bf4fb5b1a0f6dd65499e4b5e2fff102d4958d235f0ef79d21d4a0d271ebf2e47

Analysis

max time kernel
707s
max time network
711s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22-07-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HappyMod-3-1-1.apk
Size

17.3MB
MD5

2374b9b56e0eaac81fafa5a2eb219bdf
SHA1

1af4b5f9b22268019b3f09214926b472fa188b25
SHA256

bf4fb5b1a0f6dd65499e4b5e2fff102d4958d235f0ef79d21d4a0d271ebf2e47
SHA512

3e037c437a38742dcf6f54478ed200ff149ad5dd57dafd11f87b98bcfd2cc93744adb3566e1eb498d7b1e77da56fd6b159b839ca3bd8432faf1d3010cd894af2
SSDEEP

393216:np0TcbMT8VhcEb7NN+tiqxwPDBxvghsreQBzhpGPG41VSzp:nacQTicED+QrHghsrH5hkPGAVI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

winrar-x32-701.exewinrar-x32-701.exe

pid process

7128 winrar-x32-701.exe
1016 winrar-x32-701.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

220 raw.githubusercontent.com
Drops file in Program Files directory 1 IoCs

Processes:

OpenWith.exe

description ioc process

File opened for modification C:\Program Files\UndoDebug.exe OpenWith.exe

pid	process
7128	winrar-x32-701.exe
1016	winrar-x32-701.exe

flow	ioc
220	raw.githubusercontent.com

description	ioc	process
File opened for modification	C:\Program Files\UndoDebug.exe	OpenWith.exe

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 40 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exeAcroRd32.exeAcroRd32.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exeAcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.exeOpenWith.exeOpenWith.execmd.exemsedge.exeOpenWith.exefirefox.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쁻翸	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쯀ͭȇ\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쪾儸縀蠀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Key created	\Registry\User\S-1-5-21-95457810-830748662-4054918673-1000_Classes\NotificationData	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쯀ͭȇ	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\apk_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쁻翸\ = "apk_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000e958bc84110050524f4752417e310000740009000400efbec5525961e958bc842e0000003f0000000000010000000000000000004a000000000077332801500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\apk_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\쪾儸縀蠀\ = "apk_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\apk_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\apk_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{1A7A3573-ED3F-498D-870A-CCE391D70F86}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	OpenWith.exe

NTFS ADS 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exefirefox.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 78618.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x32-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\HappyMod-3-1-1.apk:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\HappyMod-3-1-1(1).apk:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\com-mod-roblox-mod-apk-menu-god-mode-jump-fly-teleport-map-hack-2-634-417-1650.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\HappyMod-3-1-1 (1).apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\XLauncher.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Pass - 2024.txt:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4476	msedge.exe
4476	msedge.exe
3240	msedge.exe
3240	msedge.exe
3184	msedge.exe
3184	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
1016	msedge.exe
1016	msedge.exe
752	msedge.exe
752	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
6056	msedge.exe
6056	msedge.exe
1992	msedge.exe
1992	msedge.exe
688	msedge.exe
688	msedge.exe
4172	msedge.exe
4172	msedge.exe
7000	msedge.exe
7000	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

OpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exe

pid process

4952 OpenWith.exe
960 OpenWith.exe
756 OpenWith.exe
1216 OpenWith.exe
5036 OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	3248	firefox.exe
Token: SeDebugPrivilege	3248	firefox.exe
Token: SeDebugPrivilege	3248	firefox.exe
Token: SeDebugPrivilege	4276	firefox.exe
Token: SeDebugPrivilege	4276	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

OpenWith.exemsedge.exefirefox.exe

pid	process
4952	OpenWith.exe
4952	OpenWith.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 22 IoCs

Processes:

OpenWith.exemsedge.exe

pid	process
4952	OpenWith.exe
4952	OpenWith.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exeOpenWith.exeAcroRd32.exeOpenWith.exefirefox.exeMiniSearchHost.exefirefox.exeOpenWith.exe

pid	process
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
4952	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
960	OpenWith.exe
3096	AcroRd32.exe
3096	AcroRd32.exe
3096	AcroRd32.exe
3096	AcroRd32.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
756	OpenWith.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
3248	firefox.exe
5476	MiniSearchHost.exe
4276	firefox.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4476 wrote to memory of 3940	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3940	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 1368	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3240	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3240	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 3936	4476	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\HappyMod-3-1-1.apk
1⤵
- Modifies registry class
PID:1320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b2b93cb8,0x7ff8b2b93cc8,0x7ff8b2b93cd8
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
2⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4708 /prefetch:8
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4712 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
2⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
2⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6392 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:2876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\com-mod-roblox-mod-apk-menu-god-mode-jump-fly-teleport-map-hack-2-634-417-1650.apk"
2⤵
PID:5640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\com-mod-roblox-mod-apk-menu-god-mode-jump-fly-teleport-map-hack-2-634-417-1650.apk
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1880 -parentBuildID 20240401114208 -prefsHandle 1808 -prefMapHandle 1804 -prefsLen 23678 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f86f2a-8189-46f7-9f7d-79aec9809fb9} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" gpu
4⤵
PID:2588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2208 -parentBuildID 20240401114208 -prefsHandle 2200 -prefMapHandle 2196 -prefsLen 23678 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcea1ca-ff08-4c97-8418-34b171db92c6} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" socket
4⤵
- Checks processor information in registry
PID:4068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 2592 -prefMapHandle 3068 -prefsLen 25061 -prefMapSize 244694 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f35200e8-779c-45fd-8585-d717b0a14152} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
4⤵
PID:5764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2524 -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 3376 -prefsLen 29410 -prefMapSize 244694 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da382915-90a9-4eeb-98d1-fbad067ad5d9} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
4⤵
PID:5308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4424 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4496 -prefsLen 29464 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eb87a87-a410-426f-8866-a16ad1df0fe7} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" utility
4⤵
- Checks processor information in registry
PID:5688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5460 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c395011-0820-406f-80df-7b8fd4bb7bab} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
4⤵
PID:1144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5612 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e48f98-9592-4859-81ef-934bcd89f36c} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
4⤵
PID:5328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5784 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {896e4eae-6a2a-4c69-83f7-8b7fdb1b7815} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
4⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
2⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
2⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
2⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
2⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
2⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
2⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
2⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1
2⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8456 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8500 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
2⤵
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
2⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
2⤵
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9108 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
2⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
2⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
2⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
2⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:1
2⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9892 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:1
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10284 /prefetch:1
2⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10376 /prefetch:1
2⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:1
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10096 /prefetch:1
2⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
2⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
2⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
2⤵
PID:3836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10592 /prefetch:1
2⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
2⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
2⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
2⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1
2⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11024 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
2⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1
2⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
2⤵
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10460 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1
2⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
2⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11444 /prefetch:1
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
2⤵
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:1
2⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11860 /prefetch:8
2⤵
PID:6200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:1
2⤵
PID:6236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,13980454257243874430,7042393417365654290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7236 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:7000

C:\Users\Admin\Downloads\winrar-x32-701.exe
"C:\Users\Admin\Downloads\winrar-x32-701.exe"
2⤵
- Executes dropped EXE
PID:7128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:960

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\HappyMod-3-1-1.apk"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3096

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
PID:2976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=82FC7C873E120C7C27D59D36A3A0CF7A --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4816

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3D9C1AD317BB9AAB5675762B0CFC9C20 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3D9C1AD317BB9AAB5675762B0CFC9C20 --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
4⤵
PID:2592

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=97DB980D908F717E6C86B42B76F6D894 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B39163D43A03C1E35475EB0C26D6E6BF --mojo-platform-channel-handle=2516 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0D3D445527279CD11CAA21BAC8B6139 --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3996

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\HappyMod-3-1-1.apk"
2⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\HappyMod-3-1-1.apk
3⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1860 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60def0b-db0e-4953-8565-d8377f4a91d0} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" gpu
4⤵
PID:3252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78fca02f-022c-4e5c-91e2-6137d6316a61} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" socket
4⤵
- Checks processor information in registry
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1488 -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2912 -prefsLen 26818 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5984e6d-a2fa-4360-8b73-457b4ae0d8a1} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" tab
4⤵
PID:5072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d1dd7f5-b659-4437-8437-70329c5a89cc} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" tab
4⤵
PID:784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac7e437-4726-4042-a6f3-f635e2b251ec} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" utility
4⤵
- Checks processor information in registry
PID:5296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c5b09f-ee3b-4006-a8b0-2905907a3c87} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" tab
4⤵
PID:5716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 4 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57debddc-56f4-40e8-8dd6-dc6658d8ff4c} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" tab
4⤵
PID:5728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5896 -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4689b67b-3ac3-4af3-858e-0bc2ad196d79} 3248 "\\.\pipe\gecko-crash-server-pipe.3248" tab
4⤵
PID:5740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\HappyMod-3-1-1.apk"
1⤵
PID:6008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\HappyMod-3-1-1.apk
2⤵
- Checks processor information in registry
PID:6024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\HappyMod-3-1-1(1).apk"
1⤵
PID:3996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\HappyMod-3-1-1(1).apk
2⤵
- Checks processor information in registry
PID:5424

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5172

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2096

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\XLauncher.rar"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:5932

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
PID:5292

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=70C5259EA372C025CA65F88780BF882B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=70C5259EA372C025CA65F88780BF882B --renderer-client-id=2 --mojo-platform-channel-handle=1672 --allow-no-sandbox-job /prefetch:1
4⤵
PID:5760

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=89BC759D36AFA20AB90693312358D2C8 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2352

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=108BD3CB357C539CBEF64159E31965D4 --mojo-platform-channel-handle=2276 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2092

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BE56DD37D64AB4F4B3595E76D79BB041 --mojo-platform-channel-handle=1988 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:5748

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8FEDEE3131B258D6B8937A86BE74D24F --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:3580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
1⤵
PID:5360

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d1964ee480594366b9182da8d5aea6d2 /t 7132 /p 7128
1⤵
PID:3228

C:\Users\Admin\Downloads\winrar-x32-701.exe
"C:\Users\Admin\Downloads\winrar-x32-701.exe"
1⤵
- Executes dropped EXE
PID:1016

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
f2dd521fddb8e666cb58a179941b8bd0

SHA1
d3d00d99738f98a7deec48bd869ce28907f6b300

SHA256
de140d36e112d3f2cc89e72440585d00fc3c774c47e2c4b76edc921faafcdf6a

SHA512
16271c69be63bb7e013b0c5f684fb0fb9732ae468a5da6e4215f8dd474fea2caa195aa1c2fa8c027ae3649999f418572f585b6b53beee3e691212663a6977485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fc062f6-a16a-4d4d-ac5f-67e83562b144.tmp
Filesize
6KB

MD5
77ace4845b769d6028dddb0579b8d70b

SHA1
5726dc4b34455bdf0032a121dec3413049ec689c

SHA256
81ad5b18656d252ed4c5683bf6e0925d1ad96db2ef8c29ac4633d79ed49eff03

SHA512
56b8a70dda4090426c5e7ebd5f9a624273913a9c7c616553232b0bd1538a74c4e19786ada0a6acf281763fb65fc7925e5270dc6d2dd3cfa6262e124d8a8809c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ac855f7-ff26-4170-ba32-6082a5ab3803.tmp
Filesize
7KB

MD5
a8f0f410f2e51ff817e6529f6e143913

SHA1
2ab373e8cd97fbb1bd3b816a337f4747973caee8

SHA256
eeda07459989ce92aab3b25ae6a29488115bc5a949e86c744c293a34a3ba6746

SHA512
a5369ff49e0e1394e5e2d509a3e8a64a3da775a62bd477ce86c1e417e91e4e61ad9503edcfda9bdfdfad355f0f631a7deeefdfeef63c8a1ad995f78e5e9d0e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
43KB

MD5
3e4c95c68f28bfed38f6f12a8c2f197e

SHA1
0e29b9a92f4cff6fd69522f4b972d7dbf000f306

SHA256
256e9bba80d098d0a90f0a4e9f6bf7ea0a6a50a4847caf5e5954a921fdceb8c7

SHA512
01edfcfa99b35c1d60e29c0299e800c47163b4382c5144351b6635f4a6092b5be87ac9b83893724b98653acf8af1277fb794da4e7c9f5b53df00eb7b4f43378a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
87KB

MD5
c85a5c75e5bb78f79dfaa52e4e161337

SHA1
38a6baa9d3cd02ea6f2bfccc8f6ef78d8069a99e

SHA256
168a5bcaba9c348d0252846b32aa3c98b48fad6e11cc80182c0927c3e45ca093

SHA512
1e0cb2a4535d680d06f591814ee7600135c8827fda9f9027101862d362b346611405fbd189a65d629b5cffdc63fcccff053a1c7ad43e7a26f0d7026e2c7c72d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
27KB

MD5
44dcc53f61b01f361f2f00fcf89acf3a

SHA1
463aea1db50db785e6d29197c9f37a7b2fe1a3d8

SHA256
9c54e0adc54a7c252c3b530c352de4b92cc2e01e94777c9921bc67a326ae46a7

SHA512
a25fb6686696ed4acbfbf0bce9a581865f1185408b6843f7081eac06716767c5d4a4fe9a3deee857a3ee545cc8ef43eb11026b80bf6f797a2c13eeffe7e93f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
24KB

MD5
e723c57aea46ea7a2d3fa6119f670e1c

SHA1
049a5eeabb6160affb19a79c7fc0bc5d13ddce1a

SHA256
c977135567fbeb2e7322a66410a5780ffc0be1ccb7d7743e8923f5b5485b3e95

SHA512
4ca0577edaf0b3a6bd77a8676c59ce2f4455599d529f8116fd381a6f776f7d38f858e2d2970ea89a35d3ee35a513306dd7f6d5689e285eee30eb8fa22d1f2d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
24KB

MD5
132f2996349b1f014d9b633f9b2ada65

SHA1
fe0ad43134263d3e67f1bf7f34e1306bf407de92

SHA256
9f42b6ea30ab9acbe5b022cc72c5bfd33547a7c2804b01c0c51b6e47e24bf891

SHA512
f1bf3826b81964b591cd564fb897acc8137b2f558e8159eec4a2c5429de0703f302a3d33f3ee04338c61f3d31b1008050bb3ae0b7739bfba48fa8efd2ed11a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
49KB

MD5
938e0c9992b8cb60bc15b52d48f87e82

SHA1
e2550c32c48297107ac05ffa6022f2d08186d65c

SHA256
9e228704af2c084d8e4cbb275e8bfdf36f5b9f34c484a11e675cfe4a460a3b2a

SHA512
39e6373be825426aec1ad82b6992de5dc153a1c56a0d77931414f153053afe30a519b25da8536ca29a150af3940293ed9285afed45762db67148f2a833413c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
Filesize
55KB

MD5
eabeaa3d6c1955ee9a8635eb50e24519

SHA1
10287585b1a76b2438b8573f4b12fee81dc86749

SHA256
4565293ad46a61d43a7d4b7d47dea7a3cfc768a434b6800249c64852c3b9c0a5

SHA512
5b447a2b668fa30b3abe2b73b25d57f629f55f46bf122af85a30e0c68d0bda9bd260876eb5e2b83dfe85d0c255dbcfbed47db3dd1aa6d1f4d89b66dee6dd6278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
Filesize
82KB

MD5
06692e57af336865115d6f70670fe0d9

SHA1
ba054ec3338e8b358bd0d7b4efe2f0cd0a84273f

SHA256
96e56fadcf98dc4bc0c62ee5f57161e58a2136bf9d2ce3aa53592f94a6aa9825

SHA512
4122dba1d53b634563ed5191ce03bd83cf43c41da324a1b1e208fb9e3c1509cc82fc442526b4d22655a02634b3080548161b9671629e22f8d4d2ce9111d6d276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066
Filesize
70KB

MD5
b08bf6f2a596eccd66a2d699343d8a89

SHA1
5a0b5f6a83f1dcb728c7a3f92f20623ddfabf8a9

SHA256
7e73c7a8d30f6a51302f5407831c2d6404790d988d8203dfffd7d0833cc5c5c1

SHA512
9f19178d403b52d986515246ed6c6786a2f9914307cee682cdf5d0e17d28a814c7be4afa1e234a4c803f70d8b9d34fc905f7fdcc0f11379a6b59bc69fa64aa06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069
Filesize
107KB

MD5
74d8ad8c007ec336ac7ee584d1002963

SHA1
00f944d605fc86b6bbcf3b68a48c1d3235617780

SHA256
72cc44c4d57b6dfa7d5696d3f6e8ae6cb1b729532247d0e27187cf46f4f5781b

SHA512
b468e38971256c3226bab2da00271d747b8dab00959cd5e6c3ecbd0599c9b9c98c49be532a6416f484edb849da05de33618e0bd3b4ddb6806698e05438bcdf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
Filesize
71KB

MD5
97e8bb73db50c854464357c34e34ca1b

SHA1
50ba08a081ee1e2d2e61009d3fba02e1343d2c97

SHA256
fd622f0517ba432b67f6b55793d7cf4eaa08c32cea7f20ca96c9b4f9522f71f9

SHA512
659888a81d8f704e840984a611d1513f41dd1239c43b7ba1d71cf26025e77cec0c60b182dfbaf7d589d97e0842fa8bc1ecb6b7944fd9b4deaee1f335b098469c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080
Filesize
20KB

MD5
b3b71ef77841815c899ae8370085d7da

SHA1
f7362b36e1ffecc7f965d4eadf2fbb4cac25d9f6

SHA256
7ad1f40d9814673dc1e07f1517b9b535431fe9b028a6e9eecf650e0be2a03cbc

SHA512
f5c72cce1f7c5d5bc98573339e443e8089ab8c5d9a1826b1faccc3cbacce0011a1192cbdbbd26167b1e435212466bda2c64a9aabcd32b85aef3ea03035f7963d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082
Filesize
62KB

MD5
f79882e12fe87d482fe216d30ef3c93a

SHA1
e3031f2d694529705d8634b397815cd907fec24d

SHA256
c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61

SHA512
075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083
Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4
Filesize
62KB

MD5
739a3bad63e7895812b530cf482c30ba

SHA1
170b209103976e6efbc1a0095c6ac9dc73484814

SHA256
4c57d7494d5b8253a9658375c59abef84a4dccc59c8c960b02a54746d65cc269

SHA512
6da60eabad2cfdee4dd102b089343b513afab6edff6751a3b7b6b98a9b7ddbf322aba710a0ce57b1da71d3037c048c3c445b133dd6e4925d24ced7c4bf39fe16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd
Filesize
31KB

MD5
b703b17657dd45b7c89798091e80b33d

SHA1
87bbe1dad92d8c8b8a3c0599c205eef49bceb2f6

SHA256
a3b4ac4c5968c6fd117f4548e087e2d10824cc0a53077ec9ec3680e99a8b146b

SHA512
2dae5f8ad681f7200dd8deb56022badbad0f82e583f70fb85dbdd0c2a6d0577e2771dbf70f5bfe0ee69a2254a1142563f56fa9b7e13834e0192738478cefb837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf
Filesize
133KB

MD5
6c6a86747695204287522ee2649506c4

SHA1
0806933c63229e4b634c037d4229c8bba16c1deb

SHA256
4b497ba5ac694d324a8c212913a757144f6f00c074c30e51e8134d6119221d00

SHA512
9b661151b80bbec08d94637bc9a6932a35157203a9338ecd57dc4fb2ac9c0f43d6e10d7f9912daece920638af2e968f88ee502a9c79c48d54d624e692d85bc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1
Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2
Filesize
19KB

MD5
8c08b9c32598270308b83eb0dc2c113d

SHA1
5f68094375e138089a1d7c40d7121f6c6986b24e

SHA256
f8d2951fd6a408159ce498eb49c453b054d27ce2c6e9de6e7dac64add5a20124

SHA512
fb5b0d103235e359fad8e2e914bc009d41f1f17b050e431d530649b1437c8675a1337749744b4ddad93a63ed4bc76b306041442be47012e852ca1eb2e17575e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3
Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4
Filesize
97KB

MD5
b41330c944dc6a75ef954a13824a1d7a

SHA1
e3248e550a75af0278f47874a7928b042b7ca9f9

SHA256
148a91f611bcd7c175445cfb1c58e5a0145efe8421710015db0f6ff693cebc46

SHA512
fd3ba15f00a82bd93fab3b857b38884296acbb1935c6051c9facbd3c24d03812c3226141a44556d86e126a0984a25e075c1f3ad75536f39531b2e4164ccbc709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6
Filesize
20KB

MD5
2e2597307341b5d6e4b80b2d23d0c645

SHA1
8924f89e184d2fc0f46dbd0dd18fe02c45258873

SHA256
678f3f4d81627c1d0f5c109d308643f9c6875b70673837e02cd20628c114e0fd

SHA512
bb28a6b905b6d799b7062ad62e868ed5094cf990db26a6f483ea46bd6ed5cb5135f3d47448b2230eb3f9a1d27372234919a9112ba3fe8ae9eaeb9103289b5149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7
Filesize
146KB

MD5
44fa6cb271a998d305bae64eccea3dc5

SHA1
ce9be4736519731957af9aed23733faeec40f2e7

SHA256
fb1c90f3ac72cc4cee01b12161e76e5570491f155e6637446b760fc6d6a4eca9

SHA512
853eb41fbea7ace4203b2ee4d73fc7628dc0dad8839d9c23fe8cd96de494ee6e3f71c1f5cfe6fa62bad01b9689c74c6bd3a55ca6c54f883407b79f59d02468a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8
Filesize
81KB

MD5
06f15dd4f9e9fabd33c6d8f5c6b64502

SHA1
b677a0de88a97f79858647c5d8a0c28d07fad39a

SHA256
a5d538ba3aaf2e7a81b1dab2521eb440a88aff0bba4d091b0c544f8b3194b04b

SHA512
3b75bee6c0bd4661cdfcf9151a397717f095f3ef65a4bb1b3c9dd2702d7d2efc2edbf0405c8543baf41bd9fb6012986c6b21da23957ab8bd211d1ed6bc19ed93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9
Filesize
25KB

MD5
b7acbc2406a7f663f4fbe535b112d734

SHA1
602ffdcae76ca3911638870f244d16ee4522a11c

SHA256
5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f

SHA512
6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca
Filesize
19KB

MD5
05c5c53bb92e2cf4391f6af88d499f05

SHA1
95a78e30760a97c10f67e7ab60620d69b39ec6aa

SHA256
6d994566861abee52911e413f1c6e5353549224edabba42bd94c1437dcc33422

SHA512
ce784a0f7ce8b6b7d4c4145c9873b01661a26fea281bd23090bbe623f74da8ca5ae35d961e984d626be316e61e2178dda3ad27c07191f488d23b00b585b22e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb
Filesize
148KB

MD5
54010d8378b1900356075903589bc726

SHA1
2e593d1cded857e3d03c1fd999f023924a254d00

SHA256
8c7a554427bb17f944d1b9e64059e1a500d6bd063a73b84f4951f84b1a6520cc

SHA512
2d1130ac138d11a6d212b2c963efbe4b11219ab21c8e1527dddc8b79b991292e6d0b312175ee6c7d827c8fb5f98565b617f5e8565b8afefa37a2ca0c6ec67227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc
Filesize
49KB

MD5
c42546b9d279a2891f03fa75649e58da

SHA1
914459c6f079c5e616210322917c4185e2c3e75c

SHA256
da62612b80601f2841aa4dc8b7755fec3f78ea48dd9bb8e0762c729264ad8ba0

SHA512
21e4075a5edb6b88fed93cb9f1a28f63687d14816fc8aced44171a1501051ec7ddf8caa09f4b1132b03c24fbb45c3186dffaf829b5c084af7de739dd10524042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd
Filesize
81KB

MD5
96222ec1a3a4153a91d17c236012d016

SHA1
a0efba1b7314d7c485e76cbb3af7d5cf868b607c

SHA256
9737a3ef48b6220cabb17815aa17811e82b549d056301035b58e44350892ec81

SHA512
da77655c6a647e95b459c64d09c4dd1c1203e7898bd7d642d19a32d4350795c5d7f1f6a6bc4de110e79028cede64ffb380175c1b22ee468e735999f63eaf653f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce
Filesize
76KB

MD5
aa9bf4be30ae0aee67f1d453fb9b470b

SHA1
0f1b64544f607ea65dce2423cc244e5fd72844c2

SHA256
efc2c2396aecaec80d4eb49e2837c998cea079318a5fbe4803386ff2f340af9a

SHA512
a7b963c279334bfbdcff243fc0491ccbbbc778532c1c91db18e226ba46586b6360b0daa9eb96213e2e9d075fbd88c307376b3327b6b65ca1dedae56ed5f0b6a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3
Filesize
27KB

MD5
90ead4aec68504cdd9667242ad5aa448

SHA1
d8db374550f2e77e6d46fc8d6fd46c7394aee0a0

SHA256
c4b3ad5f64f58fa685bad360a69f520d9262c0e28ab34fe079e16683a4bb9528

SHA512
96f5119ac56af31bcf57f21e70adaad3e9cbce2ac8c0871a1ff1afec722571a8598959b5a2047c60c7c9164b6064a8fc33003083862da0125343d4cf2afd3d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da
Filesize
29KB

MD5
87c5c9b5aedf9daecbb44869ce8ebedb

SHA1
c9eb6bf13a8f14ae927186fd7698ba7176ecdd61

SHA256
5d2f0d568d0a8b5c8c285be4f258ebd9b39d4327e263848ec1989f9c18990663

SHA512
9ac2b1a8ee033635aa23ebb37e6034c16bd618e8225c40c23fbc295c9841f94082d620f76b91d329c1cbe826425d03db2680865d4383265df5e1c304453b3432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db
Filesize
26KB

MD5
66b5415b18ee0645a482e6a679de14b9

SHA1
e872d23796c06114f0d06fcff877522db8c99418

SHA256
1cd8a7c5e7fa8e8ec03aad4aca1b60cc72f6babe862e4cbd15885f8ec043e861

SHA512
35323b4466b571a930f793caa63d3ee88f4f643535d7fb8a505d14904b936f20e8ff27917f069e60f636e554ba1068f658595a84c911a758f66679231987218d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e2
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e3
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5
Filesize
57KB

MD5
7951997e378ba689ae8fe6679d7c6218

SHA1
def0a90bc5bc21a69258f2998e67a4b607301848

SHA256
d42729c17f21e5d94dfaae882502e5d9f4a9ad6be4425e6a265d2e425f0be5e7

SHA512
ab6955d16319273610a419420ac77caaaada72beef51d0f6efa2baf69cc9bad12dab2a6766147469665891e97b98162c0f5d2a33ae7a4dfeec60995e2694c471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea
Filesize
25KB

MD5
c0bc8b27987cc91734870ecc68f208df

SHA1
8cfbc8cc785ba6be84aab13a0d98b257a1a7773b

SHA256
b0e6e98127392f03527941bfd660a44d64c58f0581892834ea426562f534c04b

SHA512
8f5459a1df35035f0f788b57b5e7fc958016bfd2f61f1f68cb103badfd4971cba031a2e3ee036842eb2177f116347a73704999178db0122de1e57efa509e98f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fd
Filesize
3.4MB

MD5
46bdb27bef607370423917d822645f8b

SHA1
4e1cff98a74a279f72c63d14144b64174d54a8a1

SHA256
ad50bd4a42ecaaa7731c91abcbb9aa87303c97398ee1ad86b9c81ab74b021db5

SHA512
bcbd93fe3b300bd53541df409252a23421e96a5b606d24a1b560eb6a38932f0c84cd97a3ef4e26608a4b77ee9c828e13fc131cb6770793de25aca9d53914a4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d73a9842f7e2ff1_0
Filesize
54KB

MD5
065ccfdcbe66496b8dd9ab2600ca2dd9

SHA1
8a1aee122739f8e4ec1471dc05fc37a845e85d83

SHA256
1e4551dd8df5aff8715d482096ad8014a632698aa75e24db420459834d241eab

SHA512
3f7fc614d7590b37683163cdbd00446cf37aa8aacb27f0ca9aa179222e7e23c6ebc8c85dd0c76e721ea49e8d2c90f4b10a373a66a3302c82b016a20295acb5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ef1bb7c3fda057f_0
Filesize
3KB

MD5
7a41784a66a1f9124ee723329a4f7943

SHA1
7b4ba490a539ccde4c5c5e3907d3c93c9fa4e5cc

SHA256
654d56f93e6a6e690a9fd02be775e967d8ec6b50367437546d6c98b3c2969f97

SHA512
b2c3777b63f53391c5a3c456f021e5408e69b3cf630e1d982b7e729186dc4e2bf2c79512a94a128dabf4cd7519a80e49ec3e9e5f256d3f76a2ad915422f4d133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce1842ed436fe30_0
Filesize
31KB

MD5
cd868bd8a2e9da0464f93d286fbea12e

SHA1
322a01fe799d1a5e2e875892133f1fc5b3ed9600

SHA256
7ef34179d589c7e9798b9d81c2b7496984e1e19343a5201420fcd08e92ddc951

SHA512
2d5dd9c73de7731bc3ee3fcd9a4af7436eff821b7c99ec62b16ee13521780afe932c298146c5405bc5f30374f7763ea3e9aa8d347596c9c717caebd52f57ad4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d2841b54a0b218a_0
Filesize
146KB

MD5
4cd7403207685ca30923becd4144f5ed

SHA1
291ac58d2daf7d452fe2e4846b1d008fc6cb48f1

SHA256
f4ef03bb9be96511ff3f170189afb660b907fc1487ca3aaec4f07709ce5e3c03

SHA512
4732da2ef60a9bbad12e755e1289d23ef43d645d97e3ecd2f85ceea934ebccab8bc6f653bef51e6dbbced746fda29ee1d9b51acbdd0ff2d3728c333ef40a90ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ace8891be2fb1b7_0
Filesize
268B

MD5
2d56fbdd36949156be7eb49fdc64cd1d

SHA1
7428436c627e337d8dc46c0c0807d745642423d8

SHA256
9901dd8d39e662766600f797c1e56de972c68ff3315f7a1417d76978f9aaccce

SHA512
0e3b44ad5843853c91048a3c5883d9a92b4e714d5b8580c8838041eac190d6de78deeea5760bd3898567cae58bacd70a7e32636862df9a98289f37687b23cf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48ce9c2bd190824e_0
Filesize
19KB

MD5
6618450b5ccb98ba21583a9a0e4259ea

SHA1
72f98007d4d00813cf84fa310c116fcce31ea3d7

SHA256
788efbddc3a62c27366a6b15f319e3ec0fbe001256018c3698b5b3bfabfabf87

SHA512
ed1733559fd1cb07a5200a78ffd12ef1f0dab7d126f5918a4ceed89e0392f642c3ceebc71273f09e7b3ec579b52609cff041e872d28290ee0ac7a319b3555917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a77328c44022353_0
Filesize
22KB

MD5
b39d6f40762a81c4afd7de0ad936e3ac

SHA1
3125412e781c666fb54b94f6d157955d1fb3c5d8

SHA256
7a577597f37cb07638e62269ea6bda64570dc0b9ad003520ed8af64d2c5e802d

SHA512
7b08fb414049a06afdcab68e9c96369620f3647a1a8390b93b1c33b339770381ca896938d176110aed5706239665a7299c2946290554486c0e9805286a737257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8eeb64a6ff391922_0
Filesize
339KB

MD5
ded76d09ce06a0982a727bca8b7f5e22

SHA1
2024875aeb9d82ff7e31576e0b7aabf478d06cda

SHA256
abc277d670af6c98b1781dde31149297a6def782e8b5320d9fb43fef68fb5929

SHA512
2c83d639884a5530a15f162157be0e285780c6463ee8a90855d9277ddeec3d6265fe24e168c511053bda6733bf0df3958cc4600b4413e4fa6447a0d2d309e3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9501205598d9a506_0
Filesize
55KB

MD5
b32b66bde23f4e3ed21ffde015710172

SHA1
4cb3c5fdad4862dec8ef0507de75d7ff8af2889c

SHA256
b5de4cc1ea524dd8aa2e8f37eaab1ab8990eeec1c160f829193d9635975be9f4

SHA512
4b1141b08b6066d59f9d84853ac5dd0a9622ec5371d709ea7227502acced5a819897391e2bc0b337deb65c8aa97e7f22e0dcde9a4f06cc40f36bc1213286cc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac29195a901ecf92_0
Filesize
278B

MD5
6aaf35a4dd02b3c7bbfe2a0a459d5212

SHA1
275ee9fe8b5679687921d4cdd3ba83b3ce1df49d

SHA256
23e7b53495666cb964bbfeb53d26ef3df5d16e1b04bb7c3abf093e3397eb8156

SHA512
18e65e409fd8e8e932d9b04fd81520dc8e41819a2fc404b4492cc7fae971837a492ee93c88d7e0834bd5bd37a9d3653d67744d35aa2f3dbeef40565579786e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\afb45cb62487a0ba_0
Filesize
370KB

MD5
92970a88a6a9814cecb688d21e501b6d

SHA1
5a747fa5ac2128f6e2be15420df9435e37bc39ef

SHA256
81d3beeff923ae597df0f29a3ae7126fe16e3971e18c6660bd788dbdea5d4339

SHA512
537a7882b6bfb137c48924fa4cd5351345ff9bbae827543e134a2e9ee6c7eaf825aaf5349ebd94d8c4aed3b871117f285be3773c0581a930973ec09a77219973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f1597f48bc426_0
Filesize
263B

MD5
2c978b6b2dac30e69b7ed0bfa89050d5

SHA1
c44eed5b6f1236058468cdb54ef1bd3696d8d0e3

SHA256
57fbf2ead3db728a94dc472753e4d372be470c7097c928db263beb183879fd9b

SHA512
dafeb2bc2e57f3141ffbf17ce074250cd464ed9c05149410fe61e2c49a4e57278264460cdc554c9d4b0069df90e431dba656f4513025915dc03583a70b373d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1ca9dd9ff6a95e_0
Filesize
14KB

MD5
4b7899076dfb3fc7a673c102aef95162

SHA1
e4171be7fa368a3f61fcb7d5c88b240a587b28e2

SHA256
689976a602702f39ea40c5474b5389a98ca1a4aa9cd74fb49444cf001aaff9c0

SHA512
a09b7c7f403887c78c5635db24e1025f1a58ee4739cfdbf62854fe10395d59ca80b0aec5b1b08bcb9949680e9be3ab70c1dab106b4f0eff5350b9a396d5564b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff8320b4a6561b89_0
Filesize
31KB

MD5
8c1791073ee147261d66056e76d5830f

SHA1
7e880ab2528ad959d79faba54bfa4e216427d902

SHA256
15939a86156312bb08fa67fb466ac56f54aa9577c1c4cb5ca4d95e73a12591a1

SHA512
2133a73e6ff7ed4061a5bc56a8428418aa140a6ec117dcd111283092ad41d1ab7fe74aa43b906a7463f02f063db8eaba2388e9e2cb57b2692ffb241d1758a55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
aea5473f84ddb576c138838b82303ff4

SHA1
4afa0cd2eab4dd641d9e71eeed8a525f8717ce32

SHA256
50c8894d8e4839e08b7e6e71f89501dbb4148217130113eb4a84d3855c76c66a

SHA512
6154965361012869f8d2265746fbc45bc3561a46cd90b4c1f62f8e2a68133230a549d5f0bc32caac2a404f8a72fc37f7a104ce5fb18535657c06d372a0ce329f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e783530f9fda19f8e8c62cc61edf3cdd

SHA1
b258d9a259ca626f568c09f728b2af4950db7b40

SHA256
50dc0b8b2e307a071c9437f106938dc78b0e1e55aeac2866610bb01592370645

SHA512
ebdf1747499393f8f7c645b6cd921a6e2d75ade9b7bed11551c79769db5738fc918af736341d7d7daa42702b9751e583934b8a7cdc42fb1bf417935affcd0c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
11KB

MD5
2d61285c72b8f0c357ca5411a11c5527

SHA1
f34beb2e4ab89b4555983d4ce0319e2c7370c956

SHA256
2666fa20734bcf8e909b404bb40375935c368d3e98c3a143388d699e4564f020

SHA512
b98252f48531b6e1ef9c6a23dc7696bdf8450b7c32209551700fa2cb094d5008447ac3ce940c766bc21bcb3955ec4cca3a496c6f4ed86a0fa520888f961f34f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
48ee8c7fbeb0067eb4ae6df4f2ea569a

SHA1
eaea5eac8cee91943573dbd00321fe1b4c3c2ffa

SHA256
8173a1612cf726265339445a4a9470e0595cb24f89aed2e2599fabef9b982573

SHA512
0a0891a96ad565a0b29e360f0b8f8a52a4cbbd88748e5daea415a254bd880a8993dfe270d98aa4775dca3c3ed17a6f4fd08c372fdb81b327649feb3e1f5265d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2117aad0f5b4ddbb8d7ca3cc437283b5

SHA1
d7d156c7a56fc6a28e5437e94825bd98bb420680

SHA256
697c136d2ab14fca6088356c8584b86baa06f2789a177626da87b4c1040109f8

SHA512
2ff802cc7c3c3e73158b137611026a2318b71baf6a503f7f073927ad71c94ccc2f1b0c9ea9d019965064c4bb0f26fb2fdb4b1df603ebf5f17d5a6624467a1336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
10KB

MD5
b765ec31360cc1ff5e1b6b865daffa3c

SHA1
b6107dc539f3abd39b776ecaf7326af22110d6c4

SHA256
3ec87eaf9e9bd6002c2a98125ddddd114bb66ddb1fc01cb2c46f1861c06e8022

SHA512
0091f9f979ed2d9d6f0ea3fadcb33515b40d8607358e37851392508497070655c79d07a48fa1c9770e6496b7080e448745a914290f59a937b0fd4f9f715a4ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
47570afbc69a7a2ce095a9b8e0491bae

SHA1
123d7418f5be236084076268e2be712730de3e0d

SHA256
03bbd9d94092675d18a378f8b81ef6098cbe8c02825e5471f21b47ecc3c48a94

SHA512
60b91f15865a03adba4b528e7a7ea68a0aafb861e8aafd368d342ac252759a98f1f058dd60f7e7a862a0d9c3eb45b23976549b39bd37aaddfe503f4f68358f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a387aca0c4f93f83ed4f392356829463

SHA1
e82975942229c8fc5628a950593844df2848418c

SHA256
d187693080bc76a936678617912585fc584cc15fc3e7158248385194bd376caa

SHA512
f2b64a558410a3456b518d8afdff1379367f7f38517c4b224f254d593e01b6866906198c6e987f359418ea48f730236c9f2597bfa27d889fc4cfb26467ea47bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
e65d3163d1770950a774c2b860978eb8

SHA1
cff57aa955108fa5a5e05f363125a956ce6d1374

SHA256
b8a32b6d4ed8bafd524a98651264c687b1aa1d26329b1b65b1c5937101dc8818

SHA512
e6dafd65fc334b13e6dacec96724d7072bbe084b4db28422617c0d7e795c4c677d197cce3d390850a8f603df50cc864887eeee9bbdb76c2c4988727437a96905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\100.png
Filesize
7KB

MD5
9a772056e233a81fc8a421f3e6d38dcf

SHA1
cbae245a20882df29bad10d6ea333bd163c256f5

SHA256
3eb0dfb48cc60115c0807068b56a6d729fd466d6ef1e41d543936e16190da46b

SHA512
17cbd3ee66f4d84a64bdc36d8fdd8bec98c40a55ea4bbe8aa8e04fc8ff246f3c8208a3277b9523ae2e18e81ab3558544ee23192baece2e4f7adb27faaded6bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\128.png
Filesize
17KB

MD5
3b62650bde3bff048ea279e3add6839f

SHA1
f69ac3746961b6c0d808f544626910367ee3ad78

SHA256
258cffa6aef7cd45689132581ac9c4744b5ed0ffdffba60e72adf74ab514cfe3

SHA512
88078954f0b47ea531a25472a5b0f6e5aac3d9453713daa0c9be45630bdd0afbbc9b772d596962514b77f983b91d770bfef58f96a3f74f58ae13ee80eb3edede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\144.png
Filesize
16KB

MD5
38bec1276054a96541d51bf3cbaff9ad

SHA1
43cfc570f6eaac987b24b88c2898f1c8ccd2db33

SHA256
4e7758577d3d9981795a24fa7554be0e1c277ac6f320d1f83c6abf41f5e3d278

SHA512
1700e73b5f8a74bfaadd3722791d6c1971a54551318040dbae422a7c9b57da8756eaa0590b890d5baaba1fb713027b5e6c4c11a783e88d3c4ca414e6543a79d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\32.png
Filesize
2KB

MD5
dfa875244ac641719042549ace63858e

SHA1
bca738e8b5a2b5a9ba1aa8bfdc9cd7d0abb1c411

SHA256
9d61000fe50a3711a43092686af9b63e253714e9155415733cca11fe8ade1bfb

SHA512
e5702228f8bdc776ce7e281420aa24d8263466b79f593781b74a7145859929331852b595e184b4c99dfcddbc6e13c5d352f12677b4234b3db3aecacb6c762407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\48.png
Filesize
4KB

MD5
515681967bd9302685a866c3582284b8

SHA1
8fc12bec9af2a76cb7301a40f8d93957af772091

SHA256
389c06dee8c804d4bac764465b9b855ea7398f0031e2bdb0f857978332585a8a

SHA512
e6836e5d1329c9b3deb3fef39c02a70e03f7be892340de0f1d27f541151432c809af04c752bba5a15bf9f89fb5d339c74ab0eaecaef011455fc1fd9d192e2c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\64.png
Filesize
6KB

MD5
3516e781316ba56f34e1b8fdc90489d5

SHA1
b024c093d17d6d98a3fed2645f0a30bfbc33068b

SHA256
4c2ca8539951d7cc252ba437ddb1f88be03a58fe89ee3c6e0dfb1abe3e8c0767

SHA512
4cf87b4f1357336da86a0439853d4704419e805abaef5b63aad633c87847548d1c74692791a29b0448af1081057e507990deb2b74d3221abd5f26b62b6aabff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\icons\96.png
Filesize
11KB

MD5
ed2821c788e5b5ffffeff2530565a692

SHA1
5142f7fc406468860115c4de34f5a858d2293529

SHA256
9edd74d24debdca680c03e86fcd60da09547358bef72969c95a96009fcd32a08

SHA512
21f75c98357c956fff75b4947aa2d17a38e530bb5f5bb226b28ef43c34173d1d5f785f5927bed78cadba7f243871ca7fa3b0cc55ae9bb3c4d6b2edbd4a115f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4476_921174508\manifest.json
Filesize
1KB

MD5
01460daa615149e2217a041e6e283041

SHA1
47d3077c267d902ceeb25f5ff26eaa4c19322855

SHA256
371421439856875309856d50d0bbba2e4ce49074d4fda60320e6981030d18547

SHA512
4d66ec99e43c003911a5ffd4662969e42154c1ad3fed9a135e49bb67f9a0e14679f6cf9fef75b54832f8add0eff71f899287a42b0b19d64706f9ef479eee995d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
7aefe0205919b94bea5815fcae07c90d

SHA1
bb53d46aa15553e906239d7ccb88190293c88f36

SHA256
f247e8ccf7300a1df6d9477327530aeb6adfc1e60d529a8888f1117e188e7f78

SHA512
028305b246efebd99b57a64c439265144657f566f3ad6452d159eec48c07b672a02018ec35f6ca18c1474350c82396381f539de8d60ccfd3aa5a9720dacd9d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
2eec1e9dd3d7bb9150a6efbbf6c7ac3a

SHA1
2d9d9cdfa9ae4ef7f073681cb88ebff83f8df2f2

SHA256
6fd030cf853ec655dd04168e35ba51d8f888bb934017679f1940ed8f34f30ac1

SHA512
95d0949f193b5109a208aeba8cc33937bc2a9b429b4f14e000c1f622c9eb7349e52793bea9d232d067d0dd0d50e800dac2b1f651a401b69f9200db6c21483c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
4bd71c095124dd85128e1a8dd1ff40b3

SHA1
c76764f18b21384a741f97ebcf913d8a27c6704b

SHA256
50e90838ceab43b3c1d3d61d89876102e6b3551c325b026211ba94da5c3c6d0f

SHA512
2ba64d80eb0547ad88ccca70401a677db3bd1da5842a96bb0dff0dd7a673fb9a6510b67f6d26003e5ecf05ff2556d5d3fa3aa493b1a6a0736c92d01196384ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
22KB

MD5
1cef19e5c4d0574eb522503c94c99b28

SHA1
f87e3a76ac76ea61be2fa94570e33b2324f1dd31

SHA256
91851123de7dc27f6ecb26a7585d719d71fa0f2d1a70a690b47c53b04e91d429

SHA512
23af20859da17a4e2981e48da104a07015cc10cdacd0ff57dc02f3d5444c87b3798b8a2f3c88fd60c7a823347bc268579368c8a8f9a4711f84c674501d6c0eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d6969f981e98ea692daa20d338e8820c

SHA1
28d7ea22ba17e2edde8651867fbab5a0cf5e5dd4

SHA256
aff370e4160777211cb322b2caaef33487c248d1755af09e1365880a07f4abb9

SHA512
5e1077e766fd9680960f933fb32ea1cd776bff36a62e1231b3e661f8ccf1d8cae4d29e0a61ee920855456cc73a20d04f060221b46e3646524296c23b41180472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
32605e57fe29bbc0391833305dd0ded4

SHA1
86a821fdcb0024682fdcf92817892c3a2cb30b9f

SHA256
fac80f1698a4b2777e5a633ab547a2b18aa5d91e32320defc706ef5d806a51cc

SHA512
e9e71ed9f22f909541bbf509db33cd823b64e2e61ceafd26d9b3706095c7c95dcc41e8e3f196c9f05040205e3c75e655153d97bcc469be0bd4de36859fa32c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7be4e82d96adc4399540bf7b44f4db64

SHA1
43b103f54053a92805daa326e338056003bd8736

SHA256
bb4eead97a1cb9a5de956d0f70d7612b48879d5877846335b14637dc09f97490

SHA512
9261f6c7ff10046df1035a28af1f5914a1bc2f2d4c2d2be905129da60bd181764266e626ab404c4d5ae7aac2243d24f853bf20c2c15c9c4c97f45fa6601cce64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
18f56e30e304aa72dd211083fe87b449

SHA1
20fbb0ce58a3c4262eae44524157f52fdbbb3550

SHA256
b0ac7a4be876553170628904297840a77049d0dfef4249ec930a237a3f7cd571

SHA512
41e73197647d97872458b974d754aacb228a8df58fde4023bd2fd0576d216bafeb1f8df7cae9d2ffc8afbc82217933e85a67c5a3125c283fbd4cff64ce9ebd62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
794772d69b33e0c926efdb6e459dd288

SHA1
a9539415ac18a008dcc5733cb71e1eadf90f09f5

SHA256
04ca6925ebd70c1c24ed9ab8c305c49f3a3f0a6c1be41fa4f085cd36f00b97ab

SHA512
6eef7b37561e957c9f6fb48f0596e14d773b02db3ed9b44948811f35162e293ccec1343e382221d7b65bb2e4a2905192f108dca526f731d6e42b3ef3b32af78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
879cad5d508fee71838d114b2e38ef8c

SHA1
cf710afd8ddea2831a05aa92c2d536968ff024f5

SHA256
e4537a50dbb54aa50c50533a2a14b76c7639edca16651ff4f2e75314e0fe5aad

SHA512
126b6f168530198c5276d4bc965f116c136dc5b076b300d8b14ec06968a420b6277a90d3f54c268453d66dbf42ad324f2c2321c797a80797ada228d597f89909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
ff6058573fa0c031a1347039a717b31d

SHA1
01808f44b78842a408aab6118f8889bf2a0a8c11

SHA256
33c46e4a7e71fb1e1c558489ca4cd7ed3dba2d53b6752aa598946a0cc8922c04

SHA512
50812af881779937d20604040a9417cfbae3f1ae08cdbce1b6191cb85c44a0a09218ae1a8fd7678c8626e5872b7f6fa36261f5650ea80a4a8635c519c108b708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
3961a28e9bfa97ffd52f8a3537c0acf5

SHA1
63ed2fd4586c46d7f615147cff34b910dc6a87f3

SHA256
8d36a64d2f114c202a40401aa3a7fff873ab8f78ad17a61d0745503f0373d0a8

SHA512
508d7f431370aa3b342b4d47f46bfcc1f60983db1712183f50ebb35f1f27019ec5bc4675b3cb8b4edfa9987e94dd28f900c251629577bd2bc166935f8a3194c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
63646e8c6917fe18ba70c5cf52604e65

SHA1
8be152986bd5099a017fcabedd05e8fa77ddc2b4

SHA256
0154262538091c6cd92a6a18a9c850896f47e66c2e773413e512306083806d17

SHA512
09aac8b87640b18805abfe580afff8c324cc4bba28b466743789187aaf8f69b6f1d6882670426a20fc82b26617c99e73e7c177c49f2cfc1ce8910ba62617c4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
dda1db6995031a52fb76ce784a2aff76

SHA1
7b7b54eab1cd59d8c28bd589a42e89672c19ab72

SHA256
d0ca75d9b4b6d204046e7d3df2b622adb042d62633bc9bbe425ff14824c25041

SHA512
13d38a188da6d982956710f4b5b11d2a2879315f7494e158417c2fa59ee9c4ba5c14c218a2990b7fdab23ffc9429ed9a12fc147e6333a66068c6bb2eb6207ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
22KB

MD5
e939755989a5196ae93231e956d32566

SHA1
e920297cbbaf7951e825d913fd00158be8454dff

SHA256
22d0a49637932515523c9dbf3fb699b815f55dd6c91b0229f6b03b0b3ec3f791

SHA512
cddc1c2e6c818dff25462df7b541c04727f8702dd20a310343243f91636c03be1af20bc2178cd6d89316926049269eeeefbdf93f6b93d4c07d457d1453d8d168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
92e1ccbde79b4a0062069701a0558890

SHA1
6da5ea8b86a6856d4f8b80e79a36151c077eb4df

SHA256
dd5ac845177ebd4ae06eec05f469448ee7f73fda2023f473e23adb8584d45522

SHA512
bd46b72b31d633e005e2344a337728a8240c562e12d1fe54a3218665b3c2312533c93f1b3d22d71d12d0e2b4c807a0ef74d47b49173d8b15c7d2b23fcc87d68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c535ecd32f4ca749d31fdb39e8512f8

SHA1
32e15dc3b89521f2011ae1d9c53817d632596666

SHA256
0984babc376c434161defb3535046a7a7c78e40a644857aa26917a27a86bbddd

SHA512
a211db425e8a1d360fe3aa95cfcf234452d6b92ffe21674499a75f213bdf6fa49f2ff1a2a4589a74049056d1348263f7ed328c4ae881ab6475fdcf24ccceeb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0fabbd0810d33273df6f3f0a9974dd5f

SHA1
567f2d6b722248a424dd63c85eee70fd0965e55a

SHA256
5a60dce73a78e74835fbfd9acd53f310f9f01501694367e82eaf5939189cfa43

SHA512
f9341381bff7bb502ad1ad22788033c3318217e05733bc9deb312a4e88378039dbc39165c3fa4e0b2b4577684b56568db2790cd1fe529683ddb6b3cf9e5eb02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
cc474ccceb2c96a9e22739074369ec20

SHA1
47dd594e9251652659f14860304dcfc4519ea80d

SHA256
e445642e405ed246841ca190884b4b5a5dc93eadc4571c2aa85f33ad3cec93ca

SHA512
d2cbf00cfe8d00feabef4b702ad766729b0be39e1f4d520f501add0c593f0c4a858fe87c854962ea7945d78f6249aff3b5bf09e0debc1eced9c80c9cc0da442e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9987c0ee4616415cf6c5167a4bd0e1c3

SHA1
150435dd3a0eaaa5f23bc67714e78cee3413e17f

SHA256
c7f3cf063fd4e299879dac8190c096ca3c3ccb9ea9d2ed49d13d3b4e9ff3b5df

SHA512
1af1a68d86e9b96188b348fbef66a8c7f025cb870a51bb99bdd6bf728cdd04991b07eeea55102dc2ecb67906e8b8578cf458584d6d2cb08a42d151261d316ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
46d7a2912af4e71849facbc52c64634b

SHA1
b2d10b7cbe2fb9fd8e49a3c0dbb8ce8e219d16d7

SHA256
1200c5defde8fae1d28a495855e17f5272e7e7b3eb0d6af20f85b43bf90703e4

SHA512
5b79bd0914f47f9abc55ca09ad30e9439b2452a88a7053ebf94d77fc5c1fdfc622b97be078ac4220284cd4256ca10beed9201e778a80c8f266f469c7cd5d24f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f0d7938e1972ed4a068b6a46b98b56b3

SHA1
13cf4e70d2bbf804925a6fa99481eab0ac5c6da7

SHA256
de685b43712854cba56ff5a70da0a17fffdfbabd1205ebcd17f6a3eca31deb26

SHA512
987052d8c16f6c991c323e8c2dee6661bac7fd1b71356ba77887ab8536af41539a8e2e2ab59bac699cd20980b6cca39b6c7822fad375e29223a4225d47c42ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5a0ca995e18cad47c97ed67930f0a94a

SHA1
43e06967ea324dc0b8ee524fdac55bfe0f765a9c

SHA256
0dc2c23367d68196281921c21bcb50201209484939b4b5c60ae286c23523e5d8

SHA512
f1b234e893c93797e4cea94402c23b12f26427b2d1f3d0f7c03b362c1985df97753dfd2c9fa8ca357ba1e160feb08aa0f28dd480c7ac37a76ccd90c3eb8d979d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
4f0a7c9abd52d6104eb39f2a62eefe31

SHA1
10c6421d3afc8699b2c97dc50569679e90965458

SHA256
f1a1cef659a44f517aa93e03e2c696e2bfc64289772f5b5740d813de9e955e10

SHA512
17515072a39fdd5934287eb0280c42e18603ad0fc5ad6722aa5adae5cb7cd9156bc49178aa5efd7b7c8a87d54eb18305dfe20cfc1ac4be9cbf59e2ba22d467fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
8f5f672df59430e86ed0ccc702f84b2e

SHA1
2671238e5cb0bb48e53769302815b484c2c08da2

SHA256
d573055133140db5adcc9be1ace1b6664194db66bde8e78a8611fa9f0ffa30de

SHA512
1b0b2624eb69f2ba6db8f64187820cff16375e34490d001740919bce81d6a6ba90086c53355c9bf7467f0d1718d1aa73267acf9b3d944c3d46394302e4f2b3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
675efcb6a72a0ae9afafd51ac89206fe

SHA1
5117d049d5f87eca2455232023c9b2ae32f223f3

SHA256
091e80968347b8dae81ed6abbbe5c1797ff468990e71c57adf6162c32a8010a6

SHA512
4c77ae6c2e32ac66bfa2485e158f7e33db08bd2d2118c1f40997ee8443562ae21f1689a3d9ce6221314353f1315441203d8d0aaa646c16bafda4ff8d36dc7aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
73b1d1bdfe867e46b92a7d87975df830

SHA1
9d4b025204bea1fafb25ffb0e79a3c1f8b0a8898

SHA256
be38d3fed1a8db101427bc74bd44906ef3b50f7773df3ce12f65158465ae0cd1

SHA512
32c0ebffc442341150cc2e24322e748caa885ac6a4d758e82f32a229714b96958d5ea83584b2e693c43b65a9668550e2fd2392843cd321d77b782d98529cfca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
9abcfaa4406e71b89bfd5059a3446544

SHA1
060cacffd5ccaaa1932bdc002d42314a523ec708

SHA256
36ed8ded22e3a37abec1c1fb2dcaf1cf77c692aeb1b4a7436846edff9d4c06c0

SHA512
65223381da9855fd14f545d5d076b554cd546743f910bb2d6756202f00a8a5d5787b976047fef71f3c8760b2cd52d13ce6a7215ab0bd4e2bf2a6c0eb40fb8f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
27KB

MD5
572447e84bfb0f0287dbe9f8a5f0dc34

SHA1
62d2506c23dfd4262150abdba47f1c94b5ffabae

SHA256
46d43e6e492b03391b460c30670ed4434575a0329dc728b25ff23d93960e8048

SHA512
3d84dbedf5d21901067f53dbe441395581a64e1ebbfd77bbbeab8c23c0fd9f7a39057f1d10d20169c46e8b937bbcf75e0b231ebf2417d8131e53e8656325be51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9f9af25249cb785f7ccbef0264e75870

SHA1
376bcf118627f991cb3fe1576d83dab6d467ad90

SHA256
99c10ab72b39fc7d7db80dbb74da4891f8de7c43c2edd4f54515d6df08537a85

SHA512
bba3d48e5917d99fa0c953428b80256802434de3cbd44aecc29461cf9eaea1374f9493b50f8d9a52589140a394acd9b10530cd53a93962fbdb6384853bf825e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0ec080db1175756eca0772666978f37e

SHA1
669ceda3dc34b8e00e56ef8804da4681698ae69a

SHA256
8e11ef4798c14a72ea2b9d1b09afb580cb63a94f53c46320d388f3719d710507

SHA512
7e26ea78f9804f3aa1141978a10f0b9523debf76c6765850c9c13df25c07b084d90fbcfb5b93411dc6a62bb6ed341603eefe3b6d9d4941545446daa8c278f16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
8f4b466736b7c6eab233a5ad5758ef45

SHA1
d7a8b47cf515e7fc6f0fec480518e466f67eb646

SHA256
2503b99fc8926fef5f4a93f32ba1ac90eebb6ff39ba9fa7c2293326cfaaeb672

SHA512
cc729c26ea381aa2fc1a5dbdd0776cb21e1a54ab08f69273c7e7caadacba850fa6f3c648b076624a21f0c97f41357c49986e86a4b5710857c88c9915667ae805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
abc180872ce7666ca2962382fdc6491e

SHA1
a06c5c4cf4e257bd3cf168ae56179e3ddd8fcef1

SHA256
77d81a13c4ed3ff0eeb929dcec6121860f575a07af2f8fe34d29fae3cdf363df

SHA512
5a70f64bd30ebb28a0c3654bf9c7bdea0e634f611785e0314c924109017d883b057850a14e8d00d549c4c4a505eb6a47aaa8cbfd66e6d923b9193c0c72780d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
6445e6ed8b0f12a1bd47570f596c9b77

SHA1
489fbb8524b658422de4b7179aef20efa0564bb0

SHA256
cbae9270805b655da02cfd19d56570d08d5e9009b87e6a1c7a53de968297ed91

SHA512
856c5638eb1a9e251508093d6de0989b131752d7e7d9a2139bef15aed2a49d91a46af0b9118122ac2bf1b8aadd0a5ee84c429d96e3776e36d0c6b8462b16c3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
ba05260e90ae260f852ca09f7e5022bc

SHA1
aceb677a108b23cd6ffd780d0bd577cf53682167

SHA256
ac84b6b5634c91e0f006ed66322cb6766644a07a55b52ed62ba2b652fface20b

SHA512
9752658fca0085113c8286f5f6ca67fda364379cd32e1ba42cae4f01634a4bfdb2d0a0da3f3543245cf8582bbf8bc58704df143f70b6da6e824491406333ad7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ca7ade127cbfabb7c2789840d0eb367a

SHA1
7af4c585a5350cf68a3805ca155cde0d0ab9eaec

SHA256
0eb994447f36119f5909fea81212bdc85ebf2356bc388b27f34c9826544c4a1a

SHA512
dabc15f9033856bab5dd883862e8e4acd2b1217501904906f795a199cb7cffd8cfc2f06038cb6fc90754948038133dd7ed1faf37d670659056e8b0347a17ae89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ab571a7c8074f455a58b25a63993afac

SHA1
a0b5f3982f676b2407d40f89732aa9fe09b1f23c

SHA256
4f8b1141921b15cb4be737f4f726d1282e561198688ed766ac51f49fa80b631c

SHA512
497c84fc048b6a6068d486f1b9048910a35d6f93097955337f72a8e032fce5011d152c0c0f5652fb82ee7d08cb915edec788e3860a3a713d0f0da553508bc829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
66ebe854476cc8be5bfb31b50dffd77e

SHA1
9c3d6dffa24a6b02229efd56cc3d262e227b8e7b

SHA256
171c644912c530d8b32675ca3dbc8190d5763f55b92f8ef4f7e86f71d4119d3a

SHA512
289298fddcae7753f8d473fadf80c1a1738bb5ba839468203402858fd4d7a154ae53949ace2162819da886a5bdd2115515fc11663b7c039ccfe1965122591023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
321ab84b36996ef90c6d124137c0f4e7

SHA1
e66926cae7830e8fcd356e365d55bc90b5968ef6

SHA256
de47c4d7c709e606eba8f2340732f105e60518b2a3f780608774a059564c9960

SHA512
a9276663e5bed396fc002f38b0fb1ae986ea8c288d164e1bd75f50b1b68a5f615cdd798368d50d32d476e60ef967890836dac8809a14d1c675e2c7aef159f4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
f52211944af471c4fd0ca78ba04b94d9

SHA1
7225f332f60908f1f6d3ef175c96f9f9758db748

SHA256
9199b7b1af9f8e5ad3bfa24821579692003738e21799a8fae2a757ab3f1997e7

SHA512
995d87c3b3d3544620c565e6dff3519b279f01291d1d4513dbe6509691b0b27a794d00a80d6da58c38fb8ddbc1bd0efd2d2ec28c4f39a214656d4a12351ad8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
3af11f581f58af8608477dfdc26ed861

SHA1
e266f0000161e857fd6c183f8bfd78668e655383

SHA256
c10c84b02fc161b3ecc9c7096dc59bc21df56c8b9bc5e37a7bb0638088dba2a4

SHA512
327977c0e76ec9e24347f6ab61f91d1989252ff8abce533f34e3bc52d0c21dd48348a3e648f99f0f5296de383ec7c8c81e6e92266f8024f851a0508d88dbeab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
30adea79028b7f3e7df1e395b99b44b2

SHA1
d34149cea4906c3125fa4c9c97cd97982080541e

SHA256
426a61713c6caf4a416de3f3472ae9725f982be01f73d8d97b3f1d5b25043e83

SHA512
155522968010fe6d5acf63787a523cd6d444f6dbcebd3683be66930c996bb6990a9ce95d85fc793c1ec04f206c789f773d957f956c8e0221c50bff987a8ac85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
74bb1ee5bd8ae81cbdbab8332369c16b

SHA1
7e4dd960c13afaa3ab021dde51441ade43a51d67

SHA256
0bc537b9794afe23b2c2f353baa01112794214ed7ef367e4144bdee787c6d934

SHA512
3b47e610102f4ab53f430f594b3f591c348efc8ec6ad0f3b035322f006218a0f2a0f4901a28d59a01e018bea7278b259992201a03719375fbfdedd555f7ada6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e5e2.TMP
Filesize
703B

MD5
27921a23cd7ef4805358072f171395f5

SHA1
966529b2750936ea965b987939dd94563d337bc4

SHA256
36a32d5bea6e4c692c9031d4eb230a3d43c297a383056e54c3da86a59137e82f

SHA512
4ae997d94a35cb6bd51c68a2e497b06764fb05ece2e77daf8823db0262696b30e5aab3b6b86fb2794dc7702dac8e576810db4fa55df25db5089f0482a1db64d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir4476_1477900559\Icons\256.png
Filesize
49KB

MD5
91e3549a0e35c2746aea93bc019d5a08

SHA1
2567ee91adf454c3d59cd91178127c39397371d4

SHA256
b62d78e5f4885e97c99656c7d8bd177a5bf61df516ce539b9e09e0050954af2f

SHA512
1f5894501a1073e4982ea544884cbdf9bddeec5744aa182aceed6a573acef5dc2875f9b49577815d77eee5ba81accc490a9cfbab4aba0d0f44192ef0679bd581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
7660b6a317975bbfb017db22f6804741

SHA1
52f262d6ebab82de4fe8f212a6b50f7f0ce3e4af

SHA256
608e77a6b04c66b726f482ca3805c214c28c6e0f34d903f42c213c1d26e5dea3

SHA512
2161eb5a6675e2af6d0c019419ff6af65f5dd6a82bf8e8d6d3a0ef4adea9815b1548cae74e33b3c03c78d435b56bd90342c30b6653595683262b72d495e11ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
aa5557e45ee8e42525ba75c416f2cb6d

SHA1
15414474cc94959a77b10d65cd39ed71b06ea97e

SHA256
120e211fd6df07999261bc9bf977beb6fe7ced39c5c02cefebf999045f1d592d

SHA512
ac3794e2de0d4faf66be7a3afd2ad372c54a0ac56054e540e8e21393d4ee492334ff01ddc1d4d3a1e7b52afaafe80b9bdc9e1b91f6eead5e513cc7d66be32950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c7a1288c948f87ddebd5aaac04dc45fb

SHA1
e51f908e34d3875b59c1119fba1186fdbc80f559

SHA256
07337e51f7e0929cdb130b038de7767b269578cb4e7af8009176d4d95811ec54

SHA512
7902ecade9c581f4ff7eecdcfc29a5d0c65b028bda2f531c80a4129ec6c69b236727e4c2b18a1017356a7eca9e9cd4ccdf5d46ca17b2ded1912c3d3bfae4aff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a7122dd6653263bf07b179bfea858519

SHA1
18a603753a8447198826c17880190507fc090105

SHA256
9d7d7cfc0c6b63deec972eba673f8c72a5c6c21705dc7d701973a4b94f9f3176

SHA512
9699a8c7d273ed840e9721b3a456f17190062d888f25fc50f3fa6191c78201a2cd4bf1e4899bb64572d0f4f8c9ac7cb334e44581d2471400a1f122531aaffeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7844133da4dca7ce66508bf79851b139

SHA1
42e161513ae9090fcb6a52592fd7bb01ed8493e8

SHA256
af65cb744ef301915cc1914c4e9a7c1d75e5cc43d5d697668a810ad056723772

SHA512
9f7b4eb04e3eae4973ea208d323329678b911ff76cf272b46f45d4c3beab28b5b0a950278e61027918f51a921d884877728a6ac5134044c842a5b5ed3aaa7be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fce139c8627ae29e8f74e4462466dcf4

SHA1
91a93ce596677381d9753235a321b99000f771f5

SHA256
00e67aa5b9b0bdd6d3b16a2f914742aa450e967c75fe7b984deed3aaecee33a7

SHA512
daa26ed98025896d89eb642e363f7b9ff69ac1e0e41aa02785d5533a53117c1e80b7adddfcfc03a1aa5a4840a96e795dbbda9da36977a66e73f9fbdb0ed43d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ca0355e185ca764bda15ebd422509527

SHA1
396d065d128e11338c99b4dda8fdc02af3c9fb42

SHA256
c4253e99635743e439bd62b7c4706bcd0ef53002f8931d247b351e6be6bdc328

SHA512
5704f4dea912455a2b72baa2249c75ff2c6025907a2902a7817378f61a089ee6467983a3ba2f5a98593d4f821c6a25f4143b36cd043cfa6426edbc9be4b3f417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cd0a3daf658a311f11f30f3027545f83

SHA1
764e94a05ed990ce39809c9a15f2241acb33a773

SHA256
3a8e45457a742d98df1f1a509b7f89db42e452fb337aef13a32b8a05d67890b5

SHA512
74a83d9d1a674d2416cdc9bcff0aeacb09e479d9dc5457db4f8f4184b0c4b1cd68d7359b770b6819e0b4ba7d1b26c1f31a5a7ba0bbc69af3e3e34f4c71636ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
2445f0588aa97d32b7d93852f566586c

SHA1
27099a4c8b7aee98141d37d76735545e6a70ff39

SHA256
5b9f45e5b5b0371cc21e48f6e2157567b7b329e8a7a25e12889130e2b78647e3

SHA512
7846e1bebab510f0d75607efe605fab42d7b5daa54b6331341913b6c0b2f0689add6ae96386c646a2d38ba65df8f32164ec5e474fbb41800bff465115b86163f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
e51b4f83261ea0a6e7ebfb1346bb9c42

SHA1
8adc73f006081c82e2373c799fe362b734efaa9d

SHA256
ba5a3df3e419419b4dffc353e6efa3050d2f3b711a43a8d839a8211257b651e9

SHA512
b7b6e54ddba6d7e48ce2dab6b7c2686de9947703e29f561f2d5d638058a153f5b320e29a9bbc6bfa4ed1381710c408cea88107bd4cc321bc6d01476b82b28050

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\activity-stream.discovery_stream.json
Filesize
18KB

MD5
31092c178099d0c5f57169782305ca3c

SHA1
be6686942433430c50169ec0f184b8a68fff4d6b

SHA256
807c01ac6512181334bdb1b572c71957fcb381ed25f01749e79e0ff0e90e85d8

SHA512
ab4015e405ba33f7a0fbc4a665d4f8309ef745d3b3e8ffe5f8e5142d938e11486804f5a207c6c2945d972c15013d818da4876aaba57388f9d4045aa621a9f8af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
03e0ffc08391c41ec8a1bb899227da43

SHA1
2066767564e5b67640fc1048fbc628c5aa42092b

SHA256
fd94d2da0765c4e277ccb13fb329acda6380df5a5cbcc2e6ab96448aaa4bf00d

SHA512
5b6057346fb3dfc06e120a3203e9bb3c36cd98bec6239b25624eec084df964ced314ef70455d43a11383b83554cbc086dff98512007f8305fb912204529166ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
378e30c25e19db4d780ee96e6ec69627

SHA1
3f844bbbe40bd1e715ebb3464873c49732b09fe7

SHA256
33e4bd49d69c43733a6321355bbd61efaeac6fc82a0ad68d9330e2d14bde5445

SHA512
c44c1a7a58eb1eaa02def1c5427596b8d131c5c2f31085d1ee0cd1f7029cc9d4ad171596678e2f6dd07fcb124e011c695ee063f5489db5396f64d0761fe49420

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
15KB

MD5
0f4c327bb11224bc46aca2b76cd9805d

SHA1
d0fe38ae218f78a3373006cf6d02c36b18cd8cc9

SHA256
963aeaa4201d477cf1ddbab89e0b8f6fa656cfe0814478c510d0746e3aa6aeeb

SHA512
4d9e52e0f4f6c678ce5c8d249821b4fc1850a198292db4cda72d46fcf273bdfb9e2aa00252867e72b4f8a94f3b8acad86289bf81e10e4cf41be50bbdf86aaf76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\startupCache\scriptCache-child.bin
Filesize
486KB

MD5
182245e2424abb1498c41041be3c7716

SHA1
324e21d1e74adbb55071c9df79892aece754fbeb

SHA256
42ff48fd0bc943147ca7ab52d3b46d1beeef06aaec775c33e302effdda976506

SHA512
f28def2b4ce4b8e5ca627904589717d3d5f9643b90cddcb979475c02d25a97cc30818e0c36184c8d83c3b74624a2e3f0745dddca67a0e7c37314baa86ebfb885

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\startupCache\scriptCache.bin
Filesize
8.9MB

MD5
fda198d14d840f092094e02d3bacdea0

SHA1
d545e3b63d04235041758ad2aca007a3c311a34a

SHA256
0bb11f3864d7507365a988f493540df7919432cc96ce482b2868d6ef3b279893

SHA512
18beb7497fe45fd84f6b149ebdae43d53e39c729424225d48cffe23ce25ac5ce42693118cef96a7ba86223367d91c0e29eeab124f5e5a7b95dd4adadd874af23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
ea38161ee44e2a8533ecc7b1df3ada7a

SHA1
178fa36602ebd5b79e461498310bdc8e981850ec

SHA256
9a231564d62d84234da24a997ca06c6b0b74bb83432f90c5fda4b4d676adb06d

SHA512
01731dc9e946fa0f9e2d13077833d06f0a6beeb82c808144f2dc9732498864c4de5471bd6be09efce4d2a4af5dd1ff3f63cf063dcf992c22a63ce835e03e5bea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\startupCache\webext.sc.lz4
Filesize
107KB

MD5
2ac12afda4798dcd6e7564313da8557e

SHA1
6b0831ef0a91eedc4a4aaddb3de7c80b0532a122

SHA256
c80ab5f4774bfe83658ccc99580a2380678628b703d61615137ee07eae20ff19

SHA512
5cde4c81653549feb5f5821b7d057ea21ed203233a1db15e7dee4162f442ddd60a42008cd679272e7f3cd30f6b18dce6a7a3dcab4a90c595c4b4459b715da26f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
21aa5cd409c26df0f9d85fd262f72f84

SHA1
64c02f42a4b598f8a85c507717f4f644324ae594

SHA256
f92207990cba274f6c7a3b8571ebc51bef3fd11369a8a83849379df39ada3f78

SHA512
84d2b7448dd50f2410ff0b0757e981b0d67e43a6e4b610a20479235f119d5a76b28319ce40df54ed79160bcc34deb6c150ecfd134ba0dd59947e871cfa2fce07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\AlternateServices.bin
Filesize
6KB

MD5
b66d522df528ebf827df544503319d10

SHA1
0170681a2a25b04557c09a4fa3ed3eb922d232b4

SHA256
a937531da6bfc6aaf222a0664271b9990e528b5a61db11a51dcc787e91e2a752

SHA512
66b00bcec4f0a1d10aeaa7edafff3c76f97004d782a9b225cc6a0d8af9cde6657f1745d0342c4d51f78c6ed5229cf1b0c48cd474991feec7563caca304d4b4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\SiteSecurityServiceState.bin
Filesize
858B

MD5
b201d21e79a62d4b2746c0e505d41c41

SHA1
256de44ad838e3ccab09720516fc7a163a516edf

SHA256
3a75a889c45abac1b0ddf3830b56c95ee03bea55a117232896e2a9b59851a6f1

SHA512
7604b8bdc2eb1f4ae3328b1001f307cdf027d74fe60491f04a7ad1ed2a8f066b7a698007275e6d7c693dfcbaaec62ab622051fea44c98762ad21e19c9991fe81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.bin
Filesize
17KB

MD5
b7f7138027c970e1313585097de07f55

SHA1
b22af275fbec002f76645c8d9c95106b5cb9efd1

SHA256
21c841249f551bf6c20bbcaac222bd619b7e2fd6dc8a64ea6741a2ee2689f6cb

SHA512
fbcb31e938f25955d4d5e251d96c05bb75f8b0c36d70b0b361dfacbe3b06bf25a6d2dc6be8f6d833a6c4ca11d2ce39c078b86c62bf26ec8f052ba619c9859d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
4a30d2ffc1a9fe5e1150ede27ce16ec1

SHA1
699c5a6362b7295ffca66dd9af6b973db4453cfa

SHA256
0f368c4ffd9cb75ee1b38bcebec3c3a7d52263375554d8c6b2dd38cbebdc174b

SHA512
d432d6c52498996b5b89bd366d80a92d4f4b7904cad8afd6ada77a8bd6f6201656d01883663f1d774bf569d1cc1995fef00461f2a2c20cd42526db150eedde3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp
Filesize
17KB

MD5
3fd087fbb5aa8c146ec0b27a42849c73

SHA1
6e6623cdd364cc281f9535c1f86fe3db0b598fbf

SHA256
d1c883cacfc5677adda572705b0056eb188b94c8659478e15891a77666a3a5b6

SHA512
f94138f0d6a8932f7ad0eb3836dc141a4edc16f2d4f24d326bb37ea7984c1b4c10d17fc003b0da5aefd8431a05aa8f5bfa54943f85731501242af16fc856b3f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp
Filesize
17KB

MD5
b8663369c34f043d353b021b78b74925

SHA1
3c7bd1f57852443c14a76acfbb0bcde269327462

SHA256
24b46a588c5c1c60d0818f0b8fa99ab0a9663d4d3232d881d1cebca76be5e6bb

SHA512
68e0f5fc4a149575a2f4ebf14a5933c3c9f2c52b35af069a9786470043908b05fcb0644d1c2388b195a278d9a89a46b9973233d782025183e342920f755ed531

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp
Filesize
6KB

MD5
c76290ea3a734b6e435aec8f03138822

SHA1
0a4f7f119a8baf6514012281cd2c2c8294a9edef

SHA256
313eed311e72d1e29fa72a7993b39b06a99d98e5fe5c61b9203829bea846eb5c

SHA512
74da3e7764dade8391097c7307752da09bf7c99ab2da1cd31ac8a19921feaf99ee6bd0edf52e578297a42b02eeb3ca7775443b335648b66879decc8750be8f1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\events\events
Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\1ee20c80-1d5a-4685-829e-e791413c6298
Filesize
982B

MD5
041d76dd7a786c5ebcdcbb9f07962c5f

SHA1
dfaf70de1925c05ceede153d276c8fea055541a0

SHA256
c38311713458916683714a67f092b073b118a32fedbf8c389c6350be63551f53

SHA512
94c18163015c0c2dd05b4485cf1f6e574dbe4a62c4e044bfb8f6df0a43620a1a783c5c4e96e437d8743431ffa2b6e02851a5c23b124698f82f313961f02676c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\58d87bf2-0122-4796-a8b2-ca29529e0450
Filesize
671B

MD5
105e2f2d63290469f8c13bb5d559b8c9

SHA1
c3df9a7945e9e86275c637657ff188cb28e4f33e

SHA256
bed39a0d33e70c3f11bef4fbc27eacac6676e96782bcbe34ada0045513095d78

SHA512
46c842c8b6d4294c786513ce004e4ef3506dc93e626967f092eacc13827d9863292a5cdee0b921791a5a36a54c87c3729f509bdea509f9420ee42e39b4e863e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\c1eab4ec-7e8b-451b-b400-3946731537d9
Filesize
905B

MD5
13aa9a2e6c4b2c98fa30f16caaf26486

SHA1
268610d79066ba890ebaaa8b3bfa1b77c62cf346

SHA256
aa75a3877a0264ba42363f4433314f493516fa73883e52f96e825b794c1f9ed3

SHA512
fee0b670bbc2c2295c95bdb9c69d3c8ffb8eebd8cf424f245a4ba94e21b17a097de902c05f118a16f17e84ddd4ed1bf81c4f09dd15395245edecaf85e49c4b4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\cd0c724b-7d8a-4ab9-a6a1-839412e42bba
Filesize
25KB

MD5
07d2192d069d63981cafbe1d5356cfe1

SHA1
dd76bd160d43f0a61192c2c7ac036609c2f74584

SHA256
2c7f6d9dd2c5620d463757d358ccded86ffb704ab68902028823c3f8cd94bcd4

SHA512
99b7da494ad4485bc091120388cd51d2c678ad6befec42ff049d61217a0637c529a7abf42523ccbe71be1edec055dfc7f445b795ad5154f3f2bf73eea7d604d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\d7fe2e4b-a83b-414e-8077-5ce41d150baf
Filesize
659B

MD5
89dc2da034f9d87ae7026a1b60fb4e39

SHA1
2cbfd73bd26d9b4e1d4b6914d169bcdb7fbc4235

SHA256
55b37a15d41112d2904c44062e316f4842b9a94b02ec9d136d731d358be14420

SHA512
aad2f4343959c5696c957f4e49a18ea4c4a59d1168c0ddf19956ce606527ed072d722c70ecf809fca3b43a18368a6af8aeb986c1bfdfc0b7459aee67dda9b3e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\places.sqlite
Filesize
5.0MB

MD5
82842535bf5d5e5f882a9d7524cdbb29

SHA1
0696e9788a43bb180487885dd44b4fed374f7000

SHA256
43fc0ce2b9b250113ffb0a1fe0007b1165b0d5afac8c79856ba602748eb633ba

SHA512
25f45cd59eae572289b4035b11390d40c4669a109a4e4bea497e55bc03de8cd8cd02d0ee36136eff96724255386b028d34d1ef5b34cb4546529ad47b180ea442

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js
Filesize
10KB

MD5
2cd8459e7762f39e0ea33a3cb6cd2615

SHA1
0fb4fe9db6a82e634d6180ec547d6dc56d4d1e83

SHA256
5990ba42db01f649164b4e79beee752a3dec15ee01035800b75f85f9cc75537a

SHA512
0187ed7890dbd27e8e63a25c6c935d66876358050481804b3c33d56482137bdc57de0f701ef67fa562318d38a9ea2d91ba693795d337c5f21b18476ce8ff991e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js
Filesize
10KB

MD5
58f1724107b01fb1a7c85090aad2052f

SHA1
4000c7b5779d4c413ef4afc0f99472fae27f5d35

SHA256
5f2b784ade6523f478b06fcd4b08d01f51cceb7aca122dee8b1f3babf6be17e5

SHA512
e924f950c5329fcc18b0106c816b3b1ca8bdebfca77e4e32aadfc8dc60ee9e0e4e1b6627e5adae4dce38b725c6fbb2cb291952d856f79c296dcc2f57f88fadbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs.js
Filesize
8KB

MD5
3c2e22812abd7ae7ce3b71d67b843e4d

SHA1
083abe4785efc3f9e5e2773705f84d1a1127f87b

SHA256
a756b58a4047c73dc92eaaaa4aa949f5c57409b2cd9425c4d3fa51f6d91f2fd0

SHA512
140022d3dd268d07fcc51176d04bd548ee82db82794c410a65c00680b9b9bb6182d5ec926ac824160ac09728ee2dddb189df0338b368ff1ed82d065b4b9fbeb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs.js
Filesize
10KB

MD5
3acf0e09ff6ed93018a3f50e41fc8863

SHA1
8411c3dbcf469ccd344e93a5c600b677769f0e76

SHA256
678866eb552c9cd786f4e213f6b25d9293842d319ad71432218d9e4506b3c981

SHA512
49aff2f213345a254b1bdaad2f160cbc735526cc21beee332cac62c44b694a907aa697891e2abac730ea9e512e2410073aa04c291f2326b7b102ed0baa8dcc63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\protections.sqlite
Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionCheckpoints.json
Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionCheckpoints.json
Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
07f30e13236f6dbd891d2fda405f207c

SHA1
a7e6303d6da845f616eb5b233c3cfb8f13b0ac1e

SHA256
0bfa2e78b0e6b5d5f5b0baa3d017ad17b461b095f699bcd7d87ea1d04b4c6367

SHA512
28c7340351b4b421c77f71d0a8d7eeecf32d9ed98a29723aee7744a86253d2676894c33216c14e00caf49d1b7ee0859158b72c1a898d7351b679f3afe2744ede

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
eacf857a107a83c6a7af17566ab3d6e1

SHA1
e88ae2551a6d0671ef319f6a6a293a8130be8d3e

SHA256
17033bc894ab08fcaa26d847e7553e508725b41801c2458a89bc229220d8d5ae

SHA512
972b62d471e55094b6490d8fd829d926688c340e5c69b8a8a24a047f7e136699b691703bb721ced913a4511dff5c04e9fba25d0a6cdb970d45ab16fadf781263

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\xulstore.json
Filesize
217B

MD5
4cbdfc4880bec82d84bce21747789706

SHA1
e11d96dba2f23684d3c47e915103fde230293a23

SHA256
09df9aeebf64843204519e11c0c2d42816576965866bac84aa1b0cb58945a910

SHA512
21ba56a3558b1f2e6dc2c2e6f7589d3d2d8371c924e066da961eed61b8423f520c5d1eb0aec3a00fb0032fa398d3cd3051d2f27976fbe5dc2a18777d8c71b456

Download Submit
C:\Users\Admin\Downloads\HappyMod-3-1-1.apk
Filesize
17.3MB

MD5
2374b9b56e0eaac81fafa5a2eb219bdf

SHA1
1af4b5f9b22268019b3f09214926b472fa188b25

SHA256
bf4fb5b1a0f6dd65499e4b5e2fff102d4958d235f0ef79d21d4a0d271ebf2e47

SHA512
3e037c437a38742dcf6f54478ed200ff149ad5dd57dafd11f87b98bcfd2cc93744adb3566e1eb498d7b1e77da56fd6b159b839ca3bd8432faf1d3010cd894af2

Download Submit
C:\Users\Admin\Downloads\com-mod-roblox-mod-apk-menu-god-mode-jump-fly-teleport-map-hack-2-634-417-1650.apk:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_4476_OYEOUHFBWBCOBOOQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit