dc7465a2bcbcd086f6a828a3e8dbb03c927c33c8ea38be1fb54ce1ab0084cc17c94b0bbc3817fbbe1ba2b37440135188b02e6c92fe37bc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
91248bac9f8167cb01514577fd1dfc50

SHA1
9d861065ca1fe1acc946983b0a0f5ed6b96ce948

SHA256
b34d4400a9bb1af53f4b903d4f49a966053ca60bd4e84a2ca046251b794d8703

SHA512
3eea49e1321b4e04b2328c07df0bb97d1388b040bae2de7359497ecb67f347dcd13f78e1801d4a950cd7453952a99c7663cb7d77a15108fcc2099e2491d8b431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
78bc42dea48f3506256ead9cb107fdd3

SHA1
1b36442504ddee5c26fc6566d8175b9f6f691ca5

SHA256
25cf923b2445de3492fd6b5c3f4c54b15d1f040f49591c6643f00872cee85f52

SHA512
fbf12be006f008b0a2b898e312c2b0a857347779cf2460a8fc148064f0d62667b534f2b0a050089d98f8b1bf3b596413b4eb2e73a95d9f0fccbdb33e9fcbe625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
04be86642d5b1f0f9cfc9f470eae10ab

SHA1
10bcc86473a28d781f3de971d22ee36ee39e4d1e

SHA256
8311ec901cf871ab2dfb40fcd8e93463a28ae30ec6ef07234bc970560ab1155b

SHA512
387228308cbf62b2c230105aab18387b64504888bbc915df1a67b866d044c6a57029f9111026bcad8275cfe1bc3bf273c67d0d4c6ea6faef65602cc87565ddf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
6ca94fe5d372c2efa2fc6d901a2af42f

SHA1
f702ae9aed7a8f61e8d3d822dd0de140449f5907

SHA256
d37e7593f352dc6c02af786df2694393f953e03f61f00e1c266359bf4a68a59b

SHA512
963e5a6fb19f88a4abb574d0a5b7719711c9d22ec6ca4c9af3ca00266c7e56897383e157f7e530874b42ad3549ace192734cb6e91247010c4773157b8b8674db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
d42620b1e9d79dd153d15843d3db47e1

SHA1
da64ac87be435f7e944f6e9d72ff66490f1327ea

SHA256
2abd65b980746ef1d21995ca62197f97c6690cb1a3a95a295c1c3594f276f512

SHA512
a362f1ca6f8f67ddda225425142636c72190860cad35b664107baa1e2ad598b0e7708cd1565ee81b3c2118deb69f40545e6b81c9ef17af52fd75eb4815c8fdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
141B

MD5
440de95e29948ddd5a05a808d1535b16

SHA1
7e8c2d91330545ef5ddc8ba4421b1720363002f6

SHA256
492bd146acd28ba2b1af39735c1380284ec9fcd1fc337b06f18eefe4b2ac864e

SHA512
02206daf6399ff14b0665b1d3097d2f6cbded68437b8a2af622f4ea40c4daffb2b375139b6f099c2d70ef82d6d850f7f700d996b5d2dd40162db57b69e26f0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
c18b21b087e00b84283812b886d403f0

SHA1
8ba637843ba2625a9f1e9d73d4f68d7b65f4e821

SHA256
5b9dd31097de71dd5b7282517ac3c8e057cc071142d1dfcb9001f327d91a5cfb

SHA512
dbad853f246b7abab699e3c5fcdaacdbccb65a1a5ff503ad243f797dfdf38e6c09654caad6d7c2375f68dfd86cff4dd583207de8ff7f8bb63ed08573423f7a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
acaeada3dc2c63b445a6ed530d8fbd33

SHA1
d848d8cff16371a867fdd59d5bff994b4fbbdb18

SHA256
39b647259669b641a829b27e7939784b2441f2b68004bd05e9416fa43173f109

SHA512
0f0b9e9c6696263f0ee39b32af6ce42ef65963e30d5dec65207498777c2f797fa762e9bbf1dc31a2f37ab47af09e9b861d1721189891d691b02c8b9fd674374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
355B

MD5
6272d8efc5973258ec201d62917c7944

SHA1
6ff8aa4629a9cbc9249574b78689ab74b605f91e

SHA256
b5cbf9ca992092228e368efc7ce97a3e0e64d83700a1beb979807c98b6645809

SHA512
b011780bde18435aabe27de88c436dab58d640dbe3fb0a7ebc3d461efde86f98531a6bdca581b5e80d513148e7f273ef701af8c87fdd0c99d6df24c6b77a5573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
c29700ef35a941b15d6b5cada8957446

SHA1
a964a61223d42cac323539250dd7a72f2924503f

SHA256
94ed01d6bb0ccac1d6e506ae414d20f60ee984e3097aa2491f04ec72d38e064f

SHA512
b855c742f54de6ecfa781e9dd2f414427c55c264f18b419d04c73d3b3b32983efd0b96b1ca76718a7eebe879e3ad759fa3a4331c1374b982c40b3bdcce77df30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ce646c90ded72d94766dcd4641fcd899

SHA1
303e7e834cac97e8fa0d378e7a49c07bcf8e4c35

SHA256
50d7399e511d17e77eef330d83b982711490bf981f00a746351a6aad018beb56

SHA512
28dda49f82673ff6b85f90b8798afe1ff92e0b2bdbe2598e4bf5f105fb3e4d120135baa60f504d9ca32dc064baadaa05ff757b53d96cccbcaa725361445cddd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
e6c5584bc239d42e1202c5cfde23d85d

SHA1
ea05b6b674c981e27b278197923982197efd9f26

SHA256
20f6d2a47b490a66bfe5a28bdeb495c90bbc1594686294cee3a26117a79633b2

SHA512
f7b7fc167cde5b56ce5fa101b7ce3e1675d6efbe556092f0f4701a20b921aa184d41b79cfcb5e6694fbb689f78e1c5fbe917ba98e9909ff6c9ac8082717b7cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b5656f0c96b8efd85361c023d9434eb9

SHA1
58be00501f53223f15dbcb895293450b75380aad

SHA256
686ec9dde282925bfee187805928d2615e2988d3de91f3ae270b3ed41d56ec1a

SHA512
eceab277f79fb3cc5da20bd8d4ec2285c262ffe4f38ff41976af5cc1a5f44d4637a1fbc1665e502da34e5b016e8711beb8f08d48bb56825ef04090349aad01c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
cd0d81dcc2c43d71f8159835310f93b2

SHA1
466054317f317eda276aff2922dedfeff43b972b

SHA256
3db09db9c590a20aebc2b78bf303009b0f921dc9e0b67428c930f02eb61a64cf

SHA512
cc91891b63cd3327503ae591b2100938f6f06e9533b3b6ac6fbfec31f59281fa334af508ac84b98d2abf6ff41121f35185dc172a9566fffdf61e0544f6ee6966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bd0d8e73c629449d8b70a502a65e28e5

SHA1
0ab84700c33532e6c9af6533e312a1ccdc51952b

SHA256
19a3607df61abe9cd50e32011c9876ab905d134b709c00f7923b1a35dd3ad056

SHA512
ec6748776cf059115780dbf492bb7281eb5e16dd88e401a5d543d7501da7a6a1ccb018dcd394c03c7090cdba72014584e0814852b3c6cd8c044e51bf92234f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c7a04b5c64bac041d2c072dee7e84330

SHA1
988c6d72c86985723b1620fc61dd46b05157b5a0

SHA256
e7f57ffb8bcca170966896a7a02c5bf7dc86684a0e42b21f352900ba96980473

SHA512
41a9aa231fd6baf63cba3f93b6bb3151b8ee4923419fdd4b14352d0b37be09ad36142d0f3c8ebc1faf5e20af0ce9b28afb5dbf525dfc87dcfadbacd3da6d16aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fa4caf91e95e371cdc0ee372186cec6f

SHA1
d024eafac108ae78981ae73b9e9e29aaa8862c53

SHA256
c0579f4ba3e436a7c3bd8b57bba28a2275e70872cebc17ce51913d749068885e

SHA512
18f4781251e3d96bd0a8cc5a3dfe7f8019216599d9b8a4fbec07e76345c2f100f4260a737a7eb95933bfa753ef036d443c319fce7c465c4450937325db273c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4e0bbe2e8501ed9a777d6d184686a69e

SHA1
0329b8f5facb15418755008aa241336f403b6db8

SHA256
c029ab2f77d6dfdce6649218696f09d46ad714542da1c2fa6c54c3de4e0bfbbb

SHA512
e4bf913b99a1dceaa1efa0825f81b31f4e05320d0c0b7e00b94e2554dd5c92d3b3bc81cd8552109ea25a41116b104806216e6296b8f7dbb284f94b601baebfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c4b1a726316b922c25cf2b884fc885fd

SHA1
f03e909333f5452f0259c4984df1bb82acc600b3

SHA256
68ae8d11369515dce724281a3042d9ce52167ac9325f1c0e0720bb8c8b1b5d1b

SHA512
3fc0499308433526d8afe9f6e4c32f7d35aa425f3ba629ad3136f0338af8058fed672f98432fc698657d5f5e7fe952b131340e8d1dd637a9e2d11c3e9473ba2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
35b19b0ede917b3a562ecb42203d5425

SHA1
b44c7eef5a765f1a8738cb01c662ac9a704f7821

SHA256
2a0accf4283cfbb3ff60eb7bd743af81a30e7ba5563488523bf3ab898cc294dc

SHA512
76a4416a75e91e0e94e473fe5b6ce6fe3d996bccadb63924642a907e496e9b444bb6cc2c9cde772cbf567e5e8c511e59fd41d97917f9a31a91dfc1a1e4d471cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
487aca772ec6c5ff8086cad1a6db948e

SHA1
5df7839f811e69cfb0ae282d18955c83d11c240e

SHA256
c354a03e3d7a8b15703f0fa1721e6584d2cd61880abc6339a78ca8150f89803e

SHA512
c09f7f427856760baec777e0bf409c34f83adbfaa811ba2969e00c994f9a310e00d2395f50ab225f161d23783d018a5afb5db4000aa386b7beb2b2396bd240ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0d5763cbf8094b988b6b2f3dc3dc6660

SHA1
8ec090ed289988edbad215a5621581e23d0ab681

SHA256
8c16ab9442c207744225bed73be3b3ee4b1007c3f3b599d8733676162db791ac

SHA512
aa44b91602bbaf507d1ac82a4743ccc4052e0fca81f7e8cc355bfbe258f69ddd28df56b79e4c108e4e5ef58a9cad8586e3bf79d3f527b25d92eaf409b92f113c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
40a50fbe1062c20240a2f53442aed663

SHA1
542de57a0fc474b94f33bbfc427b0dc0091530d3

SHA256
b74b02fc1813871e1b9943ea6c412130aef28296b375ba7d4636d7a7fc9aebaf

SHA512
1118f52bb0cf94ac52883560fd4c7f9c497d394ac1efc75e0621c82a7be41837b22a24d1898328aa2b8867fa12e73c51bbfc65465f3f3c7e15e0ba0052ee34b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dfd4c9da3151ba9ac923f746838ac811

SHA1
f9b1771d8279c1573918bd777492d12bbc084597

SHA256
adbee9d8a24e38f33a43f4827c677f5f82d5527cd1466513c30467182cd07bb5

SHA512
8bcc662a2fa1f0f27118bae79049b34f03b00897a7ff974219e5c359a1ea893c8eaa69df6b29ff4ee7c3df2c79ceb53df55e43fc16d892a8a5fe9a110f9793ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
699bb18d1f8b82a125f8713bc793d286

SHA1
e8f3650903d4deb4ebc2794648fd3b5f9885fc0a

SHA256
8914a771219b65216b6936f04fcc371871180abdbf7fc242f9b72918c82e0629

SHA512
c1339bbb7fc44e83194cdcc52590d1c21f28cc3ddcd20725935519506d66559b361b44e1b54d112cd318760443358ed51e52a195cc988c6fb362a3b2ca9a9f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
03526e9cc1712c30a2cc18f06c0d6a6c

SHA1
c1e895f23575446ff16abdbef1159294ed69593c

SHA256
c7432f3d59860297123fdf45b2d8f64650f5e3ed771148e88c134ee4785b35d5

SHA512
ffc83ccf3d16ade6980c6deeca15a733b88c4251b1c965871852ad109842986866cfd6fe48e0c2ab4d447e445dfaff0ee15295fec81cfdbcbfa20bb608967489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
365B

MD5
f021d6b0a40f5d216405116bc2ff75bc

SHA1
2ddb592dd226232fd0c18baf13b57cefbe2f06b1

SHA256
6f667e5932796c35bf7ee54cd1ab9a226a82c7d7b2aceb31f6bd8fab0461fe38

SHA512
252867300aa19a6f201d80b537708805f433b9bab66223473fab044916d884927e684070c60fee89281ac3411b30d4164cff6f3f0fae7d1a96b0c4f6f81240a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
58314332aa90a1764e9a4df86b38a706

SHA1
0c14699ceebc05959c5785a767fe82704c8a2d62

SHA256
d9ed1f7a486e352252d55baacacd3fe71fb15eec590b464f02d6fb7de54f52b6

SHA512
c34e9d6f6fe3a4cacaa733f5653c16924a98b1f4fc69c86f98ac97460436d2ee2dd32b918d2c843595ec2cff457ae9ee0e75ceaa9e2db67e7c2994f661423d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358072362940869
Filesize
3KB

MD5
592688c291bb7785a168181cd7a06096

SHA1
a0f894e753c116471821004fdf55cbda23de1041

SHA256
4108fca20236450fe3aa01d2337f9d5c242624fa58863f3b463ae32b6619d23d

SHA512
6a6ededc4cb3eed748acd0de266fe2900823a26ffc95c367a117454c4238c8e94ad2af65c942ae6354bcd87ceccd7cc04b9627e329c4a44f9aa818b3e088c81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
8f8a901fbb99d3c34d8fe97296c178b4

SHA1
a36c1c873e7d86ea40d6e7c50a9dd54965bf18ef

SHA256
ccc30763c756dca09417fd026a48f9f2ff7ddc7541e5a9dfa098578a4abb147a

SHA512
d3222cb17f92e54994fff0dab68abebedd525a3d32cc852afb698f6b71aefe8ab0cf8367f3ebbd65685968951e1881d552669a92dac120cd4d9f0f483bd4deba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
1c45e46500a3e50d197abadb88450408

SHA1
fd8a7a5939cff28e3a3d9595ad1035fc3ac92074

SHA256
8783da87bda2f10bacfc99e5bbd871c63b344cef0e971130075065d8dc879cbc

SHA512
b68779f2a244cc019b1fad83709ab457bf6eff4d8c9dc46cf2bced6737d525d7cf292d4567a0031a0b7bf7063b291016da9368695edac3b153723bd8f84e6db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
4b78e2d7fb5c405f86fd5607c8c5fce1

SHA1
fba909fedd0d194509664494c5bf4a936714d374

SHA256
33229e64585724b2ad47b4cf042b3edd3b38a09f73ec106bd55fc6722767f1bc

SHA512
e3750f152a3833d860e22e66560ad802e3f7fe82e55f8630f216e203ddfac2c70a2dab0367963e05da751469d8537456ea18ef67196c653c1da74005df28064e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a5554b04e41a051b43cde10cc88cc68d

SHA1
47cda31715f7c846061e25a228262d12ea9f1cf0

SHA256
7cadee73f7a5b6abd982ed782a302d899c8132ec7aaf05fd4e19149e1e66548b

SHA512
582fbc6218b6f946b74bd3c1c9e0ba6fef19cf8b982403c6fb517921c1093811967fbc34a66da729175e405226402873ece3c35705292515220ff3247b0f324f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fbd47a7d855b2c50408324facc1733e5

SHA1
044b4f0d55e24bf5334ba9c001b10353d01c17d7

SHA256
7570148aa2e9057b56a57075975872b6f9a84f127cea9d4d28f9669859eac258

SHA512
a91f3c5859827855fe992d50ab4755fa262ec00aa1b4c028e26fbb6eba44f4eb4d1de348fb185615940997ef50d6ae2cd9fcb90bd001f8640b9e686e2be9a92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f7b468e12021cd6cc9dd7ea4b97e2b43

SHA1
ad42fe3f5c5d2c854b4562d9db4d14d5417b427b

SHA256
52173c881fd183025bdc63aa7880fa1b5c17e3d330c970ed6a74a3aedf1a641c

SHA512
a6b4744099ade639e4ba93eb14824bf690ccbd7fe78e1b9c259246dc8988ebe2241127d345a5364b14d5e3bff16f42640a43af370bba5d9700ae0448b0db2402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6d8356127fff419484c0f1a2f6c9352d

SHA1
76386c667ccc107d476b57504a21d0f1ffaacf61

SHA256
b79dfe8ce4a1789eacd0a8be4cfa4b5e312edc435bd27d28af87c9f1bdcd419e

SHA512
02fe75061147dcda83d89394d73b310535efab653e137df285e02f05f1db47838b6c089fe6790647efd0529beb53fa0ebcf7d9fec67e1458f2a0e33ccb022fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0469c51678cf8faf25a47a06c6a90bb9

SHA1
6ca59c1d0baaba60c59754f86b79655a9a4aa48a

SHA256
829068c55f6e003294cda572faaef101ed9dd9b0fcd0b6cc9aa995487cefaf11

SHA512
a5852f5322e0b2464b8c4f179291edc994f9ae78413c55391f59912e55db6b3563e185cf9d0905f226a4f8e7e14ad86e88857791f9060bc85f9e283b6ff6a8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
3d3b7edb7cd710f40711df7f7a637acc

SHA1
5cf5501e499be86bba8fa5f73cb4d1462e348795

SHA256
3b138423999c7ae9e7f2a7478d6e8b25b82fc2674a1a13f6132b2bb3fb93ad9d

SHA512
6a3ef6e0f4733d23998f25baf31f4513b93916458eb24969edc1f477bac7c86ab7aa1643f42796117f6c14e6c9b3295d7290a06ed83f131d3021c2b195715d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
a32f1ae91588e5bc6bf0f799997c2a5a

SHA1
f76eabf2a0707b498e9eb124b22118238264967a

SHA256
f81c4d56afbeaffc2210a9742a6018c31385fe27923bb87ab2f84222068c7a61

SHA512
a3230dc09d588e77a4ee1917ea1d40ea0e5225d9be945cae1b3ce41ca09076fc9e85bc600b4a89fe58164928dc580de9648e419e5c693a20f2c017394116a7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
60799ec1c6fe946daed11763b270daf5

SHA1
1f86f3f5dbc5d84c2deeed6a44917f9cb6295350

SHA256
13b4bb32eb8d998347ad8ad3540ff46673738bf3c7c2218ec080a9675da6e5d4

SHA512
395f339bda505e10a3b0279acaa46cc9598e9c6795c1494b8a25d30368661c9d4485f6067ace7579225f2d53e7b0d52fd949609cf34bc2ef800a8f9679190594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c07dc092173b431aa07d8ede91f757e6

SHA1
f9b3c0a9b6765dfc545196e24a3ef8b17e66842b

SHA256
bafbbccc86da1ed1e5d8c4e1b50054a2926f14b5d3920b647b9a2fb9e6351daf

SHA512
112f4a0bf70b86a81a0039ce5e2431f1e9e57a7fd57b523c658b3ac95012f3111c9a18be13b54443c649d012424f36b60c7a1f865a7e31d89990dff5fba28907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
dfa46581c500b77aad011a24bdcc7dd6

SHA1
c0f8f3aeb8919eca062a8d8dccabc8918065d1c8

SHA256
ed29aa07f9f417c82f462463c3775ab81d1f23cb5eedfc928517aae1517a84bd

SHA512
89f9a2e11224b8ad5976e9ae8fd2fa320b351f9a88f1f476f7ee907e7c456c26484d394dd54e4fe130d191e5409a36e2d9cf608f1c86b54000cbc5074975cbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
701B

MD5
107e29eda7d7d70207ea1eef3d659523

SHA1
6a5ae2f1674d96bbc6925e2cca19d453eb62ecb7

SHA256
a96bfba2f8bd0f881ec0a1d4a7755a27dff116bcfa5e7f624c3c7ce77b704f7d

SHA512
5d9f4139645b8106602293cd62f9edcae3de7713001264dfdbb6a7c53009cb6737754dc8c5f87a9141b056085091f34001130cc8983c994251560c81730b9e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
83c98f48dd323d02adf3ba82f4c3f96a

SHA1
59da800d3d56bd02b3432cbdef8e1faec85a49f3

SHA256
17755ba7b4904102e0df8597190ed36f0ed6403376717add78b7fcfca2248f04

SHA512
9b1ffeac0b8242de3d3d2ac0a89b8565584f97d4cc23d313b83dedde82b1ba86e94145d6d4a2bb71beac2cd165985f96d21939baa093afac94f96678f0adf91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f119705c8b441ceee42347d449c62829

SHA1
96b434706ac37a2e3c1218c0082ee3889fbb2a2e

SHA256
c0570f4acea5cccabe36cdb46f8afb8b99d48dbf6704c44cbba0b0a231595658

SHA512
8c2f5c6309a6d299ceba04ab1cec8883b3f0630c308d86367e95139ff24eac2de9584436aec45c4370acaa01808eeec7c470f4f6c94db8c91bd6b14604df5344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1962aaea99945a8401e654ce9f85b4dc

SHA1
1560877fe595127cb4478bd25c793c85c35cc13a

SHA256
0e3d5cd2a8eccb9b6cc474a7fc2564bee4f36961defba7fac854b7b6dad37f56

SHA512
f1d2e378bb295ebadd66a9494a66b2cd0d334baaafa257cb5d99a32e700ada5b0eee7c3874ab60e3f14d366c297d5fe23de6fa272e0e6a83131a29f671a120c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
24befc5569ae25f6321d612d428107c0

SHA1
37445e5a2a3d5d48a3f81f268331a58deb58550a

SHA256
8d1b2c931bb9c8878ed1d176df962bc6ad1bd4ada21919635c7dac1618ace012

SHA512
55a1ac2142fe81abd6f494ec2c42f714a2b163ac6bdd4ca525d7028a593e1660c8015fb76144cecdd07ca6859f03e55c44431d49b8fdfbee3a1ed723149baaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
acedc27a7d4aa12aa6eac7a9733371d9

SHA1
a3fa422d41134dfe637e743159755c4b6dd20bed

SHA256
0ae62b61ad1a3f4cc600ff7ac25cf2f59e55928e20537753672cf95861d29253

SHA512
c66c026a3bcbfa4c8e207350d1892199de84437d69ed58e6119e25421e2cfb9573be74c280fead205bfa9e1b81a1a06ef2342c90f0721f3d62586a1cd1625b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
48bd8cf5532a4be11a998ebf64ed1b25

SHA1
f38de3864a1e1f86bfd9b745f571e5dadaacfca3

SHA256
ea9a340208dd20fe58467bd971903cc1a0c701348a1f6688182f8fa299708d6e

SHA512
5a6acaddc4bf3b265d79accfef3df5d49e77906ee74f45ca369c0b0a48376261d11a962f7cc72f045c0252d52de4952360aa65454adcd5bc01d9516d5e840b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e5cb590e021f8c61793c5a1bb8388941

SHA1
8032a2de424121ed9db896bef6933031bd425657

SHA256
195636005c78c94fa047132e56da4e526a9d907d93353aac1c8cdae92210ce8f

SHA512
95047021a2195449377e73a8e64497c0f93cdc03b4e83bb49e3022105bf7d44869d49bfd22f0200113cd171eed738f1e416ebf11b07d3c5797d8a1a4ccafb280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1d89e2b579a944549dec29578aaf7b44

SHA1
a4e26064e8f67816e27a476123bafa8a5a377eaf

SHA256
bb201fb3ba6e647657c301961130d213d45e75e142491b27017c9f3ad5f84a49

SHA512
b7ec1de4262ace9dff8ab221baf418bf3af828c1909bbba13e8d3adcf48d5cf69272f73ef0acd7324fe4aa6cdfa70c7c305384f70becb8a45c9c4d994e93204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b11285ac4227d1fac1b52d3d12a84ab5

SHA1
5b5a9c8cba478c5aa7f8580648912dcb413c1141

SHA256
5a973033b76ac5b5c6c9125a86569346349e6d83143b2d3cf467bc50b92eb2d1

SHA512
800fc7579967df7ad7f3d350921c842b6765cd0610cb9379cc8cc61c599c35b9452b4d3f4561e36e0a961acfad12a573bdd0b268da0dce27b36521c7883b7a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ae32d.TMP
Filesize
540B

MD5
4cf2ce45ef912b374d889863c16d88ca

SHA1
ade98bcc6ecd6b6f5c483b0deddbed253345f25a

SHA256
dacb367b1742abe120881bb49eb23234a06f6d099923e6089cc31b84ca78368e

SHA512
7c98ce85f47151f1dc105a00c7707ec214bfdd0d2b14fece48bf4b071546c3cfa28f44c58674c08ce63499b949a959539c51319bc0b33ea935a7faaa8a40e02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
46101813d229ecf416c55fb057d44872

SHA1
fdef9bce0da31b75a69a135b43b1b75f8cbce63a

SHA256
5ca170b7f613173932e09147b2d1af645bea3e0a69a005e62f6ab9c631096232

SHA512
98cb5abf9801635cf173948ba11c3b2c1bb958244872d27640d0c618d9aa5ceab779ce7fa1a4d576b51ac291e009f1340f7f645ecc210be4dc67fce48ee364cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
112KB

MD5
a2a998fad35bf1c7df356a25217509f9

SHA1
9aa5ec32d3dab4170f31cb9407a45f84d34cf6b3

SHA256
bb67a0243d04b936bb7d26d683740f94d546620f5efef8553d473803fb69fff1

SHA512
6b2bc117f2174a662b8e8a4c13b0c7490ae5fd8143b7b7dbf95699ba8b50a4d628f2aedd1b7510b42a6b136281d6817b73c365e4cbf47f166fef91f92983389d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
a6b2af520a1ebd26845e8fdb46bb55d7

SHA1
1b1f7b48222b6ee68101ce18fe063da0b4d1385e

SHA256
a2adf2cdd75720ec9fb1dc59314baeec4f2eb187a5af5ff469ecad402de1aff3

SHA512
f313a9cf0210c6cedbb3e8cc831104e6425c855a8ca9c0ae86440468bffaa8a3ebbbe3879cd7be4e4e78fb4b81a22a9a1acf97352cfe7f00a3a99892c3468818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
2dab03299e270d0393137ab711e7428a

SHA1
3b7777bb975aade5d06cca8722d203da8a8e837f

SHA256
bc3f40e5d4cc85d19fbbdb65f067ff46a24d4c8a55a4ba1a5290f6046f6a3260

SHA512
54f67b64576fda908d8ba1ab9efb76be63a0f60d322c65ce1a1a9818baadc573541fb6f47af5a8cf8aedb1719d68ecbb0fd9a645afc860da9c9c56e94d2a49bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
44736aef07d703a4cef37d806454d9d3

SHA1
cde6efc82fcb3ac0bc0fc3a86a6a4adcb06d7ec1

SHA256
08594dbb75112d58f5ee93d3f53aa23e069bd5e4b171043087c948aeb0d837a0

SHA512
18d44f10ffd631ecf4378a8d5be04a8f98f5c6b4ae6821652b6f5bcc5f6a3664d3d8a21791de324468de221f3ec48b2f0b71ac0281aa9b5b0d83491562c323c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
d4ad0536a16ec46b80b4582aef507b4f

SHA1
b1f34db5bf53293bed4c6994f29a4a3efa6e8475

SHA256
deca0c21e52d2c8e76e9b1beef00725c264be422e88f561c65e448d333ede624

SHA512
db2110a254db55cd96c545502a9768f632e5ba5ff353e28b9de9c8a3ab55fb8426a951b2498c0114ca81c4e9a09d5d1441ffc90ecdf25bc617a62ebc60e2a90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a5235456280a48bea6f8a5bcbffc0876

SHA1
dcf62bf7c4600d78ea810de08ef47efd89880f9c

SHA256
a4293ab5394cf14ebfafc1e6619176499c7484dac7dad8e5be904563c04c582f

SHA512
625ce94d3cc84a62fd135910521eb073ab1afdcacd3fc6a7f617b122b98736ee2326e2c267a3cd7ba023c4bc59515d74df491f27be7ef049b19297989ae94b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3b9137cfc3d14037b6f5777a94deb0b2

SHA1
08e99570e8b478eb328b3f341209f6d7f93b34b2

SHA256
22e6160467ab1ee62de15d0e0861d5a950cc1fa87fb9d306d51bfc4e1a49d5a5

SHA512
cdbfc7bdf386a5039df4291c0ab2dffe427a026c6a95dd89c14288c0d2ba8f017917b3eb3e8a3143760f0f05c119276d8017a3c01d38936f35e09a259782c89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fd292ced2dcdb859c0df5ae635470d9d

SHA1
6bf9f271daf26e3c995bf2246bc12a66bc0d62d3

SHA256
f25312700a9cc24899c1c1820d3c0dca6318da521449fdee276f1bfdebb0b0b2

SHA512
ae1de485e4e3e416868dd7a62b1b4e9cb6927c8be683fb96e80de9b0b9c2ed542a9896517b94ca41b7266913bb81dea02235055e6b763a69dd78e155fbabbf57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
9ee46bb0bf91b3a5f9c7246a42517511

SHA1
9787cf1606e54897871c2a26eb3ce79084267064

SHA256
eebdd975154c8bb3abdf6927e167d46d4b5477903a337f5a10c734ca5d169809

SHA512
7393ed98433a7b7fa5ba5a045511cc66d70a3d757d83cd2100d90585afec57c71305614c580edc4ad2d3173b31b95548d76806bcddbaf5031bc4e69402019be9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\10601
Filesize
9KB

MD5
8e994dd50ab342e2aba0ebb6b9479090

SHA1
4007a555635d540ca708c1365621e66182f1407f

SHA256
f5b71b4d28bd3d464e463ed35089f2a1435faf91498863c0c348900bdf775c46

SHA512
c2187a868ce8dfe3d2c87377fa10c3cf74a3a9a71dc601853149ae1b466bf960e800031842be199b359b5ab6f237bd551d6a406b70dc8fe3ca6be3ea69959f03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\12774
Filesize
9KB

MD5
89319dfa4ce0a99c8d89b00703ec4eb8

SHA1
f494f29b78b466aabc7d797060a6415c91a526ed

SHA256
1c952da9c2c573b17e5c230d93c0cc83e71ca656055c71c1f4eb42e68db00baf

SHA512
fe82fb8312c41b2b8f753fac60a8696f9dfebc9648cd040e848765a2e1da6ea29ca77789120dc4c71444b08f5df31da43cdcb30b072141719afad3aa201301e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\13603
Filesize
9KB

MD5
ed3dbe22a365309c26b5224ba220184e

SHA1
14b3a17cf672f143a945ab32abc31a351016ddd8

SHA256
a9e2b592a9824e3b949940d5360f35f705e7b8f062fbded7084eae06672047e9

SHA512
40f66e9634bd42bbc18a81d091bdca3292c9502885d700143c58503604e0a0f1e89d991a2b30f070f049bd2f60e75f9a6ed6f75c8e1fa3a098bc90b47e8debb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\15721
Filesize
9KB

MD5
a4091d6e4f80ae5eaccc5e0c121bce11

SHA1
b5cf8c44d8e83b92a0f35f5598754c3f14732ec2

SHA256
2a4fb996b5bef40444a7f23377971033163147285861242767ee1ed096cb0969

SHA512
abeedbde74ae922bc89126bb10376849076ab8e7beed2bff6b1318cca8e8786f49690abc1b4143050177a3d7c32a011131e11ca92e13e881a9fa200fb37508bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\17518
Filesize
9KB

MD5
d9117d8987c42c27b6098f03317e7065

SHA1
e05b41aaa37397a5c09d369a7f79dceec2b36780

SHA256
8072c9a3bcebebd992f550e0388e2a59ca33b7ef73b388de3201c2b04cb54c5f

SHA512
9927e836232d22dca61de5ab709b5c72610c17c9bde9aa0ae49aed5517770d16054cecc5358259a97c356dc2f6eeec6db4371460acd0a0523721f4d46d11c9a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\18859
Filesize
9KB

MD5
f5be195b2f11d86214b13925510030f3

SHA1
00bf9de7c49755f044c6ae08ea63b07d230b9df8

SHA256
bebf6029f681122ffa7aef0ec0f2fcc928b72f3910dc80ca5007d311fa567985

SHA512
2d2b08bdaa42ef01897935b5d66f25204ccbe9f2235e9b93216c3be3d72cbc4a9f9973aa07d25b7de55bbfb683f49f0b9d3568ba4e20bb5a4289d8cf2fc7dd55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\20064
Filesize
9KB

MD5
c15ba78669f8e1249c24868888926327

SHA1
f3d47842cccc285afeb4a2febc3e269ebb418252

SHA256
9f864d6fd9974a6a42a4ed0a9705e78d7b6e0cd6e8da958f5b660153713b867c

SHA512
94e742060e0b5f942397bf935426a79e5ea0f6733585ad6b855d3b6aef7dfac4f26e3d6e6debdc9dfcbf9db9d5a9f0282a37e9ff66243ae9bab7fcec78fcabc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\25091
Filesize
9KB

MD5
72593671ae37465d03bfadd9fbf8e63a

SHA1
6d35959dbbfac4d5efe82658bd0adb0a0593e8f3

SHA256
f73af9778f17e431d0d680b080dae30633a9d244d25ed4e3c212859311303828

SHA512
cd9df371c8dd76f82fd9838642912575e431d25faf73c6164b9d285ecf3453bde5c159daa25d138741c16106cca291c2ea1d70323f739989293b1ef2a3028bda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\3039
Filesize
16KB

MD5
bd58754efb713a537557d99c275c30d8

SHA1
9a11df32aff91e9621ea819eab02255dbd843864

SHA256
43ee9af3f9efd7e9b556ac3b485edf485c7325cd2aeced2a54cdcff4907377ba

SHA512
649342f157cbb728f0ba881ad3ae030cf998e1f58ccc434b577efc4687bc1262ba5d43ebc18307b5b0f0b22fec2f99110959dbaa5a385d1b2a2e6fc6208b9e68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\30464
Filesize
16KB

MD5
5b98bba162bbd64d95acf0d5d1465576

SHA1
a0975ad4cd77365f5441e828b0fae0ad0b54e7b5

SHA256
895861de18e6e40d47c9cae5faf97feef0d63f5a1a9b4951a3e41d0a01c91085

SHA512
09e8b740fda4d1663e1e33d2ee2860e792187bd5639faa64b321f767dfa3d5e3028565102e175c2aa64d515adb3cd302e2e438062222639795ee6672c5eae5f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\30657
Filesize
9KB

MD5
7e0b270e8c377bc6513e6cbe121f401a

SHA1
dfbbc06ec49d5c1e5f1c2310cf2672ab0cac238c

SHA256
84febeee61a1b92baa963fddc04de8e5ee4856b39410755dd794e3b82fe389cb

SHA512
2792a682dc778085356d79253a2ef53376ece650440d3a2d81cdf7b90cac7a3ad657db51db989780afaf8c06752b68b8db53285b1fd1cebdc453e73aa0c9743d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\32104
Filesize
9KB

MD5
dbe0d8a3bd170714bb2f151f4fb9d71f

SHA1
90f74d6dd2d04cf3e7bca5f0540262fa605a305e

SHA256
08b6392d5336c37d1c5dc1a7d545e804562a1c4ff51e4542e6148bcd5af018a7

SHA512
2021ad8a4f580ef5e592bad914f8d2389698b3d79bfba8f08c77cb8e6860ec87f219e3b640067b701ec3d72e03163f313b4b28ca51edb006735e667fa92da67e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\5043
Filesize
9KB

MD5
4469dc5f532e0a4b1a009c25bc3eca4d

SHA1
b81b681ab67904826f7ebfd9f63bfb0219f9d17c

SHA256
92b84d9625c0dd0aabbb72f4e408134de5681195e98b05f6b815241acab2f8d9

SHA512
1d548e9db66d322791850064f8e37daefa3e1ddd4a9bdb7117fe07756865b218ae6ad8418ec43493357f2883d040434b0b9facfce7973e3a679bd6597031b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\7599
Filesize
9KB

MD5
c908c04ba8df8c318e626071fca3c889

SHA1
312b6e642074f207ee5812fdb802c817d0aa51c0

SHA256
68924c99e8f80a6472a303122f28d91f5a005d5b1f8da5a7d0acefbef4a79c6b

SHA512
697f19c0082e4c184283def1f68c7481609e3ceafaf1da1b77b0a91ae9898f9dcd25c5e145156a748eac7d39d2c4de90d6767b3b885ac53eb31e10376b0c0cb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
d41904f97710b2ba8243bc8191c00733

SHA1
f2b74a859600c7bd6494a5fac39a6f5577154caf

SHA256
536622f1a503601f5dc69bbde22a12cc26cd7be27c39666e622cc4932a6c33cd

SHA512
347494f7fe8189ba399c8ccb78c024d9c9e93b80986b1b57557e40293ad28c32a1f739e75a17bf611f9415b405993f539c9cb73cc9db171bcabb53617b3bdbb0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
ecb8bb6da8424f5c9d3047b6a4da567b

SHA1
07ba5c0b6d136c725f31a3c55cc7c4f060fb014c

SHA256
155c89f8430e6a9a33dee522bfab40365ce354be545a2c346afc6b0459a34860

SHA512
db11874e3152e0f0a8350e439035ff28613761c08ce8d717712b0adf5b455f85957e2680e591a1734615ed4bc5af1d4dce9def78f90be01d2fe07c0d608006b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MultiMC\multimc.cfg.mI4348
Filesize
1021B

MD5
d427294aaa1e95d8b463312489aaff52

SHA1
c3c9da50cdab024086477882d4bc720a65481e74

SHA256
2c5e673477991d0ce3b5eea26b3e7d9ec0e6cde6a771b5a4cbc93c62fd9c2e4a

SHA512
1f7531f778c8b71c5d7d4953b9dedc8a6c220918d704c52741af0977cba823e5041a93ad5cf18e561d03d08b0b92ddb9abb90b060d98c48a3ecafe9cb6f884cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
11KB

MD5
d349b418fe2ac633b1d9a7616b47f1bf

SHA1
bfd78e8eddac69dc8689228563187f5ab62db100

SHA256
31b50d077176cc8b18845a1c77dbd676e97f07ad8fc90d484897d9c4385a8328

SHA512
dae13c34cbbb1b27f043c3f0aa07f018715f625515472a3f992f53e3ae09636931b327297a7124d56f10d8b52de7171bd9af9ca0614b876c19828f8978c07fde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
12KB

MD5
e409db6cdbb75938d15164c4037564b6

SHA1
d01d00b7bfef21b497a67d0d9641c8574f36fac7

SHA256
0b3da142ac1c2091315cd0655c88762642c2cfdb618b18578ce10e6a05f96ed0

SHA512
87a8b1a08ebf928eb17f3ed59b63bc668c1b71c630769733993feb0b6f626f48ee8174de6237afd76960eed4247eda5b649349f7a5628628371b82660b02c779

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js
Filesize
8KB

MD5
6b14e1d2e85458d5d8f0fe82cabdd8fc

SHA1
256faab00150d23012dbbf9e9e4de817c4acd111

SHA256
2a83ede873fea314eee22bb13e0d084a7c45833eb7cda56316412f697ddbede8

SHA512
0d2c26fffe11285499373bd9900213da3bc1fed6d294369cef16a00c14b144dee7341656d490a3320ee70e8d1627d466ff227c82762a8ed7ad3b1490db1f8f1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js
Filesize
7KB

MD5
87a139a292c1f474e4952520b1d64a62

SHA1
42630f298a3838ed3f53c2fddafb9ede3395fcbe

SHA256
4ef4c28eabaa25796fff4ce29b8430e6d5ce261156f29927d8635a48d90793b5

SHA512
3e933589d30eeae492cefcf59e95d386e5006730ab139431db3fa62d3f38dca8d06b03429f542f8b577784d50c80a4317681940a534909e584eb7d3d5c53d6cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs.js
Filesize
6KB

MD5
262b3e13bb63ae33ba4dbcb07dd8ee43

SHA1
13b72dd8eb80d44a323d62f77d07555fe732cb55

SHA256
1ad03508fc1239a712b285953637bd6796e3d23c575f24656456db3b6f2a75e6

SHA512
1ec34536534fa02377afff5cb2cc3f5382bf57e72b401ce176b7983908df18f7beaac6f4b49107e873859a3a417c6a60fe092512a9f75245c7220965de173706

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs.js
Filesize
6KB

MD5
71c2afd7ca2b3c38b10a8764f41b6952

SHA1
1df1c974101a7914ae7989ef92dbf1a8a5f84580

SHA256
de30a56cda1a2d44d276a16f99d936d36d6aab11b54e0d652fc545a5d3f7c997

SHA512
d255b8121e86221580366f4883cbde34c6915c4fa6a16f60446b03016494edaa2f04a48755828f0ce80d453dec4b23f7034479f51495657056e552126ab4414b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
d882f3f307035a98106d5744f6138c5c

SHA1
0940a6ad929d5bb42d9d54e02aa11a428e6330ab

SHA256
2267f5a785e00e18a4565cdd8cd081de656c3daa18e7995095aca71fad6b6472

SHA512
7c7195c2abe0c9eea893fb67dd97a3db98b890c4c9bfe10a472266cbfafee6bae6455f1623ac113da28f1ca56006bd6f1e3c8598fa6879390a78734f9e1eca44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
fb1817510345f0b166ab49a1af9bdbc8

SHA1
6b065d6a8574410df358e1956e6efeaea3f03a7f

SHA256
63b8043575b1f88d512786c7873a51e19b4a8640e4971936f5f1f25fdb53b886

SHA512
6359a074add3a7f0033a602d87e214fec79ff2a83ee8324136bc01aa6023d8b13fe7d6ad14e6a3b0789d0f10d38174260d85917900764e540043ba3b4a898848

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
8c72d07d1189fb83104d798bc49e52d3

SHA1
ab08ecd90851422b81d15587ea0bb91ca7f79c2f

SHA256
2b4fbcde3971ac7f733b83ef84b37ef7137db9d7793fc9fede4492c85629b68c

SHA512
4af83f4b4df723339f518f78c3bc884b84f2e6ddfc4d738aab4bcc6bc404c3ca508cfeacc0803ce63155ad027350cad61f92691af15740f9b1725088b8895eb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f79c9d40c52476db4acaf78748151beb

SHA1
e4a89a7f57617d82f03995c1b781fab5f09bb55f

SHA256
eac2193461003ba36cb94af41fb900edddd8c4376076cf2379f5d02061edd42a

SHA512
70296d3c0daaeb5d8204c54a1a32945f62f03b81346f04ff8e687a91e15a85ec3ddc33f706df1fefb926d2b6666208095c1992eea85788ae2235299a855b26da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
2daf50412ef76497d987149423910825

SHA1
670dcb107cecd738cac346a98572c86a0fa28ba6

SHA256
9731e7951927b3174a3e1c7be88df8a990cba1622f4f375da3977fd01a1990a4

SHA512
7856fe20605a97a24f08efbba2560652411231f5e6f095a40bbe102b4cceded843c7fa3be3a97e5f32e042a2e7faf6b8c487f54ba70e33c356924d3c32b906bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
98745680df298356c1db77b84341f3b7

SHA1
71b279a845f395ff2f19873d1a5dfa2f785c5f7d

SHA256
7f4d39d85a994591791eb1729c698eb4d1c918691bd0a2a4ce839454581daba9

SHA512
f5febd8bb27da7db7916bc45f48cfa9f1da194fee5503083aa123aa156fcf4c82d5cc86d4c5471ab9932720ebd858d6461c39ebcf5020208dd98d1a4ea8fa87a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
d00957775820891a85006359f30293e4

SHA1
4ab8b605e042791c9fbf56871927ecdc8a31b3fc

SHA256
e17654f35923df82b7672b42eaaaebe3619c680150384ae35ac1bfedae5bba3f

SHA512
0f7c5e3d01958cffe44b2fa845c83fcd61c56989f1971e8cfee975d9615311a5390e1448d56f8a6b46b78d77a0385e8bfefbf0b939581b7f9b02506c98f2084d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
dec117c18ac548178a906b22c4e19fdd

SHA1
a8409811a4aa617c6126dee2b816447e4e20b471

SHA256
2a857b327864595526d415a6b02a4851c40a074e5eeb653376e753713a8e1842

SHA512
936ee9b1c53b2b05846a3ae9c94b6a4150add1519c309c32cbe52fc01821fface9115fee8865c79bcc650013167fc87ad684696489c5cf2e9fc0aa3a278daa4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
7f3e369321bef3d33fd88fd4cd3b5070

SHA1
3df1c3c2000f893495a9ae425b854adc1da65691

SHA256
f06eebc496bc9d16c1525f01585d342e8d90ae5be00a3f3580e291eff904e8d0

SHA512
4aedcce99e8a2533e30f6fccdc365d96532b3038a5c3a198cfbc16c06284284024ed7cb17a3cadab08ef2f261aed6fb57bf7320dbae50fec9adc82600b177831

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
f5124d057549b093c47abfc276391fb9

SHA1
2dc681a1d72dbc9086fb7a0f2a769c4f6d398c19

SHA256
6056b1fbb8009c1cccd138e814a4e4bb05207a2c5da802ae625e594d5fadacb0

SHA512
8032e482cecaf4f77c9d3354b29b17a7d1386eb9f3ce85631d1737e3cd10f0610cc5d38fd9b5c947432076a0735617a1cda59b6c7cb7e68600b2a1792b3bb9ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
269608338c0cc80433449e35944d5447

SHA1
a1cb29115041739875caa1ec18e5b821b3620f77

SHA256
778a313c94ea0efeca6bf6b5a51c7645f42c2efe1a7ddde4ab49c23821f3563e

SHA512
376e554fd914fb5f3ea5936cb6bab7f2f3e78358a9e5225c638184a095f16ec11b959071844387f87414c9d6cc2ef715b80c756c621df016342420782a4fad0c

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2856-168-0x00000197903E0000-0x0000019790650000-memory.dmp

Filesize
2.4MB

Download
memory/2932-191-0x000002C980000000-0x000002C980270000-memory.dmp

Filesize
2.4MB

Download
memory/3168-251-0x000002B0DD300000-0x000002B0DE300000-memory.dmp

Filesize
16.0MB

Download
memory/3168-345-0x000002B0DD300000-0x000002B0DE300000-memory.dmp

Filesize
16.0MB

Download
memory/4348-37-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/4348-0-0x00000000014F0000-0x0000000001A65000-memory.dmp

Filesize
5.5MB

Download
memory/4348-42-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/4348-43-0x0000000004D50000-0x0000000004F62000-memory.dmp

Filesize
2.1MB

Download
memory/4348-3-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/4348-2-0x00000000014F0000-0x0000000001A65000-memory.dmp

Filesize
5.5MB

Download
memory/4348-40-0x00000000001C0000-0x00000000001CC000-memory.dmp

Filesize
48KB

Download
memory/4348-39-0x00000000014F0000-0x0000000001A65000-memory.dmp

Filesize
5.5MB

Download
memory/4348-38-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/4348-4-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/4348-36-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/4348-35-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/4348-34-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/4348-33-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/4348-32-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/4348-31-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/4348-29-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/4348-28-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/4348-5-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/4348-41-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/4348-329-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/4348-27-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/4348-21-0x0000000004D50000-0x0000000004F62000-memory.dmp

Filesize
2.1MB

Download
memory/4348-20-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/4348-398-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/4348-19-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/4348-12-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/4348-10-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/4348-11-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/4348-7-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/4348-9-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/4348-8-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/4348-6-0x00000000014F0000-0x0000000001A65000-memory.dmp

Filesize
5.5MB

Download
memory/4968-244-0x000001E480000000-0x000001E480270000-memory.dmp

Filesize
2.4MB

Download
memory/5096-163-0x000001C6172E0000-0x000001C617550000-memory.dmp

Filesize
2.4MB

Download
memory/5100-326-0x0000021F80000000-0x0000021F81000000-memory.dmp

Filesize
16.0MB

Download
memory/5100-137-0x0000021F80000000-0x0000021F81000000-memory.dmp

Filesize
16.0MB

Download