hxxps://www[.]mediafire[.]com/file/as75svo5cxaejqj/ezyzip[.]zip/file

Analysis

max time kernel
437s
max time network
439s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/05/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.mediafire.com/file/as75svo5cxaejqj/ezyzip.zip/file

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 17 IoCs

pid	Process
7012	DiscordSetup.exe
6556	Update.exe
6696	Discord.exe
6804	Discord.exe
6888	Update.exe
7160	Discord.exe
5696	Discord.exe
7020	DiscordSetup.exe
5640	Update.exe
6716	DiscordSetup.exe
6916	Update.exe
6744	Update.exe
6892	Update.exe
6272	Update.exe
4692	Update.exe
7064	DiscordSetup.exe
5648	Update.exe

Loads dropped DLL 8 IoCs

pid	Process
6696	Discord.exe
6804	Discord.exe
7160	Discord.exe
7160	Discord.exe
7160	Discord.exe
7160	Discord.exe
7160	Discord.exe
5696	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
298	discord.com
351	discord.com
481	discord.com
68	discord.com
167	discord.com
395	discord.com
426	discord.com
427	discord.com
430	discord.com
477	discord.com
170	discord.com
219	discord.com
300	discord.com
301	discord.com
345	discord.com
425	discord.com
220	discord.com
229	discord.com
429	discord.com
431	discord.com
475	discord.com
491	discord.com

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "122"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "541"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{EC8E959D-BD5C-4C24-A0F9-2EDDEA5C69F = "\\\\?\\Volume{38FD360B-0000-0000-0000-D01200000000}\\Users\\Admin\\Downloads\\ezyzip.zip"	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 24a25249279dda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\ = "13"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "421501065"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6c2ecd46279dda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{EC8E959D-BD5C-4C24-A0F9-2EDDEA5C69F	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomain = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "751"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "26082"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url5 = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url1 = 4ad10e63279dda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomain = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
4956	reg.exe
1092	reg.exe
5916	reg.exe
6172	reg.exe
2928	reg.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ezyzip.zip.6g60qnc.partial:Zone.Identifier	browser_broker.exe
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe
6696	Discord.exe

Suspicious behavior: MapViewOfSection 12 IoCs

pid	Process
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	4404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	208	firefox.exe
Token: SeDebugPrivilege	208	firefox.exe
Token: 33	3916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3916	AUDIODG.EXE
Token: SeDebugPrivilege	208	firefox.exe
Token: SeDebugPrivilege	208	firefox.exe
Token: SeDebugPrivilege	208	firefox.exe
Token: SeDebugPrivilege	6556	Update.exe
Token: SeDebugPrivilege	6556	Update.exe
Token: SeDebugPrivilege	6556	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeDebugPrivilege	6888	Update.exe
Token: SeShutdownPrivilege	6696	Discord.exe
Token: SeCreatePagefilePrivilege	6696	Discord.exe
Token: SeDebugPrivilege	5640	Update.exe
Token: SeDebugPrivilege	5640	Update.exe
Token: SeDebugPrivilege	5640	Update.exe
Token: SeDebugPrivilege	5000	MicrosoftEdge.exe
Token: SeDebugPrivilege	5000	MicrosoftEdge.exe
Token: SeDebugPrivilege	208	firefox.exe
Token: SeDebugPrivilege	6916	Update.exe
Token: SeDebugPrivilege	6916	Update.exe
Token: SeDebugPrivilege	6916	Update.exe
Token: SeDebugPrivilege	5648	Update.exe
Token: SeDebugPrivilege	5648	Update.exe
Token: SeDebugPrivilege	5648	Update.exe
Token: SeDebugPrivilege	7416	firefox.exe
Token: SeDebugPrivilege	7416	firefox.exe
Token: 33	5800	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5800	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 20 IoCs

pid	Process
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
6556	Update.exe
5640	Update.exe
208	firefox.exe
208	firefox.exe
6916	Update.exe
6716	DiscordSetup.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
5648	Update.exe
7416	firefox.exe
7416	firefox.exe
7416	firefox.exe
7416	firefox.exe
7416	firefox.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
7416	firefox.exe
7416	firefox.exe
7416	firefox.exe
7416	firefox.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
5000	MicrosoftEdge.exe
404	MicrosoftEdgeCP.exe
4404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
3476	MicrosoftEdgeCP.exe
3476	MicrosoftEdgeCP.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
208	firefox.exe
7416	firefox.exe
7100	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4696	404	MicrosoftEdgeCP.exe	76
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 4104	404	MicrosoftEdgeCP.exe	78
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83
PID 404 wrote to memory of 5960	404	MicrosoftEdgeCP.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/file/as75svo5cxaejqj/ezyzip.zip/file"
1⤵
PID:4716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5000

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3476

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5684

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.0.1742171768\1420863989" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b905b734-9c3e-4e0c-9deb-5e4aab6679f7} 208 "\\.\pipe\gecko-crash-server-pipe.208" 1800 2a4ae50e458 gpu
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.1.1903706858\846583447" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d02231ef-8bd8-421c-af0f-42d3a8d593a3} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2152 2a4ace3b958 socket
    3⤵
    - Checks processor information in registry
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.2.1329441907\2078012038" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2768 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de8b9900-0f46-48ff-8864-8ec30baade3b} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2788 2a4b13f7e58 tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.3.122436263\701962424" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55eccb57-b946-4143-9ffa-1ffe8c63957f} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3488 2a4a226a558 tab
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.4.907584913\695213905" -childID 3 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d2e49c-e8e9-47de-b7d3-9803655539a7} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4232 2a4b3518858 tab
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.5.1558048035\1499165471" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4888 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7b65cd4-7202-4d7f-bd5a-852a16e5fc8f} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4900 2a4af809658 tab
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.6.263229868\1926327976" -childID 5 -isForBrowser -prefsHandle 4800 -prefMapHandle 4744 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7676e3b-27c0-4b32-8863-08733d0bdc11} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4804 2a4b388f158 tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.7.156791553\398335537" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {597f07d4-a081-4351-a099-8fc92f267c6c} 208 "\\.\pipe\gecko-crash-server-pipe.208" 5144 2a4b3890c58 tab
    3⤵
    PID:5248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.8.219967417\216700673" -childID 7 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f31bb798-836b-432b-a4ff-439fe6cc0cf4} 208 "\\.\pipe\gecko-crash-server-pipe.208" 5676 2a4b56a2c58 tab
    3⤵
    PID:4060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.9.315396814\1396063680" -parentBuildID 20221007134813 -prefsHandle 4664 -prefMapHandle 4616 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32357735-37c8-4bc0-8923-3aa50d44dc56} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4608 2a4b351a658 rdd
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.10.485262624\759926348" -childID 8 -isForBrowser -prefsHandle 3796 -prefMapHandle 3000 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0a359e5-8a17-4978-8076-89f50fc59a95} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4612 2a4b3891558 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.11.408177121\2075592584" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6160 -prefMapHandle 6164 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6572e06c-08ee-487a-904c-383dd718898b} 208 "\\.\pipe\gecko-crash-server-pipe.208" 6152 2a4b3890f58 utility
    3⤵
    PID:3788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.12.1386047696\1201475810" -childID 9 -isForBrowser -prefsHandle 6452 -prefMapHandle 4556 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a85f1fd4-e2ae-42ee-b518-e5cc987b88bc} 208 "\\.\pipe\gecko-crash-server-pipe.208" 6460 2a4a2268758 tab
    3⤵
    PID:6532
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:7012
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:6556
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe" --squirrel-install 1.0.9144
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9144 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4e0,0x4f0,0x7ff765973108,0x7ff765973114,0x7ff765973120
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2404 --field-trial-handle=2408,i,7097570031759775474,13844114162994564387,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7160
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        6⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2664 --field-trial-handle=2408,i,7097570031759775474,13844114162994564387,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5696
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        6⤵
        Modifies registry key
        
        PID:6172
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        6⤵
        Modifies registry key
        
        PID:5916
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe\",-1" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:1092
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9144\Discord.exe\" --url -- \"%1\"" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:2928
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:7020
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:5640
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:6716
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:6916
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:7064
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:5648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ezyzip\start.bat" "
1⤵
PID:2124

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6744

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6892

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6272

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:4692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:7380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7400
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.0.1382362295\1990568285" -parentBuildID 20221007134813 -prefsHandle 1608 -prefMapHandle 1600 -prefsLen 21211 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ff10268-672f-4739-8bde-509d97692cfc} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 1684 187453fc858 gpu
    3⤵
    PID:7552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.1.1319244724\158010576" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21256 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0a702c-1b38-4c67-86ad-a4fc9c54599b} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 2004 1873a4e5b58 socket
    3⤵
    PID:7620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.2.1874911029\870265410" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 21717 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3d0c10-61eb-4c61-a37e-7165dd700881} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 2964 18748dfc358 tab
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.3.405529276\1290530235" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3504 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92420f4a-78bb-42cc-bcc8-8361d2f1eb44} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 3544 1873a430858 tab
    3⤵
    PID:6328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.4.1981337289\600869321" -childID 3 -isForBrowser -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 26897 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43cf12f3-a4fe-4e03-887f-1f4f830f2557} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 4740 18747d54858 tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.5.713099097\1642496718" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4880 -prefsLen 26897 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {378059f8-ee04-4fb3-9cef-76ff42010abe} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 4680 1874b3b2858 tab
    3⤵
    PID:8388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.6.806891861\354073342" -childID 5 -isForBrowser -prefsHandle 4596 -prefMapHandle 5052 -prefsLen 26897 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de622ec-c4f3-474a-8ec7-9f8e0f5f290d} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 5008 1874bcf8458 tab
    3⤵
    PID:8392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.7.1942639911\1917488605" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 3968 -prefsLen 26897 -prefMapSize 233583 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d15afb-561f-4a74-9866-ba08120cce88} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 5440 1874c799858 tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.8.389240870\1638294696" -parentBuildID 20221007134813 -prefsHandle 5704 -prefMapHandle 5712 -prefsLen 26897 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4973f1fe-e19b-4ad6-9fac-745136fe2d93} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 5556 1874a3e5758 rdd
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7416.9.217804029\1234522773" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5700 -prefMapHandle 5720 -prefsLen 26897 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ca046e3-97ac-413e-80f3-36405278d38d} 7416 "\\.\pipe\gecko-crash-server-pipe.7416" 5624 1874a3e6058 utility
    3⤵
    PID:4480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x23c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ezyzip\start.bat" "
1⤵
PID:872

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a99855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:7100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
1.5MB

MD5
7bf82fba058585b84d4ce949f1117364

SHA1
0b44729b8b3725cab23a16257a85de71f848bedd

SHA256
4d97ccb7007408e09c2ec9c66661b1ae8d7f2099472ffefaf59b149a5d11f8d6

SHA512
f0c59c1edfb04c943d0d6dfd657358601bb1d79eae9a690cecb50fefe0860b1c07e1407f7de43340213acf165371f1ac2dcd94e31e9cccb8dae0acf485746421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BLQDLNEB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21650

Filesize
32KB

MD5
b8bde7af5db3c2d13737c6d1e45b07d0

SHA1
725c7971eea4db8ea408292a5b5dca0e947cf47c

SHA256
a72f6077a1fccb5408a8ff3d4c70ae8c081319e829e277f68aceef0a45d788b3

SHA512
7295dcc5e2315b9daadc05c7ac29ecc2b038aa66fe236024d10f380d63da812680979679678ebe86fbb572622fe5850470a8bb47c25194624d361cc331da60bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22896

Filesize
9KB

MD5
92699f36a378afd63a82bf9986dce5de

SHA1
4d4fb8cb91c31cf6149b93bf369088272f092a85

SHA256
ecdfbf393b950a347efb1b1708a239d2c972f8478aa700b6260f196f2dbec611

SHA512
e10c5cb69d64a4c11d96067a737a11ecbf3daea787720aadc50e583e2f3e0d2d39c8d32210e963626c3eb6691a50db84065a95268d87eddf4029ef2d8fd8915e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25275

Filesize
1.7MB

MD5
c6ad92abc03f846c87313241faa1b096

SHA1
1c9abaf42c7d239d678079af72511a0c2395faa3

SHA256
4fbb0fd4807987135154c4c3c0ffbf2bdf7ff2f1f222a5b8047883b12e728f71

SHA512
dbf876a65eb6b3c759369bd4aa2727eb118cc99fead69ba079ac4bcebed7b1abe715ec93607dedb16e5e21344eafd20bbdb8d3efd50bae27c3d2ba95ed47573c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27218

Filesize
18KB

MD5
e1a201f56ed077bd7a6ed1df8c5cff39

SHA1
c0e1df99244aa3262df236f0e4ac26468a7770d5

SHA256
f0b80b8f0592c44850a4b50ee41063885d323ae250b1e04ee4bc781e763920ac

SHA512
a64b81e94a078cf686cded1f5fa311027ccbc1a7edfddada38fadf5f42aa4c0a368a3acf9ef3ebc1f4c1872634ee625760e84fbe175276122edaaaf9317f61ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27520

Filesize
29KB

MD5
a6be290e48f2c2271c6e4ad60a1f719e

SHA1
70856347d8da800df063a10894fed59aa9ddf751

SHA256
9ea382a38bf244aa74b3aa0dae9f5d284d16214746ed293d26b3b2b7ed1499f3

SHA512
055ad4d612b9271e6cc5d429c97a32f50902d8c3c63cbe6c3bf2706d2c202747a4e67db26ccfd59046ba08ad9c64c4e9a79906a0d8f6a1bb105e98fb8c69f45c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29586

Filesize
8KB

MD5
ae2915da0f97f4bdabcca391b01be7a9

SHA1
777730270b279d8cc5ce220204547c7df1a0cd19

SHA256
26cb00b91b4fcafac9d4a19c63709347d3712271924de39d87ef2d0aa8e223ac

SHA512
605e24eedb35e395f3b69f7c1d18380295452f077c2ed8d7f0d9b1d46cfc8ac8cf8d2bd8d7df9ca20d5bad39b22958652c0e578f8adbb059dd7be54c4d3e6b02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29764

Filesize
12KB

MD5
908239f4cc7f3ef7669d131e43afd3c8

SHA1
e13f5f83242e1ebb7f6efef6f1357440616a0f53

SHA256
1a84f166f117207b486d874049f2ea50e6b16242331498a0792b3237869b8b54

SHA512
5fa77c5174784ea97fa2dfb5b4a25085e2cbfab0051419b6f6a7c80a6e12b4609a757dd2a897223df1816f2d6f87303a6aef8f30d77f03b5fd6a4dbb2fa25f1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29876

Filesize
12KB

MD5
41c94e79476217cb64a2d19cdcc8d158

SHA1
86de41ce0986a29053103a3d9a681ced3931ffde

SHA256
5f1d73171748e6cfb00187f1a16da8bedb3370b0456e3298b74da7bec2da6d49

SHA512
f9684e2d79df13aaf6c4102ba0c25fe5f7010ab674517a6d48fc399d61bf2416447077b5163d6fd524b4cb87c5e18af4773de55fe00509094a40931727cf2430

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\31976

Filesize
11KB

MD5
0981ae82daa91e3e832d03d07c42dac7

SHA1
289aa71bba92065592a105ee4f8802825783c7a1

SHA256
f23c64090fcd8861fb98de9aeaa2ca31c6c236998204a428fe9403280f53fa0e

SHA512
5f438d9b36e9b2b1db7b9a05ced1b84ffba5db18bf18f4fa0d50d0995e12c481159db51beb64b4bc3423d347d4ec06df76265f87a1f48b4c95e2402d0c54a67f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6405

Filesize
9KB

MD5
5713e4a275a845d12c87130a257c6ab9

SHA1
247a51b96d08e56ab5728eb6e7c257e71a59545f

SHA256
f7153390116736add0c161f1b76cc6336ef7675941be9344afbbd09ffdb83425

SHA512
cc85215c2bdadfbbf80b2fabad272ab1f6dc6cda24c03178adc083f851fd6513e1d781c3c8a90cbe7bf5d7c74ad8d9722335af43ddfc102aa049f017f39fc77e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7984

Filesize
8KB

MD5
da9115717aba5ca7eae15b964a45405b

SHA1
70546e851c01789f9366503756e793936d75bfff

SHA256
cf0a8d5c2fe0af318468807e850aa6fc87ce8813ceae71614122aae9e289ef30

SHA512
7edb726b343c67579d6482dbda9e3bfa2f05912d4e4a215f0f6c8626683eaa84305b92ed0289708dc2eb75cfa7559f3fbfcf812426acd7ce59aa3a05b575e172

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9845

Filesize
7KB

MD5
8753d4b069f16a3deaa84fb3533987fe

SHA1
13e8c7e66ca500cd6ad3488064736d38ba3bc9ec

SHA256
95207e46145f7653bc89038398d49e8d9253bfa52bb0ce86ce737cf792a445a9

SHA512
eba536283fdc51e8124c9cdce92d758647eafd8346733e621dc783290b3d6216b39492438ab9bc778a0c2b07275ae3b9e723f51df3f7ec2034226a26ffc7c2f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9880

Filesize
9KB

MD5
b548771c0bcc4a2a18ed36cf725429bc

SHA1
02a027062a39107a42c96a416477e132016e7287

SHA256
7a6bd8a44745eacb0c1b4ebfcdcffd20c0a19f5d665406acd359f38e30f599e9

SHA512
d8cc27f54abe5e128be2edf03bca4f00b976390c8d476fe97690bd64a2b502bc9ba9acfb78ac9a539fa7b46688b72050db759a4a98fd49aaf1fcf22758439238

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\090A4FE4945901D8EE5AE849568140BC6A7A7FB5

Filesize
436KB

MD5
cf80e73b16bb843924e12d3ccf5f3510

SHA1
aa394006d3220a52d805a462c5ce14ac3a9fffce

SHA256
08c9c1d51efab82613baa84bfeafa85d0a0c45f9a5822728da4c7f782c781286

SHA512
0242b0e8d06f0530fdbbdd7d46e2803b4a5c9c9740338f177fc5ae4e0ad061018264b6ac82879d8eddb71c7207bfc05bc05be46334cf6912f0f2cdcede52ee6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0A1B004A7082F15CABBEA740B9F8892B5613CEC3

Filesize
46KB

MD5
39f3c093ff566202fd8667296dc3ffd4

SHA1
bf4dabd2476050104a023a4e7371f423c9861be0

SHA256
e62af174d6980f4a7ca66bcc2a1a5bcbd15498f3406a2328672ffc993db14367

SHA512
45831abeaf96e89df1c42b258dfb6355dca2f146df1169439e6011edb679d1ae327a1faa3994d56666ef5813fee2c3a4af7bca7868e329702b16bb7abe0a12ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2C4BAA6F19DAD1966BACFFE00E8A81C718359637

Filesize
13KB

MD5
7e535e725e61230cb5a84c462d50b40a

SHA1
feb9752945f3bb00ecd25ec3ac00b562e6d8b08e

SHA256
bbe17c4b06583c487f144348f0fe913a2923dc4f07c5fb5780c1439fe39ff0ef

SHA512
aac299c6eeead9c733b10df502f345b01e389e1872253ddca566f29a002628e69c6fe18002b2adf96d211f3d81bdae1c3b9647826322d22ce6a628289636cd33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3CAD2CD1EF7885339466EE1E33B4195A7CE143B0

Filesize
1.7MB

MD5
655f388f28b60de50e1f34272ea4e3e8

SHA1
f4c52cfe0f5cce5e6c28e782013be3bb950879d8

SHA256
66047497df93cc53081a189883964f60bf8426ecb498e706d44ccc01b2613177

SHA512
c32ba28e9601e009bebb471b3969462ab42d5f09864bcf02e81eadd346fc334a91570cd5f6e0301744b6e7ba9c11b981a31a542c01a27262a8e321768aeeae70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\404548FC86095AC471E00AE4B45707483239B5F8

Filesize
47KB

MD5
54e0747a3208bf3267fa5b2b0b3f09bc

SHA1
7e9c0954df141cdb0ff39f941356163ee1e3af43

SHA256
cc9be9f59546ead6c0d5f344ce1eb22b18ed4e4e673e57da1bb882ba7260d531

SHA512
d198ede1c7a19a63979aba712c2b8a1f63a6e9b8488d0ca3662cd76da74cb0b818457e503d7e8e8b6cf5341102606d4046305b7c3c915c9140f53ae394d7fe2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\71B38826CBB38D4B67D21952618CC7AADD8620CE

Filesize
40KB

MD5
20ee45ace78834a85227de642713da1c

SHA1
fda7475f9e38762edba5311397f5b4ac0377f988

SHA256
e4ac64a24e7db9317ac8862e97a48918bcca075aa197446f5d7a6091e67fdbdc

SHA512
f10eb7147e101d4ae1f4f7793a19f696a9d5cc8f8bfa76181d530073598d199a958d9ecd0e0caac8fb08e80e1f10b41116b12d1f9699bc03af2e270164786486

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\72A08381E9E827A11B49C3CF07FA81F329F5F862

Filesize
39KB

MD5
4decb4bc1d0dfc9269a9d836f0752de3

SHA1
ba4cfbef1f5e4a7c65d50ec4c9187e4149970333

SHA256
5bb15f588bc7d714a145569d9d2550b9d0ae93b7ceabce07475c34984fc569de

SHA512
10bec2af43947217dd8af6b7ccd46f2f1b8932b1cf362bb54b4e5d9b1eb95d11fd030993bc1cf81598fd6705a748be07628c2de075db488d104a3a2ff6c60958

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\783AABCE27F37965B7F9690D0E25843F6C9CFD27

Filesize
69KB

MD5
58e6091e0640d5e36a5e40e4e90f147b

SHA1
0e55f58970af15ee1351fd91621b626c51fb3896

SHA256
585c8c7b0f4f5261ee32c469ab9ed3ca736199933c09b6d3b180ae3e3f807173

SHA512
6d5d42d7f5532a7233986f352e630a9a180821fe826b128f035dd8e36727fd8e7a6c6192a69c6f758d71eec45fdb06e5f754718e785289729a1733f2940b8e9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8BD89F356F1FBB3CD03E50A248150834CC46F598

Filesize
49KB

MD5
f8a57569c0e20391d7e958a43390f779

SHA1
f2f6de46ada90539cde4b4469d007e59318a04d0

SHA256
a9dd62013457a7adf22957c689dc9d4beb0ccbef4811a8b84d6710974ffe4c88

SHA512
a66bd944b0b9a59e36edf5ca086f4ace7f4e6c9cf00c096bd6f76fdaac33bf245cb11e02e56da101902d3e16d194a1744f85f92385810ee75100eff842756714

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\95E2E420F06627CCE0320D00C71AF0217486CCE9

Filesize
47KB

MD5
546a345b0730817b35a155ff8d703f5e

SHA1
55bae9de9cb291a5c38c96d8f23b5b72d5f8b32a

SHA256
1d39eae8bd6c889014cc701d0eab2840097af940bf48fd369dcfa87f6c1a5fab

SHA512
b472618a21eb400d8a7479a89f6cb99f701d536590ed7531491bc0d70be8ed15fdd19cf4e9d17eba87cc84ac70c2b75288c96b42eb81fa11de066313f97ba2f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A51D979ED1200307D2B24C5E48B9D8C2D85F2A48

Filesize
40KB

MD5
108f627dce8070a43e09785b931b75ec

SHA1
198b50182dd415452b383768733160021cf0254e

SHA256
658625f6d06c38ff6e17a6a00c77fe113afd1ad1c2d130224a966e5aba065535

SHA512
5b1f01a01f4b6114fac53d2ec400fa2349638015dfd86ab0b2221f7f29672bc31a305cf543190ac9389fff8421ab0aeda8324d5ff9f46283f333d9a7b68ff44e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B99B020AC5BEBE692D6300E3CA116CFD078653C9

Filesize
45KB

MD5
3ce7f0eeafaeaf90e5c620f14fbfa0fa

SHA1
a984b6e17c9cf074ae0149e59a0488f421d8d3f2

SHA256
2abed14a218af46991b58e51f3b223d53d9046c36c0d2eb7e0512d6fc83be59a

SHA512
291c1450b024f4b6490bb0656e5de52ddf493b964f927091664d87870a3d7e85f51f171bdf8a8d963cd888a79599ae48f0ed970df4959e6c287446a8b934aaf0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D9253D4ECB5A7267220738CCE027071FB2BEDA65

Filesize
185KB

MD5
d0d91a992872b0ca03eba3d1887c6f3c

SHA1
9b6660e3b7f07207032b113e43651efb17e81934

SHA256
68a553bfbe59b94a44e972e5ff089fee367a7c477c4b4b96e4d5b52b22d5c39d

SHA512
b669db1409474433175ea52118747df8089072a9307dd5269cc59acd4e70f3935c53455015a49f3589ae46321c65970d2e53532c467bd344f97b60fe8315a68f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F11245EB3A32C7C4503066EE915EB570A0C0F5F1

Filesize
40KB

MD5
4ec967e6f5f547ca6b3963a4bf48c362

SHA1
0408fb16b03b4136c196c18a4dfdcc8df4bec294

SHA256
77e31cc4f917d14dba53e14d4cebd4bd40a72ded6a3cc63e0ff8ff172c7bdf30

SHA512
9afb4bc37f9ee638d1730958d0ab5bb3788bca50d768ea46356b81ed43cd7f4406151e758ac8b3cb085c0b633b58f1ad567144deef61931a531614324596226f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\iI1TCmGiurNc6rcJCUzE6w==.ico

Filesize
609B

MD5
6e62ae713951b6193d202ddc3d2152cf

SHA1
abf75bd80bd84ed39792adf69dddb5a8b3b84bb4

SHA256
e5dc5320473de19e5255f32d0f9f352fcc23a03c254e82511999deac249d91cd

SHA512
8dff4541bb496449c0c0e93a1c60108dff8e8f7cea437b8027ce51bc22881a687597c511df4c32cabdd1c165aeb46b89c410e58563e18c449e84eddbbfa8725b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\8b7e759c48456068ad85aa6fc0ccfd89.png

Filesize
15KB

MD5
ad47c46f11d4f626844c3db6646551b1

SHA1
efa024b33de65de834c895e5ee70b244d0d3bafc

SHA256
97f4be4c95487e8ed17ce9afcd5fb1ff58f2ef7a8c6ac19aab254ea183e44446

SHA512
95633a21ec914b88a507df90be771dbfe9c4ab80bc5b48706bcdd94ac80449d29421b042161d118bea29315b69f0c2cba9142179e5cc080e539f2850ea7519d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\js[2].js

Filesize
321KB

MD5
c28f0cd885f6b689452bb8635bb59745

SHA1
e952b00a7e97eb2f5f47ebb58ffc4d00aeddc0d1

SHA256
29e6c04c46a83b73b5204b2815e351b015b6602ec769bbb3ba9c8dad9c8052d8

SHA512
9046476697b22318ba7229019ca0df4c666103b93c764ec29a6ea9c803568080512afa348f170c89524f317290c988817efd189de2049074bc1fb5021dae8ddd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N7G4VFV9\www.mediafire[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N7G4VFV9\www.mediafire[1].xml

Filesize
1KB

MD5
4856bfbf772724626e4b09d1130137c2

SHA1
f5cde9d23f1e2b2e9e8824d21a6b151a7d1eb675

SHA256
f1c43c76a4bef3fce3e75335589c9fd68e8f85e4cc12a5cc7dd7faaca8747ca7

SHA512
2be0faa540dbe9c05f400f9c6d5a219469cca69a80da7d0da4f3953532dc90f9cc419e1c2a0ac7c49e6ca47968b9344e657926d834eb2a5fc911ca47562a95ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
63fe0734a66b86642b675f10aa15b0d6

SHA1
2ad6b4316c53a6a9094a608848ebfbccf26e0816

SHA256
87b49467ac0e321d929a585e1572b8564225d8ef06035d950176c210e520ec25

SHA512
1f23f6b75a301452b0e3f447cbc83d2c9057bbd2d8bed79d2bc1401c17d076f9df7ba74cb3989fb7c2253557523efb636266a2b37183670af27e4b858db40c57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\8Q6NA0Q1\www.bing[1].xml

Filesize
97B

MD5
e8a046ca1ba5a0918eef6816b6b917d7

SHA1
404db0f403f0e72aa926dfb01bd081f41fe55505

SHA256
82cddff5043853fa033b8469a53fd06c7140c920ad5efd78be50d07ee5201c3f

SHA512
f18206534eef3c567ece432e6a26ae7f1b74f1ecf1a560e7e0d02ccd96d35a560b41a5ced5d9bfc08207eecb6b8917cfbda7674d2c069fc673753c151481b561

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0NRUUY3O\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KFWMX5PC\favicon[1].ico

Filesize
10KB

MD5
a301c91c118c9e041739ad0c85dfe8c5

SHA1
039962373b35960ef2bb5fbbe3856c0859306bf7

SHA256
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

SHA512
3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N8F2V59J\62fddf0fde45a8baedcc7ee5_847541504914fd33810e70a0ea73177e%20(2)-1[1].png

Filesize
557B

MD5
c309ae41848547064c2ddb7dc66b6215

SHA1
6d9801822541e4be3ed25137c4e53a249c85ba2a

SHA256
11848b5f1c8a7f294c6211c2f0d0dc83a8a28bfe1ef0829a8dacfdf475c5e5a2

SHA512
3ef32b52e7070ca0fa9a8cf06e49fe43d67da63fd3a0cd0985363f6223c758440a44e65c3eebc7d6cee0b1ca3aedc4c6ee78b7167fc4136d90539d6ba18d030f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y3KUJMYI\favicon[2].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rfyap6x\imagestore.dat

Filesize
20KB

MD5
c0794cf4d548a59691f4952bd2e24767

SHA1
65139561fe14d54a266385ffad1140e4d7bb9af5

SHA256
0db93d4528aff930fb9c530a8c2b58d69d5528d08c66dd74f097d27395eac69f

SHA512
5c460b04b4b8bc8f5c325c8b83b7b9d9e24e1a474f4964cbf8c633cc941f9bd61758a3497c19d1868ae91b7062034f582e24f73bd81cc264c64c310aa61381d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF001F13F50C2DA129.TMP

Filesize
20KB

MD5
6a4a3b93c9a23751e33f5451cb8aab2f

SHA1
dc598b17fbe94e03b3ba20ecb3d689b5ec149ed0

SHA256
df2dfff8b463eb7fbfcfdee67b37ca7e2272a9693c97994b03b8ed11646a2e77

SHA512
867f498a7ea346848fc359ad5dc6253fbb8002a0fad70bcf78d89865593c346c68df32b109ef80638633bda8c6fd8f090e7b67e3850c707d5e9dc2646b1c34bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\6257bee91e6309a5a6f6b994_arrow[1].svg

Filesize
179B

MD5
779a770c34fcb823a598a7277301adaf

SHA1
b5169ff4a1b4c56fdbf786e499036b9442b41a83

SHA256
34141e9a95e611f7ba839276d4fbcf27228af1a3a903c2724098fab7df60d447

SHA512
89bcea391ad70911ccfd21fdbecf6a58fb83daea04ab4e94d0c437341398ab1f58f50f11116f460310628642253b1f598cab7d674959f6cfc7c458430bd1a727

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\6259470cb8f7d17c38408689_Frame[1].svg

Filesize
382B

MD5
2a9c7b2a2bc2019fe64d96ee0e781664

SHA1
4db20352c51ea52cf1a9fa011f349186dfef4cfe

SHA256
0e7b403083b9afd128ff480912ecdec1eb4f6678b0fd97c0f2aa3de007a7aa73

SHA512
3b46e93c106f8812f5e24b4e936c02cd044f06008391f231f7e8ab484081259897a5b756b873ee25fc6a07ad547414853b37e26dbeecdc477d06bea3531e4c29

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\62594869635af64d3e8a9a63_Frame[1].svg

Filesize
281B

MD5
58a910b05b4782299b2e6971b1c9abb0

SHA1
8b6ecdeb665100333e52d0be1c1384dd261c1325

SHA256
688a6e2a69c1c9f3d4813f470b9af683943401e30e366d620cad03a5f6cf070a

SHA512
fbb2e3d9b343a05b5a8dcbcbd1b24d16a4629a8c85de72416390e311b4dd9a31a59c4206da666bac1d97b6cbecdceb90030fc9f3e04307f605e0e8501adafb6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\65a4fe4152ae5860036dadf1_tiktok[1].svg

Filesize
850B

MD5
1b8105cd54e8b765ed7c14cd03b13ffc

SHA1
df1831a043cde667235e377cf676bea087267ba8

SHA256
a54dd14229eb7620122795906a032e83c1d0ab1d68ba2a02b0e82c6d95aa920c

SHA512
7901f1e3c9f103adac60941ca25f7b1062f714da67347881d3f3e0a0ae0d673814471f748cfd376eae453fcbe626b5fb750c8e921fb3063c8d4578f267d58c82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\65a4fe4173c1df8be608c8a2_facebook[1].svg

Filesize
541B

MD5
a77cbd313cca7494393b7a8ccc20fa16

SHA1
7873910ea8fabb41714dcd7971d993d1fd4e92cd

SHA256
f273cfe983f2a4770eca6bc5f8f2497fd977c6c6fbc62512dcb3e0d7f50c0fb6

SHA512
bc562001734cd3e57f0fc07afe59f18dad789999dc4975cef4308aa9fd10457653f5dd836ff5cc060a27784a5f1e557c5a6b9c3a4d8853eff1f387ccd41f4fbf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\65a4fe4237b6a1c4fa714f76_x[1].svg

Filesize
445B

MD5
91ce5945e0716b8f27aba591ed3ce824

SHA1
1f3f7de1540d7035e0eb9b0fd4f6c5a392299ee5

SHA256
6aca116770784adda1b2d9c3af6e1a9e49caa9b99f8b9a42bea0e94b7a9a6d99

SHA512
7d0bc5c145d7f08c29c3441fd09a9290f45f11bac3bae9b178cbed358643474f39da504590090595ad4c7ef03005e4a10f456202e6a228bdf21c4eba5dc9dc2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\65a4fe42d907d27f3dead7a0_instagram[1].svg

Filesize
2KB

MD5
456a1737b263ca0ec63b760ac332ed2a

SHA1
7d14e40f6005aa7d7def7ac7ec4edf64a006f01a

SHA256
a1b45202d101bfddd602ee47ba40241ce0e7158cf67f188bb8b07a7d0246b030

SHA512
925fd709dc5c1fc4d069b5ecfa312e2458a76c6cd417929197b2af2223f7faf6b2953c36ac3471ac9d2f988c09eaad6e1ce097b4f1a5cbd390ec2d1e149d7435

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\65a4fe42d907d27f3dead7ad_youtube[1].svg

Filesize
718B

MD5
341e1594d600b55ff2302e0169b321ce

SHA1
3737f440867b0a923083526e8c393ab5bbfba527

SHA256
b3178521980bcfebb81b30695fd225922fd5e10417d91e0a65b17be499f35681

SHA512
1d323866fc82af0f9c2f5334f1391a547e90340b81eec8907a5d64ffd2c5a802a9ddad0aa3c32a28f4e444efa538eb0225bb472ce780a7f026826e2db024fca6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\jquery.min[1].js

Filesize
87KB

MD5
8fb8fee4fcc3cc86ff6c724154c49c42

SHA1
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

SHA512
f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\landing[1].js

Filesize
1KB

MD5
6873ba0d8e966bfe2f6428009c1f4255

SHA1
4db49fba2d81920a64192997c693e94b857886ea

SHA256
17184c99c6227c46e9e0550667946e3f55ad4bdd1999c05f4e3201083e9a5940

SHA512
95e80ede3bcb035b98f9f744b156de7cd9ce3a2bc9fcc71ffd0bb35f3a03e051718cc7eb7676fc83541c1cb1e4918e5417572a7f5f8efc51d9a5cac6a047cf4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5GY350AM\webfont[1].js

Filesize
12KB

MD5
7c96a5f11d9741541d5e3c42ff6380d7

SHA1
d3fa2564c021cf730e58ffddb138cf6b57ed126e

SHA256
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

SHA512
23c162a2e268951729b580e5035ad6ca9969cfcc5ce58a220817b912e76b38be6c29c3ca7680cb4e8198863d95a72ea65bd06ff7189b5c8475e4c1ce501aeab1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\625bd8c9aab9924849ad9c5e_a188414ce83f2454b9d71a47c3d95909%20(3)[1].svg

Filesize
1KB

MD5
a188414ce83f2454b9d71a47c3d95909

SHA1
4749daec1bb855414543dad2d39bce25200fda84

SHA256
d3dbc7bcd233bfac8173445517b5683e18f6ebad9d025493d37f3f26a8259b8a

SHA512
397bdc0313eca7ecf2d231a1570423b9ede6246b5405f31462fa1cbd50da5498346d5d438946ef60399ee1a3b5fd31809d22477d150fff89d25e23ddfebecd9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\625eb604bb8605784489d361_Discord-Logo+Wordmark-Color%20(1)[1].png

Filesize
10KB

MD5
029465d587d72908707c455dddf712a4

SHA1
8f19b431921274054798b395e0e5fa142cf8060f

SHA256
ba07a26e373001ce1881651553c96628d67c4f1da5ac5509da9d2442f4cdc856

SHA512
e492b7866b21ce4f4013d46431bc27f4f9c223dc728ca74b043f1378879f82380fdae97128d8e4a74b2de7bfb40fe7be13e3c3871ac56635ae404abf300df096

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\6582c1d8348e5c81ca608138_From%20few%20to%20a%20fandom[1].svg

Filesize
133KB

MD5
f8935a2b7fa88fa4bb704ed9b6ed6443

SHA1
bf671843f41f37675aac8ec0ffb246b3beb64b47

SHA256
a9711e327132859120ca6067f2238650aa8197c730a55b6dac7f8483c6511eab

SHA512
5fd1c81744cec3857ee067b5fbcb311877f99ff5d8377e890cd9576decad3e49f3871118d31fbc7a017359e15dc8e15f739a1c054c3580fbda35c2e69210bce5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\6582c202770f02752be44796_RELIABLE%20TECH%20FOR%20STAYING%20CLOSE[1].svg

Filesize
98KB

MD5
faff5de6925e490e57df05515b391510

SHA1
ef594a61bd3d42a712a653afd536b3b24629ba30

SHA256
38fb50ccd630fd9b2b180e3256e7a7cddff77415a2c3d332c536efca822dfcc0

SHA512
15030e3d2c403d224d1c8a37fff8c60c7d6b7124b225c0c04a4d4e3e89e0af73dd9e5c3c95dcc2e9c7ae511d0c88df6c687719d2dc874c2c1cb7ceb0bee29dc7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\65a4fe10ef3e439bb3365f6a_Arrow[1].svg

Filesize
463B

MD5
f88ce34ce1d68690faff97dae2e124e5

SHA1
f074903b06937ea7dd4f0334c7ed0ec7c216e1dd

SHA256
829f0286bd3d768461cbc1b5f7c5ae75580d318379548b4ba5b2e8606a5a12f2

SHA512
5a102a0be672a818192f756d3c52ad342dea2cabdeb461c6dfad4499103fd50c028d1341e07f57db8dc89cb81786e45a62dfdd581dd51f60ff50a2acdc67530c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\discord-2022.a3a7eaa73[1].js

Filesize
2.7MB

MD5
a3a7eaa73a72e0ecb6aa4f947ffb5c37

SHA1
ce8932e84188db442c1852f480b99cf07d188ad6

SHA256
3d8b75324db16a0e40baa599f0b8b9436acbfb56cb689a61a2453a267bfc9248

SHA512
222f53e0db3afae749b70d6e19df9199eec894c7d320ac92bb8a831af67fd5234143203419c84f7f0310857e078a5fa91f148807944fd5f6fe6e24834f6f2b59

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\ezyzip[1].zip

Filesize
32KB

MD5
528e3cb2086f9cb53f3afd195494b00f

SHA1
94b77d106feebfa72116999d5d0a9b85230e3d89

SHA256
9438475a15d775aad8f7dd48adf9dfd682a85eb0012c1adb60ef3e3a5e1d72e1

SHA512
92852c7c3ec3f172e5be0639e1edf7e0b267c2ed7ae11306660dc74ca982e05f931eee95032824b9ca4be5c446c9b47d0bcda885157e65b0e6a754e9fcafb066

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\head[1].js

Filesize
8KB

MD5
5f85c48349fcc177a601c0d2910e2b5b

SHA1
58804d25e4cb6bc4a77506c6d36db87788ff6966

SHA256
dd53642818deded757546d764295563addb95b0713b4f2352e7209d9f72942e0

SHA512
bf523ba7b2dda347bc211f9e475e46457faec15a69c1214aa86ed735612655ecb0ef711e7ce67dc2abfb73ad5f7673a16a74aaf5683cc5f461358c4a67da86bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\localize[1].js

Filesize
61KB

MD5
ba06239578773f2fe5bb64a045ce5500

SHA1
1aa52661d072acaea06ac04e624dce61196fa1a0

SHA256
f563bf268a89718a4ba182f5ab05d5913ccc772b3223083cd52c396c26ea1a4c

SHA512
860ab2c55b5459187c0ac3bbf37c334ab049a25b3c9804c7e369603c60f10e920191bc6ac88d8be5303ac2eb9a2f5f8c671f9598e3d7a46385bb525dcb88e099

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J3QUQTHZ\otSDKStub[1].js

Filesize
20KB

MD5
5b2ab40ec5c55209f5747c46875e2061

SHA1
c86a5fa5cbc45390f38afb67552bde9e167d45e5

SHA256
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de

SHA512
33ea20a469b0e954e4cb5f565c52c80674248fa52e48cf0a307e81371a99136f94c668ea30ff74faa0c0ef3bdd25e0f74e2586b41ca39717ce137cd2321c1026

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\6257d23c5fb25be7e0b6e220_Open%20Source%20Projects%20_%20Discord-7[1].svg

Filesize
6KB

MD5
af172fc4474c781e2dd37c0bf905e86a

SHA1
672aa7f75fd6c70b6376f6ce8efb916dbf6ae11c

SHA256
0bfa62bd7d54fca0e95f9b1abef2adac380d17b4c9f47805414c7a23cf2b3bbd

SHA512
d99111d073a8d4ea29eb92c7521217535cc68b8f057edc6fd57fb7adbb90bc26eb240245d8384bac10419352af08d900f6a2fbb581cff259257ad7c5f4666fd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\6257d377b13ff484638adb92_svg7[1].svg

Filesize
6KB

MD5
ac712f11ae3b163866a89b3c0337d6e9

SHA1
04e2ab5169ef4ba5e18213e09cc274ba046499f7

SHA256
a36a24477c0f5da4bab5d61f17d1d48ab935ebf50dda88fb20d647e890f1ce23

SHA512
855cb56ceae4310c27a26da12f570400973609fcfe93a8cc9b44c9376b0851e4cb4ddb19b16d68483b27ff9d55453894ac9e775fd2828eca9d3e837828de4248

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\625846fc39fbe53385840143_1%20(3)[1].svg

Filesize
298B

MD5
9b9f4a569eabe355ca4d4141c5086647

SHA1
95ac360dc0794c890690e64b0bce84f10303b001

SHA256
133b18d12f83e66861eda17889dc9797b1de10d7503b7cbbf43d3a1d25024150

SHA512
ba607e7e59d0cd05adb63efa511c1477455254900dace2329860a3611a9080b8522b2bedc05b32acf38e202a0ebab9f0f301ebcb33522c74da9779743fb2d22f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\6582c18a9cff186bd3731704_Create%20an%20invite-only%20place%20where%20you%20belong[1].svg

Filesize
131KB

MD5
6663c28b499d1b41349dd9ece236019d

SHA1
255c673856a356b69a5fb350be10d820060e1daa

SHA256
2ece3e7e6e793db094c668291381d080f313a263c7cd6a548511f6b75a57f1e5

SHA512
d7a60ef6eecf50df7050885704cb48d3a844ba4b8ccb62787e7780b1020dc47024d0c9a47061b3696b82b0970d0c104cb28e5d7c30075bfe5ec475bc7aa494d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\6582c1b717efff2306ef179e_Where%20hanging%20out%20is%20easy[1].svg

Filesize
167KB

MD5
a22034070de371342ad1044d66386e10

SHA1
0d559d7adf675cd33295d7d03361959bfaf3d73e

SHA256
ec214111a51a29fd7df667ea1f9b6998e84621873672671d030e88dd92372d60

SHA512
d2093a7006efe52e20eede5c321eec56849768b1c6c0bb530ac652cfbeb201d3a45ea7af87c2916d28462d5c71a8542acd3f1e4426032f246b4d0923005a55da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R0FKS6Y0\9Q3CHWUC.htm

Filesize
51KB

MD5
719b2016c19f64b4301a917d7bd6db1c

SHA1
f080ab5aa05adbe6495802e3c8f1b00fa5ab3cfa

SHA256
1993251be867e24974dc84a5f449a6e061a91825936dcc12bfa7691afeec983c

SHA512
b71e00207b435ba536e3ccd7628bf38ef4b55f6736c89430e7a976e285458bacb9b13f5294fe2c0251dddafdc5ec1ddf65e2c3dd27dd994cf486a089e31ac4a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\644fab4db9ca0a124b73d4b7_c40c84ca18d84633a9d86b4046a91437[1].svg

Filesize
59KB

MD5
c40c84ca18d84633a9d86b4046a91437

SHA1
5b82d7686f8ee989d13bbe54938ae94e64cc7db7

SHA256
f19a3178d88ee8de6f4ef47c0e9992059457d91e24204e5beff9602c1179f99b

SHA512
a8ee8d8724c252f467c9c48c80bb79359a20fcdd212c225c90c0e27d610bbfdd8de7e446db84de475d6dd5d77b5b167a5ecef27aeb7a78b0fb77c12ab84c29b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\644fab4df2dc8d7a9a081ebd_8a8375ab7908384e1fd6efe408284203[1].svg

Filesize
60KB

MD5
8a8375ab7908384e1fd6efe408284203

SHA1
c860bf9ebb02c0110e452b0d27b21d50083dd165

SHA256
0863f0e2352e91b8f69c16eb1896aa0cc802ad66efca43f07ad6810da239025a

SHA512
92b6835d4d52789b08eb4cda75f7b87b5a9fdbf007545755311e6c46caa6814886b7c041c4f99673777c43d1ca5bc81f51d0dcef9948c4751380895c93260529

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\bodyEnd[1].js

Filesize
11KB

MD5
cf1fcdb5511493e70497b458944e1358

SHA1
16edf79361fb9f6232e78fe790e05afc8c0f22c3

SHA256
565361427f87e795807c3fdcf5debe1dc807c6edbf5f5e57a10d9c9d593c9a1d

SHA512
d1147281ebe2d5c9cd89cd4484f22a1094d396c4fc4d5bd6609147dfc10d1c6f1c3a5e6244c1d08520ec5e53c01880fa52f641cab9573b9b6bcd1d0cb8d6f7d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\discord-2022.32804cacc.min[1].css

Filesize
1.1MB

MD5
32804cacc517126bd3d4200634902954

SHA1
ac66ff9cc4d916e132fd66872b3950f2fd7f71f3

SHA256
9243d963f1e43a3066ed7f01e506cc8edf081e24f2b9ad60fe23622666c73884

SHA512
5dc3ac1a19904249150c40b1da123f2d9567a38cc5c00fe497ad556c4e730fa66f1fa7340e8c654b7da62290fda759c5653be77dad442bb275f2c958277f1363

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\jquery-3.5.1.min.dc5e7f18c8[1].js

Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZK796LO8\loader[1].js

Filesize
1KB

MD5
7bfbf306372092ffb9a8f3701b9d885e

SHA1
1a964fb16e4e607f3f6d59e2c4d7cf7e9ace60ec

SHA256
af6a7f727c98753323bbe0462b2de440c86ec427698b5d185c6fd6bbfa8ab9de

SHA512
d1a64e788a916b85ba5f6a3d7e193840341e00650564178845f1f9876f28d6d3e598faf292927729afb35ad03260f137205319c3ee94e85fbb857ec63623ac82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\593MUTIS.cookie

Filesize
90B

MD5
ad40505927ca10b9655e600a587edd20

SHA1
fc3087b81183ab8e7529101719ee1a1dc674d02f

SHA256
a47bf8e4bd72813ba4bf377c86b11d481ad4b8ac6dde3848aea5e0989dc6da23

SHA512
5b516e45642011ebcbf973330dda95312671d83f8ea4ba029bf34adb71579428385206cd86a1ea3b7ddcd4bba43c38675c6a21069a9ffcbc3e01cd6e6a892021

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8K9P6PPA.cookie

Filesize
553B

MD5
c83e7d4821b5640d1d350e24d730dcc1

SHA1
3872f4802ef396172ae77fdaa3cf19e8e17d70ec

SHA256
700f421c7a5084fd0934fa0524d5d76f119588550f86d780eb0dceeeb97df084

SHA512
0fbbb5c7d6a89275f7f774e3103254e413f2510c38327a18ddcefdff8ff3fb84333564b37450271baf1953d16c39469ae2b86d10be30e3ec3676684ab78fe1df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D7SR3N4J.cookie

Filesize
102B

MD5
2976e80c9e86ce4395d937fa2a9eb23c

SHA1
824210e7c8a379542cf1279a33e8dfed2c022533

SHA256
2fa8bf000635940cd49b728985a871cfa7a4e88c3d37691e97d72a7d6b30862b

SHA512
32e4db3a768faaa8ac69fce4b4561c5f32fa2fa37b58e8b1f6d63ff26bac8e223ee305d275c90279a9652800fec410b0fa90b7cac12d9fd3cca1ef567ba6b013

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LEQNOQPL.cookie

Filesize
213B

MD5
51f1c89ea02e00224a5029176c3e5d23

SHA1
d6351507b7ea3abf1d07750ceb0771991aab0cac

SHA256
419c88f84574c4d38ef6a781e2035fc73d954e7c8c411303f30d748e42c6ccbd

SHA512
d1e12e60055015cff38c503abb54d8bc8f8f87b6f04482c64113a4d31d1427e0704021d96de940ac4540726632debb8c3f6e666595a912c0aacfd9014bb6f359

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WMP33GSU.cookie

Filesize
173B

MD5
627f8e29795a29afd38bd941861463fb

SHA1
6583d29c0ffe298433a284b7b2d77ebf371b810f

SHA256
213964c39e46be9aa91d2e92a62b5835a3916f3a9f0dcde2352d542cb6fd9f05

SHA512
089939045003a66e4bf5c06ef98c65f11b3b42d0e375ad08d5a73d3362100f90461d5028126f35ee51b31d2317b8a874d89bea3cc0f0bb954362a56dfd3f984b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
87945e7422027da55cdf289139395121

SHA1
90ab4147991d80f45f36ecb77dc5f371c9bc5350

SHA256
615184b7606cde13ed61ea96742d144a64624fd118bc0dc272c5c6f1009ecf67

SHA512
a91ea86d2f101b2f1b2f19d62db7a9293fea0cd8f3cc2f20b171cce41aa07bb34707e3d1a6b6a7b44ba6d8b28c80a9f099b0270cfb490989c456acabb830b477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5f8a57d43d2c9bb4f19fac37d4a16bc7

SHA1
b592a28d89ca394d25ab1e92406033d468ea2ec1

SHA256
e19d65c0440adf6d57d81481145b5e61ff4f291c81136e610d3d0926dec85faf

SHA512
51c5ef2b2f2843c991107848e3739814e219676aafc1edf4be7618166912036c22487f05d64cc3c2ce85585c1b474c2e841a0d15450fd3631891e27965a58a1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5C77EC0FCAF0A83EAAF0F4351F61FA27

Filesize
472B

MD5
76795a156a035cbf5ac94eff31227104

SHA1
eb999c15eab99be7012a6c12c47efa0f9b3a26b5

SHA256
628ae9863e217cb826a79614df45a532704c3c708bddf7c7d8e3c2b05f4f8606

SHA512
fb36f0ac240aa763f5ec1f89b1a4d695732d2d215eb81df2206fb4d6d5793c6c047bd5eb3f6c7d30b230734f6a8a83ab11d57efca73888511030700890822b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
437dd6e35a3903631b4af13b9a7b215a

SHA1
c27022bedae5502a41b940b4e51925982b0423a0

SHA256
873683fbff882788d88e4a8cb33934b97badddb9c227b3d236929aab80e06ba7

SHA512
540a039a69c0661aef3382c9cc19456886ac068b9d3474aa783bd4c70a226dd077b015b018f2b0bb58afd0c34b892e9251a72c1478d77c4ad2a2c8ad9a23afdb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
37e11f683aa3e51761b07461263a21a7

SHA1
ddec0ea2c155a2ca944da3bcceaa81eb362ddf4b

SHA256
cf6c9e2e863941d32fea8bea4360ac2b5b94b5ca8b2977813b5da77dbec952a3

SHA512
e50a97d3b798c4fb45bfb147c03de25a312d7560972cc0493f8c147335685560bb0df5cce6edb3c69d7063b2de1dfee2eaa2999dda36aa1e5622ff311467fa2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
956e102d25412eb871f3627cbb260d1c

SHA1
bae04313b43b2550f942cb16d22166d000e11de7

SHA256
7c8554bd204b34b38b7c4ad9c53063de544bdc70de5d1c8f68324c2a4e4df73a

SHA512
34f15102aa9cb73658088a2bf20cffc7f9a00a5df0afce251160f66cc492d7190dc88385db0b3be7dff3431355a95989e918f04551028cf98ea59f560fba3f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07

Filesize
472B

MD5
997a568dcb6b2f82e315def2adceab82

SHA1
b39a39ca2eaac84b252a2fb0ad8eb728adb86ff6

SHA256
c5babebfdb57dab8fe519de3c687c9db05d6203bf4f7aea5b8c9ce625cdb2eee

SHA512
7aa5150a58c46c22934f0b5da235cef8d75102f17e2e229c92651d9f4790d75d9c97b8e13290735523f3c45925d8bdaa01d96874330019e32d9900cb9f8c682d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
df9d2011be5a40357e9b63d8e80a2629

SHA1
783451f558b4a726f2509a834994d7c87ef20f80

SHA256
88265fc4afe4cedfa58219ad5040836182c4e185a692df502e76d48e7ec7d334

SHA512
3617034d2b21192e4a97a1fc7da512800b85f05eda3c5e9445796f0d70308579d59dcd7a21b9b8456f594f6f5e72b3b503fafee67f05205c2d05bd0c7fe0b61f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
3f7fe41a21787747b10078cf2b9978ce

SHA1
fbf69129a56df926e73da5a3e33c1510e150d365

SHA256
91e0291ead586b15d32ec07c0c0e257623ef78644e23c4da85dc887c5bdec761

SHA512
b24e604a1b980f10de61513c223ba5b1ee24c198bf4e6aeaa44f03ae05d1f067b57f4211e1e712fd5034f0ab0b50451d395486f59c72518f395887472e7f5540

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
c2d6fc2ec22f982f76b2b1f06ece16cd

SHA1
3cc0f2430b0ff803d4f4d33ec8ca387e31129408

SHA256
9be09a154280635939f1260abe65036a197ae3016deb048d43fb9ada340d8dd3

SHA512
353bf8283438901074a63391106213639c899ccb910805611dd34e29637666e77b564d13ca665a7e82ed0b885eada0ad987afdd27157e24fa8ffb37ccff540ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
c5b040b6410a6a679ae9a56a886b5a58

SHA1
2710d9060868d84fed5427eebd06e7d4ea4c283b

SHA256
8f94be7b228c10082ef0c2e2fa75fab51f1d409b0ec6337ece311cdc92aa099a

SHA512
a6ebd70d259a87e48c8304c59e8a1eb6b28d33d5c3bd799a673f818baf9677f910b46b79b675ae3a5638dcb99dff84915dec51e43ada14007597cd3d725782c4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
3236555681eb860a8f2eff4ec04449cf

SHA1
d8b4626cdc963cee523d9fdac0c13253d1bf3a18

SHA256
c5c345e338c27da710363e558bbd1962e22683248e12500c303769476ce4e16d

SHA512
340aafb153f04571d87432fa0119ac2f3ff9f051278ac654555780546352cfd909b13ef00731fa8f92a897636efa1e5564daef2947d9fd9c29d01d7fe4323334

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
861a07fb18234837834947b21f947110

SHA1
e08f4e3e818d752ec5d56d723edd1dab35628e20

SHA256
c706445172122ad95a8b3e3b309231f8059af73dbecdf979afcbf8ef144fe6e4

SHA512
f050cb4bfa75a4c7c2f83b5658284de9cec179e107fca12fdf0d68bd41933729d8bce68039a28f3a309c12a3505a1153272aeb12c1c84b07d21f9502852b6016

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5C77EC0FCAF0A83EAAF0F4351F61FA27

Filesize
402B

MD5
18fd453a845209d77f1b997093fff10f

SHA1
126faa00f5f8b24f472efecc4cac6146082484a4

SHA256
831eebdf93b14d3d387de726cdb26dedad5c99d6ffa247fd5819a773031d2566

SHA512
c4114375c1d789826bfcf01d416017b084519f6e680279279f37571001586502d55171ae49f08598d423e530e47981f68f24f4479ab3ed9e3fe2b14e76cf2368

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
f9df3852666fd4507c1fd73283d5bc10

SHA1
d5731a6f0776fc9fd29c2135df292d63d4c1cbf4

SHA256
e365074004186716972d714231fe1730f1ba996887c1c5f4963495de58875b1d

SHA512
ab08ff49bff79f48f33e5e44c22d4d01e181f71d73e7ead8ce5a1042d0523144bf6d541641f5ae2dd5ad838bfe3f110398082db9b9ab6dc46f87f1b5d3e9d228

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
54687849e412e3cd039f263165eef13d

SHA1
ee9452e20504532cb883a190a23fe8e889823c27

SHA256
e40878edb209f8348cc716b1e7579e8a8fec3b0e8a26ce8d37d83654ac8e28a6

SHA512
91610925ef03262d3d299b85c7e21ee1b6bd3e30a5f459b1b3ee65d02285269224cf5e05828d1c3d2efdf36c6c28c97d00af1582fea25af9225243dd03a42902

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
a5093b6d5c8ff3eb97dc444760085d76

SHA1
0522080b94e5666a910e0efa895de7a64180c3f7

SHA256
22e5bf6bae903ba8608ca43259d2f018152be16c0b949fb5ade7dc3480bfc9ef

SHA512
9d8d5d12a3bd8b6bd0006a3301fd5a4b816d61df9557492c211fa70934d2d7e14c41c3dd65d0c05f3a54734e8a65de042ef6cfefb3f11cb6764a8850989f4a33

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07

Filesize
402B

MD5
3da90f93159093ec309e3a8d50805b96

SHA1
c645ed71abae9aca4d0e655bf4d60f0566e2bf92

SHA256
86b4778707f9d6d5484922fde41722548cdf92bc8d85e492b3174401c2b18a5e

SHA512
6af83ee0642a676ea27475d72457568d42dcb6766a6da51f4a4edd0757814fdb592687ba3d5512b478d3cfb10d6424bf2b8d8f6bd70e40b94ada53cc93e34802

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
c6fba93f539b94d570adf219aed7ed82

SHA1
7ab59ec13a344ac1bf8a4d944daf670e7869ccfd

SHA256
35d40c154fccc9ed44550615989b7e2bf22b92d984e38daf8b81706e10b6cbce

SHA512
23839c88243d8ef793a05047baaa98d90431d56b3bf8349b8967860029d18b14060d4a9d941d499e199624717dae0689a75090ccf8271f93da2391e1feb141c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
e154742c486d5b521c44cd1ec50a2e9e

SHA1
72c9f822fef5e70411efc36509ecc5017dc12f5f

SHA256
b9035cb85fb2a558cbd8ff3c313d1c86dbca5eb0104693c04616f1cda162e608

SHA512
24deb3b8c57055178fc310a12fcc5c6179da648957fe9d68f16920afe49d02cf93fbeed258481ad9c8ed861eea19e5f7a86da7e7bc3df4d74083b1b0164b5599

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
d3034f1751f514660e87cc6439dcf507

SHA1
39c1e864e6d9328cd316acd2c9fdd610089686d0

SHA256
8400728778aa1466e179d273235c0e4e8af58feccf53895ca7b057a45cecec25

SHA512
ecbfd8997c0b787595504f61f95244a2c1696c6b337f2baa5bb015d2d2d808eaf740e70131431a818dcda2cb1b54ea2507e838ed616eda7ace9c0eb4bb7f9271

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
47235d44a0158a4af24ba0f6c9edfe87

SHA1
fa2be5c313657ccd0ac4e076412d72c2afa98b73

SHA256
93fd529afcaa31eb43162750fde3146fb8dc65cb4deed74bfbb34022a39dd7ed

SHA512
941a4e1296fe3f17e23f18c7b5c4a596101275a74a4cb56d7a2451f3dbfd9fb3deb680d4f97580f66e02e5f4e98b2c3863f042e47baaddd8a9f43eafe56573a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
290bf74a9f0b0b936a5291f0f945d7b4

SHA1
1dcef9ab07d1d5a03ab78f1601241bf559372d56

SHA256
7649c34c1d9f14b10b317109851744c796f1d463fe15d8db87c3b098c216fc9f

SHA512
d5b9356d76752305ef17f5aa27646d46c5a5f073b9b0b16588c2bc07e40326e6ae08fac406ada68b26d56427a55fccd69df4721c62f1f4475cf06121f3b02a66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
fcce1d4146d4e8a85124629b213311ad

SHA1
13cadb2da232df932ff71ae2546797cc7c525785

SHA256
38635848daab6740f067948b61ed3f91c2cacf3ea8fc9ea0f780e6e3f83db11d

SHA512
f9706ac950a15ff759f26182575a4281743d9e9110d268512ea2ad76a79a630feeccc40a502829fdc87bbb59c885da2017db1753e05034f967314f83fbcd1409

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\381327dd-44aa-468c-a975-eef4820ec986

Filesize
1KB

MD5
ed82a701d0d4803d94824de7f80e310d

SHA1
0fb3afd4e0704522f5f26c87103595556edf4674

SHA256
7aee57cb270e5d3f63ff99bb3883656797ad22969e18b1592ca3c5af4106da5f

SHA512
33340ec21fa1ef570b71595ea0066666d856654f60d89c65b095574aad440ada41ad758deac8a76095eb02989a7e8d9f7dfbe8078e57a68188c41a0dfe3037c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4b09229e-f8d5-47ad-81f2-3833af588cc8

Filesize
746B

MD5
4b14f37ee28f0099997db30b67ad78b3

SHA1
36d8db61abd146ddb21d5451061accf0730da772

SHA256
62743250a25d82381c106ed39e7ff18f2f34760c60818ac3a990cf7cb50a81ed

SHA512
e41f918cb166eb283840e6bc96d65dd712a547879cffc75b747fd0b61ea081d4aa248a60c8722aa79326d0b9cd21a73eb4ecc896d9fde7af122c40730f8d719f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\89c874f7-b7d9-4293-9908-3b7e1b786e90

Filesize
10KB

MD5
e5a0135bcc6d4d6c816a39c53d79dd0e

SHA1
6d8ae7024e0b31a091fe7af3e2355f6a01bbec50

SHA256
13ad8206062fe98e61dbd37e0eb0c55a5f5e0728ec40b249b16bc08b588b7b0d

SHA512
bd77380f4fd0ba8c5455bdea4399c9cd629a14c3bb10705abb1078a7914c75e4023f0f4ba355b8f402bcf946379ed5dd2f0581b11a4232817f6181a3ef642118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9c511655-44b8-4dbe-974f-658de0ae7bf9

Filesize
790B

MD5
cdd8d897881e23a10e3ea6b971fc5f6c

SHA1
983c9f8c9ecda962fb977bc7b2828f82155cbf76

SHA256
27386d016d78c434c86077f8eb3379b861bc64a38750e9fff8c36326c68e9061

SHA512
92585c6022c28ff9a20792f31b1c1f4cdf2b39f3451e70f7e785b0f2d5efc0c4773b82ef5c92783bc732150c0891e7551d0040e93c40c61154c686803e670dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

Filesize
5.0MB

MD5
64675d91bed4264540bd931af010dac2

SHA1
8632379e4f14231147923b47dc579d65739e2079

SHA256
aa7d7948b827648a273255a733b7a875c915106f07e3029e0d05189e0e89d79a

SHA512
c3284f88cd7b9fdc51cec1a6e99c381f420bf246541b77f0946b151781c158bceb429be545ad70af6d5c14df4f63ae2eb3f07a0ea1bbd69dc759e05de554c870

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
c7079b2ea53b085f60707bc841d59b8c

SHA1
4aa3d9274410ea264f5b052c7b3a7ef106235913

SHA256
59f97ea0d42532e58ee0828187e07e7c7670d558827b35dd6623302290fb444d

SHA512
9309a3c768214132db1eeb519488ee5ea05f904a2acfbf5410d12a8d2252828db20941d8de345add2d6e24c55c7ae71138bda2dfe49598952593bc7502d14899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
282320deb79c1186be49074976b9007a

SHA1
6669df8d43a109cb302d740bcb5b1f1180ae1615

SHA256
ef0256c79e779087ab8ff0818600f291db606567f28459d2c99190ac37716f0b

SHA512
a9b4d6b89f8f30486b92b242122202f7d3c988723bdc40f595edb8005b28da375ce680ae5cf003643a45efc26e24c72d08e27c0824ede374263f5e5fe1c9db27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
fc6f135ea0a19eb227691d3c7800c203

SHA1
0c0034633426814bcf82a5a1fdd45021c3b1ca54

SHA256
71a71a3e00a8db6086f851c1c33442d04115df7954e4853e9c2ed08bdadc779e

SHA512
2219fce63bb44fafb04093689ebbbb9408d6c8430a872fc2c54107b0c715933b21d125198bd3df7660a0676bdccdd2b881c57ec58a09cee991cbb0c1d7e50de7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
89005c9b3225f3f90e9acba5a3ef27b5

SHA1
157425fe2f27983e1b46f771297c31b0785176b6

SHA256
cb4a7493c0a5f1aef05a2bc203bb3c3a0696c92198c4049abd82642b5617457e

SHA512
53b9fd330a5bc82b7eb1e42be0112ed9cc1c0042b50cbbd3b5fd5481d8e56718badd2aba0a21d8449b0211f6a4092c908de6237afe0e665e02aa81c34de31a4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
97f17211adfd5eb45edfb5f081c6331e

SHA1
016ca24c0e65a638757419a2ad97fc3889710fe8

SHA256
969264f4f9006f7d9c7fa8538592888475dfe7bac9a8f56ce2d1213b237ade8c

SHA512
d1a3e2bdf2f63bcc22f7e414bd3be61217082166632bd921833e51e980f2af769e1ce1bd9fc6ead5c6e13d51e647be2003b2fe2baabe72920d3b2dca03bd8ca0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
bbf8f9c1468a988071fe9600a9beb43d

SHA1
39c5ca5f99a131b75daf0d8d12a1ec2ddbc9cdf6

SHA256
bd048ebf2a881dfecd2fca67fbfd9cccda3d68e798eccccd698157c94e669666

SHA512
0e90a1ef60464809ebe7d49afef0221c74348f2d1c04146539fc46182b34bd0dd40e930f2f7039a52bf622b50f655b1824fdeb4b70a5d0a87977e88059e9554c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
edae3827167fbf36bd79d604d191f011

SHA1
b015d433af432ae05a843f13c1eda80992258b24

SHA256
354bb8a2467543d8241a366011455d2b53e69a36a199df9f70b8edfe084e1c33

SHA512
01ff1125df840966e6ebef8ffa44a93cb58804af2514bbfa28ae5a71b2139fb05f9a6927587457ec3a40040879d711d113e2e810f86c2d992af26ae52e818148

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
9ca61ae4d20a21bed83556c3bf22d732

SHA1
ba5d7e67430cd6a562624ef0123d2939b88ba177

SHA256
a287ce8e20ea4ac47c3dda1d2f9a8f370b3ce5b49a2ab3da488853f7dca2243e

SHA512
08c0bf0950f07f339e8aabf37c529e3c67992492d8b493da7476bf45c457ab57dcb0b3815478d424dff352e798c1c5f6203111d34ebca9d5a2e14ba4e3187d56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
188285555d86937fc3c2d1c487c8b5b2

SHA1
b2ce211e9b58d9e965d127bf1fbed26460ff70dc

SHA256
11e1f6e91198ec61b2d5988395e5306cd50b0cda8817d4d122c494afe2bcee17

SHA512
d7c6d6ef88501e20f925567fcaa0e3c02e7f3a65fa07d8b2fcaf05352e6aa2483e5f165c4395c52301b3352915f7b611622be91178190829ab4e15509043f4da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
7fd96cbbd8e40df01759347326f2c332

SHA1
f4eb6a0d4f0809d9672aa226b39079e037989764

SHA256
64f4bd9a1a66a7e9eb721302be1b3c07b70e39292027a8dd1599d92596fb023b

SHA512
4c7fac69a71a9b33281b2ce960e1c204598f39d8c9265a0eff0dac6047f7a28fa89fe0026b465d943c707d690573c190c2572366175223b8d924b4f53153772d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
ffd5f955324abc354fe9cf5ce7554593

SHA1
f637366f5beea273226636b4eaab11c215a9f193

SHA256
6a20c964da0b46f02fa0d129453faa7ee6516cbdc32cc2b0817f36496d6e0c2b

SHA512
fa67fa113390fd452b0a24ecdc4434b06fe436bb87ffe2441c962a9f3101d834c42625e5a2f0cfbe530684cfd10a377969dc6a9b5da6ba54eb0dce7e67bb4ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
ec3ea208847584e703d3cb26df17251e

SHA1
89beef61761c0b650442d711854c5845f4c33fb0

SHA256
ab5a94ab15bb20dd3c0fb35a603bbd8d982bd3fb997a91eae23b8952c4d2a5a2

SHA512
01d4c67fede486b89073ac1ac6142732952c3b3439b8e0ddb202889c33200d2355f8947c67c0fb0327e559e1d659323904edf10e19836ce562636cf4174234a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
ec0b878ae26c4c9d75bc158efa8d2e63

SHA1
e005690848e578cf3f49f9f451ddc664dbd1b02b

SHA256
55571a4d3c2444cb80a6c84103bd4a4c2aa634b0842ca4bd0337aba73010619b

SHA512
3ab7f70438f51a276d2c3db3f0a1c8191fb951216460054980eef260ab0c03b4652d9972392df07dd137c79451e386f6899f287cee0a3c65895dc50a250422d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
e32600bdcdd813a3908b42bd2ba918d7

SHA1
ff7ca0b15174ad03e09af26dbb575fea89c89bc1

SHA256
152a97e00b3fc20f15c31e074dd51ece0951ceb0bc73f9d2ff071100f10b2db2

SHA512
d9e64a64be338a5bf9da1d278985ea27c4207f1acb2792f66ed31ebe8b9c394755ac4aa24786b5657a6d85ebfa73d5209aaf1ab845bf11a17a40a112afe6cdda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
a8ae43cfe913229e514d9b91136e078d

SHA1
4bd28fa0c0e490159b0abdef90c7e981e31fb1b4

SHA256
51cfbd1b0e9fbb4695c6474846ea554abb742db6f62181bffcc322ca6751da60

SHA512
17b747df7c199f164acea69a59d196846eb0d8643590715bef4043d90ada961cfaac5d7377280514f2ca318fa9c35fafe9f04651a8661dbb5e20b8b05ce0079f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
abb2f302de4da36158e8ed91ada7da6e

SHA1
c6e63b63a846a663a9775a0bad53312e61673fa6

SHA256
01aa0b4560c772f6fd3f0935029bf7a93d80eef2b9a39024f6e3f7b6b1f6799d

SHA512
0d6ef1e8b11383be738d4cf0520ea83fdd4a592bbad1ebe393b570a95b0c828f68335b07abc06ec9af8650aab9a8b9fc8870fe57702e965aed27cb86871fac97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
cefa2254fc49ed6eabad71b30bb41053

SHA1
8f7525513fdfc612ea63a37cd839973eb2a490e3

SHA256
9e5f2d7554892e4c4a7129978339bb749ab4f30698c872c8f3c5639d112cbc78

SHA512
a23f971d54a5cdde0fc2d14a806d97b9eea46eb3348aee0e7c04524bde25762b9e3c511d23a594dd2b2493e3886886f59cc6f9b23535be7713cabad89a9fce10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
24d38e89a6fddf8639b086c6568fda60

SHA1
fce13c226c607f29ff4859cd3c35e3db329d6bb9

SHA256
bb8c92e9306151ab403f59fe9a42f0e61c1fcc1a6b075cdf40abdb1dd1676ef2

SHA512
973dcbcd712819c15b5e719286ac4268eb6e7a20f42cfb2afcddf64df292dfa3bc51c67f509bc9d4de7cce77710d1521c5b2b81113de8a9be0d8a3098bd813c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
16707bb06f3942a21446635a143325bb

SHA1
61c74b80222c36ae653ab68c9fb9ae76b99b9c61

SHA256
323917cbfef3eec3f73d05cfe6695c5f2ffedc768672bc087309fd3a2461cfc0

SHA512
a1e714fb05ff9e44fd0c94e42c3480d97aa531242f480989c0cb2e77546da4166172c5515d296cb4a59617dc56b5de67a7b2872e8abafa3f52bea00d67505567

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
9e9e57c708b541c7414c3b81391d758e

SHA1
7dae7df4e18c6c5227ac94d120aa2d64ec76dedf

SHA256
d98dff9f4e7522f15a337a388b65113a93dd5d8028896496767f64c3a65f296a

SHA512
7a2202c7b044890d74d409f458d31f40fe8a67190c165905b21d91f9409039ec23b87d1eb4109dccd1f2c5b1738ababb398744585e668312df01950446e5b997

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
cc1d91324f02c7c98e97fd2702025bf2

SHA1
9b2658e04ac40ac584bbebe4be1c65f96b8c4c08

SHA256
c9a1ad0655ee3785c4be25d9cab91491d0e5676662300ea06ec4a10a54ad7bb3

SHA512
62778c1d019f69f84588ada0e3327884d0bf72f67a57bd833868e8adc160376f1e4a17402cfb9e2c06bc8f9e238c079e0db9dcba4821936cef1c74d5ce20d79c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
25KB

MD5
16aef3c8e76a6eb4d1d72c021076ed64

SHA1
85f0f871edbc3abd917199d04284cb48624a55e6

SHA256
e1a681a5edd450e7f336651dad36e2d13b30a539786856e5854f6d6d11026611

SHA512
4d0c605d8da44cfe12869dff6d5a27fb9563ab72d08a029a58fb00f70140e00e985ea9d1b73966edef6894e47280cf90c47c9040c546d386aab74394416c174d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
24KB

MD5
53303c4f1dd990996fdd59c109694371

SHA1
41110e71eb8971c0202a4a57366d055dd6e7c345

SHA256
57c8a387438154fc8a4243e42adab208c8e4529ddd7bd85373de3d58c5b68987

SHA512
d4aa4a69a0cafb5724a3c8bd2a3e187ba9b367c25e4045dc79040eca15c5c8d9b6fb87b0fbfb63d0b5ddd215daf62d06cb34750745b5b0d50180c2876f240e87

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.yhR9AIMO.exe.part

Filesize
6KB

MD5
6cff5a7531f54b25508da1db289a69c1

SHA1
12c43c8940e6ae9025a0726c83650ce95bc63c9f

SHA256
dc1aabd958cf8539fb0b792d3e0118837146404592c3dd858514bbd6c2bd564a

SHA512
86d5a220895f01f8acc4960bf556f8a09a38b6d12a72dcfd6579acb9b2c5b6e4551e72d00228bfe19a7c8579ef45bbd201b927c91e8058bf18b8707d6815dec1

Download Submit
C:\Users\Admin\Downloads\ezyzip.zip.6g60qnc.partial

Filesize
9.8MB

MD5
e1a0d067a0b8c3a1b73a3a90abb135bf

SHA1
edf5d96bd5552291b40e09c9f2caa70e59e947c5

SHA256
ec4c0ba0a94ada4b5717d0a0aff7708c1edfcbc078c6828fc6b85db8eca6b122

SHA512
ecc07155967bba5ab35a3866795ff9b7fbf70f271945fd9a5f41bb6ddbeb4f74c2726ded5a1d7085ff448fc4df95d27d910166215af64b424dafacc60b1cbf5c

Download Submit
memory/3476-312-0x000002191DFC0000-0x000002191E0C0000-memory.dmp

Filesize
1024KB

Download
memory/3476-471-0x000002192EEE0000-0x000002192EF00000-memory.dmp

Filesize
128KB

Download
memory/3476-438-0x000002192E920000-0x000002192EA20000-memory.dmp

Filesize
1024KB

Download
memory/3476-416-0x000002192E590000-0x000002192E5B0000-memory.dmp

Filesize
128KB

Download
memory/4696-67-0x000001EE095D0000-0x000001EE095D2000-memory.dmp

Filesize
8KB

Download
memory/4696-121-0x000001EE1B0D0000-0x000001EE1B0D2000-memory.dmp

Filesize
8KB

Download
memory/4696-137-0x000001EE1B380000-0x000001EE1B3A0000-memory.dmp

Filesize
128KB

Download
memory/4696-592-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-119-0x000001EE1B0B0000-0x000001EE1B0B2000-memory.dmp

Filesize
8KB

Download
memory/4696-113-0x000001EE1B060000-0x000001EE1B062000-memory.dmp

Filesize
8KB

Download
memory/4696-115-0x000001EE1B080000-0x000001EE1B082000-memory.dmp

Filesize
8KB

Download
memory/4696-595-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-598-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-603-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-597-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-596-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-594-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-593-0x000001EE095B0000-0x000001EE095C0000-memory.dmp

Filesize
64KB

Download
memory/4696-239-0x000001EE1C330000-0x000001EE1C350000-memory.dmp

Filesize
128KB

Download
memory/4696-325-0x000001EE1BAA0000-0x000001EE1BAC0000-memory.dmp

Filesize
128KB

Download
memory/4696-123-0x000001EE1B0F0000-0x000001EE1B0F2000-memory.dmp

Filesize
8KB

Download
memory/4696-117-0x000001EE1B090000-0x000001EE1B092000-memory.dmp

Filesize
8KB

Download
memory/4696-69-0x000001EE095F0000-0x000001EE095F2000-memory.dmp

Filesize
8KB

Download
memory/4696-64-0x000001EE095A0000-0x000001EE095A2000-memory.dmp

Filesize
8KB

Download
memory/4696-62-0x000001EE09700000-0x000001EE09800000-memory.dmp

Filesize
1024KB

Download
memory/5000-35-0x0000024D49BF0000-0x0000024D49BF2000-memory.dmp

Filesize
8KB

Download
memory/5000-16-0x0000024D4C620000-0x0000024D4C630000-memory.dmp

Filesize
64KB

Download
memory/5000-186-0x0000024D52EE0000-0x0000024D52EE1000-memory.dmp

Filesize
4KB

Download
memory/5000-0-0x0000024D4C520000-0x0000024D4C530000-memory.dmp

Filesize
64KB

Download
memory/5000-185-0x0000024D52ED0000-0x0000024D52ED1000-memory.dmp

Filesize
4KB

Download
memory/6556-4514-0x0000000000480000-0x00000000005F6000-memory.dmp

Filesize
1.5MB

Download
memory/6556-4698-0x00000000073B0000-0x00000000073B8000-memory.dmp

Filesize
32KB

Download
memory/6556-4699-0x0000000007D30000-0x0000000007D68000-memory.dmp

Filesize
224KB

Download
memory/6888-4720-0x0000000005380000-0x00000000053A0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads